let s use ed25519 with gnupg 2 1 and gnuk token
play

Let's use Ed25519 with GnuPG 2.1 and Gnuk Token! Niibe Yutaka One - PowerPoint PPT Presentation

Dec 25, 2023 •265 likes •433 views

Let's use Ed25519 with GnuPG 2.1 and Gnuk Token! Niibe Yutaka One of New Features in GnuPG 2.1 ECC: Elliptic Curve Cryptography New algorithm for public key crypto Benefit Smaller key size for equivalent strength NOTE:

  1. Let's use Ed25519 with GnuPG 2.1 and Gnuk Token! Niibe Yutaka

  2. One of New Features in GnuPG 2.1 • ECC: Elliptic Curve Cryptography • New algorithm for public key crypto • Benefit • Smaller key size for equivalent strength • NOTE: It's not Post-quantum crypto • It can be broken by Shor's algorithm

  3. ECC supported by GnuPG 2.1 • "Classic" ECC • Defined by some standard organizations • "Modern" ECC • https://safecurves.cr.yp.to/

  4. "Classic" ECC in GnuPG 2.1 • NIST Curves P-256, P-384, P-521 • Brainpool P-256, P-384, P-512 • secp256k1 Satoshi's Choice • Feature • Too difficult to implement correctly • Backdoor? Who knows?

  5. "Modern" ECC in GnuPG 2.1 • GnuPG 2.1 supports: • Ed25519 for digital signature • X25519 for encryption/decryption

  6. Let's start using Ed25519! • ksp-dc17.txt: 4 / 142 • We know migration will take time • When should we... ? • Why not try something GNU today?

  7. Need some reason? • Gnuk supports Ed25519/X25519 • It's faster than RSA • 0.1sec for signature • 0.2sec for decryption • Much safer against SCA • OpenSSH supports Ed25519 auth

  8. Gnuk BoF • Gnuk is the USB security token implementation • 10AM on Friday at Woody

  9. Issues • Not yet standardized • draft-ietf-openpgp-rfc4880bis-02 • SKS 1.1.6 supports Ed25519/X25519 keys • subset.pool.sks-keyservers.net • Other keyservers don't support ECC keys yet • wotsap does not yet support ECC keys • alioth doesn't allow Ed25519 keys for SSH

  10. HOWTO • preparation • key generation • addkey

  11. HOWTO: preparation $ mkdir tmp/new-gpg-ecc $ export GNUPGHOME=tmp/new-gpg-ecc $ chmod og-rx $GNUPGHOME $ gpg --version

  12. HOWTO: key generation $ gpg --expert --full-gen-key Select '9' for "ECC and ECC". Select '1' for 'Curve25519' to use Ed25519/X25519.

  13. HOWTO: addkey $ gpg --expert --edit-key chuji [...] gpg> addkey Select '11' for adding "Authentication" subkey for SSH. Toggle capability to "Authenticate" only: a->s->q Select '1' for 'Curve25519' to use Ed25519/X25519. Type 'save' to save new subkey.

  14. HOWTO: send-keys Don't forget to add --keyserver subset.pool.sks-keyservers.net

  15. Questions? Q1: A1:

  16. Questions? Q1: Can I ask putting my Ed25519/X25519 key to debian-keyring? A1:

Recommend

GNUK TOKEN AND GNUPG GNUK TOKEN AND GNUPG SCDAEMON SCDAEMON minimizing the attack surface

GNUK TOKEN AND GNUPG GNUK TOKEN AND GNUPG SCDAEMON SCDAEMON minimizing the attack surface

GNUK TOKEN AND GNUPG GNUK TOKEN AND GNUPG SCDAEMON SCDAEMON minimizing the attack surface NIIBE Yutaka <gniibe@fsij.org> FOSDEM 2018 This is a talk of my experience to have better control (by its user) of computing for privacy

610 views • 37 slides
FSIJ USB Token for GnuPG Niibe Yutaka <gniibe@fsij.org> 2009-10-21 Japan Linux Symposium

FSIJ USB Token for GnuPG Niibe Yutaka <gniibe@fsij.org> 2009-10-21 Japan Linux Symposium

FSIJ USB Token for GnuPG Niibe Yutaka <gniibe@fsij.org> 2009-10-21 Japan Linux Symposium Contents Who am I? GNU Privacy Guard FSIJ USB Token PCB design V-USB (AVR-USB) CCID/ICCD Protocol OpenPGP Protocol RSA

991 views • 26 slides
FST-01SZ (Flying Stone Tiny 01 revision ShenZhen) free hardware design for Gnuk Token Niibe

FST-01SZ (Flying Stone Tiny 01 revision ShenZhen) free hardware design for Gnuk Token Niibe

FST-01SZ (Flying Stone Tiny 01 revision ShenZhen) free hardware design for Gnuk Token Niibe Yutaka gniibe@fsij.org 2019-02-03 1/30 FST-01SZ (board+shell) is ready now! 2/30 FST-01SZ (board+shell) and case 3/30 Acknowledgment Special

1.27k views • 34 slides
GnuPG 2.1 Explained for Everyone Niibe {Yutaka, Hitoe, Hiroshi, Ayumi} John Paul Adrian Glaubitz

GnuPG 2.1 Explained for Everyone Niibe {Yutaka, Hitoe, Hiroshi, Ayumi} John Paul Adrian Glaubitz

GnuPG 2.1 Explained for Everyone Niibe {Yutaka, Hitoe, Hiroshi, Ayumi} John Paul Adrian Glaubitz Contents GPG 2.1 is not beta software Everyone relies on GnuPG Debian and GnuPG 3 GPG Branches What's New in 2.1?

733 views • 25 slides
Modern ECC signatures Many papers have explored Curve25519/Ed25519 speed. 2011

Modern ECC signatures Many papers have explored Curve25519/Ed25519 speed. 2011

1 2 Modern ECC signatures Many papers have explored Curve25519/Ed25519 speed. 2011 BernsteinDuifLange SchwabeYang: e.g. 2015 Chou software: Ed25519 signature scheme = on Intel Sandy Bridge (2011), EdDSA using conservative

2.15k views • 125 slides
HOTNOW HOT Token HOTNOW l TOKEN SALE THE FIRST UTILITY TOKEN WITH REAL INTRINSIC VALUE REINVENT

HOTNOW HOT Token HOTNOW l TOKEN SALE THE FIRST UTILITY TOKEN WITH REAL INTRINSIC VALUE REINVENT

HOTNOW HOT Token HOTNOW l TOKEN SALE THE FIRST UTILITY TOKEN WITH REAL INTRINSIC VALUE REINVENT DIGITAL MARKETING BY ENABLING THE FIRST GAMIFIED ONLINE-TO-OFFLINE ECONOMY FOR EMERGING ASIA PURPOSE Make Digital Marketing Accessible For All

374 views • 14 slides
PIV Token Issuance PIV Token Issuance Ketan Mehta Mehta_Ketan@bah.com October 6, 2004 1

PIV Token Issuance PIV Token Issuance Ketan Mehta Mehta_Ketan@bah.com October 6, 2004 1

PIV Token Issuance PIV Token Issuance Ketan Mehta Mehta_Ketan@bah.com October 6, 2004 1 Agenda Agenda Definition and Purpose Issuance Process Token Issuance Authority Requirements Token Personalization Requirements

324 views • 13 slides
Kidnapping's Cesar Cerrudo Revenge Argeniss Token Token Who am I? Who am I? Argeniss

Kidnapping's Cesar Cerrudo Revenge Argeniss Token Token Who am I? Who am I? Argeniss

Kidnapping's Cesar Cerrudo Revenge Argeniss Token Token Who am I? Who am I? Argeniss Founder and CEO A i F d d CEO I have been working on security for + 8 years I have found and helped to fix hundreds of

335 views • 16 slides
Token Ring Developed by IBM, adopted by IEEE as 802.5 standard Token rings latter

Token Ring Developed by IBM, adopted by IEEE as 802.5 standard Token rings latter

Token Ring Developed by IBM, adopted by IEEE as 802.5 standard Token rings latter extended to FDDI (Fiber Distributed Data Interface) and 802.17 (Resilient Packet Ring) standards Nodes connected in a ring Data always flows in

809 views • 16 slides
BIP32-Ed25519 Dmitry Khovratovich Jason Law University of Luxembourg Evernym, Inc. April 30th,

BIP32-Ed25519 Dmitry Khovratovich Jason Law University of Luxembourg Evernym, Inc. April 30th,

BIP32-Ed25519 Dmitry Khovratovich Jason Law University of Luxembourg Evernym, Inc. April 30th, 2017 Story of BIP32 Bitcoin wallet: Need of multiple addresses to minimize privacy leakage, every address is used just once; Single secret

633 views • 16 slides
Hardening PGP using GnuPG and Yubikey hybrid multifactor authentication and cryptography John

Hardening PGP using GnuPG and Yubikey hybrid multifactor authentication and cryptography John

Hardening PGP using GnuPG and Yubikey hybrid multifactor authentication and cryptography John Roman Linux System Administrator RAND Corporation SCALE 2017 Roman, John PGP PGP 101 public/private keyrings Roman, John PGP PGP 101

471 views • 43 slides
Hardening PGP using GnuPG and Yubikey hybrid multifactor authentication and cryptography John

Hardening PGP using GnuPG and Yubikey hybrid multifactor authentication and cryptography John

Hardening PGP using GnuPG and Yubikey hybrid multifactor authentication and cryptography John Roman Linux System Administrator RAND Corporation SCALE 2017 Roman, John PGP PGP 101 public/private keyrings Roman, John PGP PGP 101

690 views • 42 slides
EdDSA signatures and Ed25519 Peter Schwabe Joint work with Daniel J. Bernstein, Niels Duif,

EdDSA signatures and Ed25519 Peter Schwabe Joint work with Daniel J. Bernstein, Niels Duif,

EdDSA signatures and Ed25519 Peter Schwabe Joint work with Daniel J. Bernstein, Niels Duif, Tanja Lange, and Bo-Yin Yang March 20, 2012 CARAMEL seminar, INRIA Nancy A few words about Taiwan and Academia Sinica Taiwan ( ) is an

1.16k views • 90 slides
Token to Words Expanding identified token to words numbers+type = word list

Token to Words Expanding identified token to words numbers+type = word list

Token to Words Expanding identified token to words numbers+type = word list homographs+type = words symbols broken down and pronounced unknown words: as word or letter sequence 11-752, LTI, Carnegie Mellon (define (token_to_words

836 views • 48 slides
Co-Founder, Managing Partner, SPiCE VC - Security Token Pioneers @AmiBenDavid 1 st Fully

Co-Founder, Managing Partner, SPiCE VC - Security Token Pioneers @AmiBenDavid 1 st Fully

P R E S E N T A T I O N B Y A M I B E N D A V I D Co-Founder, Managing Partner, SPiCE VC - Security Token Pioneers @AmiBenDavid 1 st Fully tokenized VC fund 4 th ever Security Token 1 st Regulation-enforcing Token (DS Protocol) Focused on

488 views • 21 slides
Lecture 19: Dictionaries Counting Words Creating token from a text file: 1 def file to

Lecture 19: Dictionaries Counting Words Creating token from a text file: 1 def file to

Lecture 19: Dictionaries Counting Words Creating token from a text file: 1 def file to tokens(filename): 2 with open (filename) as fin: 3 return fin.read().split() Create token counts for each unique token: 1 def wc list(tokens): 2 uniq =

259 views • 7 slides
Security model for hybrid token-based networking models By Rudy Borgstede Contents

Security model for hybrid token-based networking models By Rudy Borgstede Contents

Security model for hybrid token-based networking models By Rudy Borgstede Contents Project Background Complex Resource Provisioning and Token-Based Networking Token Validation Service, the Java Aaauthreach project

504 views • 21 slides
Self-Stabilizing Token Distribution with Constant-Space for Trees Yuichi Sudo 1 , Ajoy K. Datta 2

Self-Stabilizing Token Distribution with Constant-Space for Trees Yuichi Sudo 1 , Ajoy K. Datta 2

OPODIS 2018 Self-Stabilizing Token Distribution with Constant-Space for Trees Yuichi Sudo 1 , Ajoy K. Datta 2 , Lawrence L. Larmore 2 , Toshimitsu Masuzawa 1 , 1. Osaka University, Japan 2. The University of Nevada, Las Vegas, USA Token

436 views • 18 slides
17.10.2019 What is EXW 01 The company Store. Who is EXW 02 The founders Share. EXW-token

17.10.2019 What is EXW 01 The company Store. Who is EXW 02 The founders Share. EXW-token

Store. Share. Grow. 17.10.2019 What is EXW 01 The company Store. Who is EXW 02 The founders Share. EXW-token 03 ERC-20 Eco-system Grow. 04 The foundation of the token Real Estate Cloud 05 New economy COMPANY NAME What is

468 views • 30 slides
Compilers Recursive Descent Algorithm Alex Aiken RD Algorithm Let TOKEN be the type of

Compilers Recursive Descent Algorithm Alex Aiken RD Algorithm Let TOKEN be the type of

Compilers Recursive Descent Algorithm Alex Aiken RD Algorithm Let TOKEN be the type of tokens Special tokens INT, OPEN, CLOSE, PLUS, TIMES Let the global next point to the next input token Alex Aiken RD Algorithm Define boolean

87 views • 8 slides
TREE = TOKEN The Frontier of Impact Finance T TREE T TREE Token = oken = 1 The Frontier

TREE = TOKEN The Frontier of Impact Finance T TREE T TREE Token = oken = 1 The Frontier

TREE = TOKEN The Frontier of Impact Finance T TREE T TREE Token = oken = 1 The Frontier of Impact Finance THE FRONTIER OF IMPACT FINANCE TREE Token is an investment platform for impact finance projects. On this platform, qualified

874 views • 30 slides
GSAKMP Policy Token Spec Draft-ietf-msec-tokenspec-sec-00.txt Presented by Hugh Harney SPARTA,

GSAKMP Policy Token Spec Draft-ietf-msec-tokenspec-sec-00.txt Presented by Hugh Harney SPARTA,

GSAKMP Policy Token Spec Draft-ietf-msec-tokenspec-sec-00.txt Presented by Hugh Harney SPARTA, Inc. (410) 872-1515 x203 hh@sparta.com Agenda GSAKMP Roles GSAKMP Policy Token Dissemination GSAKMP Token Spec. GSAKMP Roles GO

321 views • 10 slides
Recursive-Descent Parsing First, a digression on lexing Lets assume the get-token function

Recursive-Descent Parsing First, a digression on lexing Lets assume the get-token function

Recursive-Descent Parsing First, a digression on lexing Lets assume the get-token function will give me the next token (define lex (lexer ; skip spaces: [#\space (lex input-port)] ; skip newline: [#\newline (lex input-port)] [#\+

1.52k views • 77 slides
What Every Computational Linguist Should Know About Type-Token Distributions and Zipfs Law

What Every Computational Linguist Should Know About Type-Token Distributions and Zipfs Law

What Every Computational Linguist Should Know About Type-Token Distributions and Zipfs Law Tutorial 1, 7 May 2018 Stefan Evert FAU Erlangen-Nrnberg http://zipfr.r-forge.r-project.org/lrec2018.html Licensed under CC-by-sa version 3.0

1.93k views • 182 slides

More recommend