# Goals of this talk * Why is cryptography important? * How does cryptography work, conceptually? * How do I use cryptography, specifically? * What should I do next? ![cat](Anca.jpg) --- * Why would anyone attack **you**? * you, your data, or your computing resources might be valuable * you might be a stepping stone to another target, such as your employer * you might be an easy target ![cat](Bancho.jpg) --- * An attacker may want to... * **impersonate** you to someone else, or someone else to you * **falsify** a file you need or provide, such as a software download * **eavesdrop** your communications to steal sensitive information ![cat](Sphynx.jpg) --- * An attacker may be... * a government: US, UK, Russia, China, etc * law enforcement or espionage, in any country * a large private organisation * a criminal organisation * a minor criminal * someone with too much time and a twisted sense of humour * someone you know who doesn't like you * in all cases, the attack may be illegal, but might not be ![cat](Lizard.jpg) --- # Defences * cryptography, especially widespread use (HTTPS is almost everywhere!) * tools, training, infosec, opsec, good habits * compare with driving: errands vs F1 * a sufficiently motivated or well-funded attacker will eventually win ![cat](Chat.jpg) --- # Everyday uses of cryptography * email: sign as much as possible, encrypt at least sensitive * git: signed tags for releases, maybe sign (some) commits * software releases: sign downloadable files (.tar.gz, etc) * amaze people at parties, be an international celebrity ![cat](Down.jpg) --- # Cryptography concepts * Symmetric: one key * Asymmetric: two linked keys ![cat](June.jpg) --- # History * 1977: first public invention of public key cryptography * 1991: PGP or Pretty Good Privacy, first popular, freely usable implementation of public key cryptography * 1990s: US crypto export restrictions; massive innovation boom * 1995: SSH, SSL * late 90s: crypto wars * 2000s, 2010s: crypto gets widely used and entrenched * 2020s: second crypto wars --- # Crypto tooling * SSH, HTTPS are used everywhere * use for connections, transfers: "data in transit" * PGP went proprietary, GnuPG (gpg) is a free replacement * use for messages, files, signatures: "data at rest" * OpenPGP standard, GnuPG most popular implementation * versions exist for all popular computer operating systems ![cat](Box.jpg) --- # Demos * generate a key * sign a key, share signed key with its owner * encrypt and sign a message * decrypt a message, check its signature --- # Now what? * Make a key, start using it, get it signed by co-workers * Link: [GitHub's guide](https://help.github.com/en/github/authenticating-to-github/generating-a-new-gpg-key) * Link: [Lars's old guide](https://blog.liw.fi/posts/2017/05/29/using_a_yubikey_4_for_ensafening_one_s_encryption/) * Ask for help or hands-on training if you need it * This talk (source): --- # Legalese Copyright 2020 Wikimedia Foundation This content is licensed under the Creative Commons Attribution-ShareAlike 4.0 International ([CC BY-SA 4.0][]) licence. [CC BY-SA 4.0]: https://creativecommons.org/licenses/by-sa/4.0/ Pictures from Wikimedia Commons: * [June_odd-eyed-cat_cropped.jpg](https://commons.wikimedia.org/wiki/File:June_odd-eyed-cat_cropped.jpg) * [Cat_into_the_box.jpg](https://commons.wikimedia.org/wiki/File:Cat_into_the_box.jpg) * [Banho_de_Sol_(2422073851).jpg](https://commons.wikimedia.org/wiki/File:Banho_de_Sol_(2422073851).jpg) * [Anca_the_Weasel_(26984433186).jpg](https://commons.wikimedia.org/wiki/File:Anca_the_Weasel_(26984433186).jpg) * [Cats_lying_down;_March_2016_(01).jpg](https://commons.wikimedia.org/wiki/File:Cats_lying_down;_March_2016_(01).jpg) * [Chat_import_1.jpg](https://commons.wikimedia.org/wiki/File:Chat_import_1.jpg) * [Cat_playing_with_a_lizard.jpg](https://commons.wikimedia.org/wiki/File:Cat_playing_with_a_lizard.jpg) * [1_adult_cat_Sphynx._img_047.jpg](https://commons.wikimedia.org/wiki/File:1_adult_cat_Sphynx._img_047.jpg) --- title: "Basics of cryptography" subtitle: "OpenPGP and GnuPG" author: "Lars Wirzenius / Wikimedia Foundation" date: "Version 2.0 for 2020-04-29" ...