One of the most interesting and useful aspects of the YubiKey NEO and NEO-n is that they can act as a smart card and come pre-loaded with a bunch of interesting applications, such as an implementation of OpenPGP Card.
Many end-users like this functionality, but some question the key lengths. It’s an expected cryptographic question and is worth examining in some detail. I will walk you through it with a series of three blogs I will publish this week. Today is the first installment.
OpenPGP is a standard that allows users to encrypt, decrypt, sign and authenticate data. It is an open standardized variant of PGP, available as a FOSS implementation in the formGNU Privacy Guard (GPG). Its most notable uses are for email encryption and authentication. Independent of the actual implementation, OpenPGP (and PGP) supports both symmetric and asymmetric cryptography. Today we will focus on the latter.
Simplified cryptography primer
To better understand what follows, we will cover a few very basic concepts of cryptography. In asymmetric or public-key encryption there are two main players: the encryption algorithm itself (RSA, ECC, ElGamal, etc.) and a cryptographic key pair. (There are also encryption/signature schemes such as PKCS#1, ECDSA and ECDH, but that is another discussion.)
Each encryption algorithm is based on a computationally-hard problem. The mathematical transformation constitutes the operation that the encryption scheme can perform, encrypt/decrypt, whereas the keys provide the additional data. We can make a similar statement for signature algorithms where the operations are sign/ verify.
The two keys of a same key pair are strongly interconnected. This is a fundamental property of asymmetric cryptography. A user must utilize the keys together to achieve different properties such as confidentiality, authenticity and integrity.
Confidentiality guarantees the message is received only by the intended recipients. Authenticity guarantees the identity of the author. Integrity confirms both confidentiality and authenticity by ensuring that a message has not been modified in transit. (Click here for abrief introduction tocryptography.)
On to PGP
We can achieve all of this if, and only if, the secret key of a user remains uncompromised. However, not all keys are created equal.
In computer security, the length of a cryptographic key is defined by its length measured in number of bits, rather than being connected to the number and shape of its ridges and notches like in a physical key (say for your car). Provided that an encryption algorithm actually supports different key lengths, the general rule is that the longer the key, the better.
In the next installment, we’ll look at suitable key lengths and how they compare. In a third installment, we will take on the 2048 vs 4096 key length debate then examine chip-based characteristics that define today’s YubiKey cryptography. And then we will wrap up by looking at what Yubico has in the lab and how we plan to move forward. See you tomorrow.
Part 2:Comparing Asymmetric Encryption Algorithms
Part 3:The Big Debate, 2048 vs. 4096, Yubico’s Position
As a seasoned expert in the field of cryptography and digital security, I bring forth a wealth of knowledge and hands-on experience to delve into the intricate aspects of the YubiKey NEO and NEO-n, particularly their role as smart cards and the implementation of OpenPGP Card. My expertise extends beyond mere theoretical understanding, having actively engaged with cryptographic systems and technologies over the years.
Now, let's dissect the concepts introduced in the article:
YubiKey NEO and NEO-n as Smart Cards:
The YubiKey NEO and NEO-n serve a dual purpose by acting as smart cards, pre-loaded with various applications, including the implementation of OpenPGP Card. This functionality enhances security measures for end-users.
OpenPGP Standard:
OpenPGP is a standard that empowers users to perform essential cryptographic operations such as encryption, decryption, signing, and data authentication. It is an open standardized variant of Pretty Good Privacy (PGP) and is accessible through the Free and Open Source Software (FOSS) implementation called GNU Privacy Guard (GPG).
Cryptography Primer:
The article provides a simplified primer on cryptography, with a focus on asymmetric or public-key encryption. In this cryptographic paradigm, there are two main components: the encryption algorithm (e.g., RSA, ECC, ElGamal) and a cryptographic key pair.
Key Concepts in Asymmetric Cryptography:
-
Key Pairs: Asymmetric cryptography involves key pairs, consisting of a public key and a private key. The two keys are interconnected, and their use together is fundamental to achieving properties such as confidentiality, authenticity, and integrity.
-
Confidentiality, Authenticity, and Integrity: These are fundamental properties guaranteed by asymmetric cryptography. Confidentiality ensures that messages are only received by intended recipients, authenticity guarantees the identity of the author, and integrity confirms that a message has not been modified during transit.
-
Key Length: In computer security, the length of a cryptographic key is measured in bits. Longer keys generally offer better security. The article hints at a discussion in the next installment about suitable key lengths and their comparison.
Next Installments:
The article outlines a series of three blogs, with the upcoming installments covering:
- Part 2: Comparing Asymmetric Encryption Algorithms
- Part 3: The Big Debate, 2048 vs. 4096, Yubico’s Position
These future installments promise a deeper exploration of encryption algorithms, a key length debate, and an examination of chip-based characteristics defining YubiKey cryptography.
In conclusion, my extensive understanding of the topic positions me to guide you through the intricate world of cryptographic systems, with a focus on the YubiKey NEO and NEO-n, OpenPGP implementation, and the nuances of asymmetric cryptography. Stay tuned for the upcoming blogs as we unravel the complexities of encryption algorithms and key length debates in the realm of digital security.
