Tag Archives: RSA

Links – Application of Elliptic Curve Crypto

With the NSA/CSS’s support of RSA dwindling, they’ve adopted the public key ECC method with open arms with their Suite B. This is in part due to the fact that small sized RSA keys have been cracked to some degree and that the associated contracts with the NSA have ended (keys over 1,024 bits are still safe at the time this post was created). This post will give some information on ECC’s adoption and cellular cryptography.

Since I just started using secure voice apps on my Android, I thought I’d provide you with a list reference material regarding ECC’s increased usage in every day technology. Feel free to check out the solutions mentioned below as well (I do not endorse any of them; find a solution that works best for you and your needs).

We now find ECC used in nearly every aspect of secure computing from chat servers to cell phone voice encryption. And yet ECC’s primary goal is to utilize PKCS by providing a secure means of authentication and digital signature management as opposed to whole document encryption. The algorithm is best utilized in actual data streams flowing from one network to another in conjunction with other well established algorithms to encrypt the contents themselves.

Secure SIP providers around the globe have started producing secure VoIP tools that use ZRTP to transport data using key encryption and SRTP to actively encrypt that data. This is a really good way of thwarting cellular eavesdropping.

For example, VoIP provider S.M.A.R.T.S. Technology designed HushCrypt on Android to encrypt voice calls handset-to-handset using AES-256 based on the ZRTP utilizing the ECDH-38 elliptic curve. Their competition, RedPhone by Whisper Systems, uses ZRTP and its encrypting component, SRTP. Experiment with them as you see fit and determine which is best for you.

Similarly, my favorite secure texting app on Android (also provided by Whisper Systems), is TextSecure, as it relies on ECC in transit and AES-128. Keys are generated on a session-to-session basis and remain “alive” until either party cancels the session (this is complaint with NSA Suite B, for more information see the related link below).

Pretty heavy encryption, huh? But as Henry Kissinger once said, “Just because you’re paranoid don’t mean they’re not after you.” And in this world of increased threats: a little security goes a long way.

ECC & Cellular Crypto Resources

If you’re interested in learning more about the encryption standards used in commonly accepted technologies, please feel free to visit the links below (think I missed a cool link? feel free to share and I’ll pop it up on the list).

Also feel free to check out the WordPress recommended links throughout the post as I’ve approved some good Wikipedia entries!

NSA Suite B on the combined use of AES, ECC and SHA Hashes  (includes Whitepapers for interested Math majors)
ECC to replace RSA,” Blogspot’s In God I Trust blog
The Case for Elliptic Curve Cryptography,” NSA/CSS Homepage.
HushCrypt Secure Phone on Google Play Android Store
Whisper Systems Security Products
WhisperSystems/TextSecure Wiki on the Protocols Used
WhisperSystems/RedPhone Wiki on the Protocols Used
Voice Encryption Basics on Wikipedia
SRTP Protocol Whitepaper
NSA Watch,” Schneier, Bruce.  September 30, 2005. Schneier on Security blog. *

* Note: If you aren’t subscribed to his blog, read his articles or read his books (and you’re interested in computer security), you don’t know what you’re missing. This Schneier blog post has everything you need to know about ECC including links to some great resources that go well beyond this shallow post. Bruce Schneier is a name you can trust.

Related Posts

I mentioned using PK and ECC in my blog posts entitled “Encrypted Messaging Using OpenPGP and Psi,” “DNS Threats and Security Solutions,” and “Links – PGP Security.”

Encrypted Messaging using OpenPGP and Psi

The simplest way to enable encrypted chat messaging with services like Google Talk, AIM, Yahoo, IRC and other messengers/protocols is to use a GNU Privacy Guard enabled-Jabber client. If you’ve never set one up before, you’ll want to follow these directions. I’ve included the configuration I prefer for Windows though my Linux setup was nearly identical.

In Windows I prefer using Gpg4win as it’s extremely easy to use and light weight. So go ahead and pick up a copy of the Windows binaries here: http://gpg4win.org/ — optionally, if you’re interested in another GnuPG you can pick one up over at http://www.gnupg.org (please keep in mind that the Miranda IM client works poorly with gpg2 packaged with Gpg4win which is why Psi is the easier alternative).

Kleopatra makes creating OpenPGP keypairs a quick and painless process. So from within the key manager create the key you’ll use with Psi. Kleo supports RSA & DSA though I prefer RSA keys 2,048 bits and larger (keeping in mind that the larger the key the longer it’ll take to encrypt and decrypt messages though with a modern system you’re not likely to notice; a larger key is obviously more secure). Export the certificate (your public key) to a location of your choice, it’ll use ASCII armor by default.

Now that you have a public key to use with a XMPP client, again, I use Psi because it’s extremely light weight and known to work well with every type of OpenPGP program out there. To download Psi visit go here: http://psi-im.org/

While you could make your own XMPP server in the future, we’ll use a pre-existing server in this article (the main reason is that it happens to have gateways to other popular chat servers).

JaIM has an amazing server which happens to be an excellent AIM Gateway. It also features a number of transports such as: AIM, Yahoo, IRC, ICQ and MSN. JaIM also features XMPP server acces (Google Talk/Misc. Jabber) in addition to its own chatrooms, SOCKS5 Bytestreams, and Prosody Lua-based servers.

JaIM Public XMPP Server

To use JaIM, be sure to check Register as JaIM supports in-client registration. Enter jaim.at as a server, turn off log message history if you want, under Details you’ll see an area for OpenPGP. Find and select your key. Under Connection enable compression, keep alive, any proxy or proxy chain information you may have, enable probe legacy SSL port, allow plaintext authentication over encrypted connections only and set encrypt connection to Always.

Upon connecting it’ll ask you for a username and password to create. Once you connect to a server you can enable encryption by clicking on the gray unlocked logo. It’ll ask for your secret passphrase, upon entering it successfully you’ll see a yellow lock logo appear next to the server of your choice.

You can find commonly used Transports (such as AIM or MSN) by clicking on the Psi Greek symbol and checking the Service Directory on the JaIM.at server. You’ll be required to set your username and password and any account profile details you desire. Some Transports work better than others. If you’re an AIM and Google Talk user, for example, you’ll find this setup to your liking. Psi will automatically import your contacts from each of the Transports you choose.

Messages you send will usually be unencrypted by default unless you choose otherwise. On the top of the message box toward the right hand side of the window you’ll see a gray lock. To enable encryption, please select the lock logo. Note that you’ll need to import other user’s public keys in order to send them messages they can decrypt (obvious but I thought it was worth noting).

Google Talk

You can either use the XMPP option using JaIM’s server (a bit out of the way for my tastes) or you can simply connect to Google Talk’s server directly. To connect directly in addition to using JaIM for your other accounts (or instead of using JaIM), go to Account Setup and add an entry for talk.google.com under Jabber ID it should read:

your.username@gmail.com

Google mistakenly doesn’t mention entering your password in the Account Setup field. If you have 2-step verification enabled on your Google account, you’ll want to enter your one time application specific password here. If you use Google with a regular password, feel free to enter that here as well so it doesn’t ask you your password every time you connect to Google Talk.

Assigning PGP Keys to Others

Simply right click on a person’s name and select Assign OpenPGP Key and enter their key accordingly.

Using the setup above you’ll be able to use Psi to video, voice and text chat with encryption enabled.