Analogien um das Prinzip von PGP zu erklären
Neal H. Walfield
neal at walfield.org
Thu Jul 3 13:46:33 CEST 2014
At Thu, 03 Jul 2014 12:50:50 +0200,
Daniel Krebs wrote:
> da ich das gerade mit Matthias von der FSFE im Rahmen von
> #EmailSelfDefense diskutiere, mal eine Frage: Welche Analogien benutzt
> ihr, wenn ihr Menschen das Prinzip von PGP/GPG erklärt?
> Ich verwende ich meistens folgende Version:
>
> Es gibt ein Schloss mit zwei Schlüssellöchern. Jeder Schlüssel
> funktioniert nur in eine Richtung, also entweder Geöffnetes schließen
> oder Geschlossenes öffnen. Daran kann man dann auch das signieren
> erklären, was ja bei der "klassischen Metapher" (öff. Schlüssel =
> Schloss, priv. Schlüssel = Schlüssel) nicht funktioniert. Also:
> Verschlüsseln:
> Jemand verschließt mit meinem öffentlichen Schlüssel, ich öffne mit
> meinem geheimen.
> Signieren:
> Ich signiere mit meinem privaten Schlüssel, jemand anders überprüft mit
> meinem öffentlichen.
>
> Anregungen, Meinungen?
You might want to take a look a this:
https://freedom-to-tinker.com/blog/randomwalker/why-king-george-iii-can-encrypt/
Email encryption, although cryptographically straightforward,
appears too complicated for laypeople to understand. In our
project, we aimed to understand why this problem has eluded
researchers for well over a decade and expand the design space of
possible solutions to this and similar challenges at the
intersection of security and usability.
...
In PGP’s metaphors, each user posses two items, a private key and a
public key. Have you inferred how the protocol works yet? Unless
you have previous exposure to cryptography, likely not. Why do I
have two keys? What do these keys open? Aren’t all keys private?
When you want to send a message to someone, you encrypt it with his
public key, which is known to everyone. The recipient can decrypt
it with his private key, which only he possesses. But can’t anyone
use the public key to decrypt the message again? Nope. A public
key can only encrypt, not decrypt. Just trust us on that one.
You’re probably starting to understand why secure email is so hard
to use. Bear with us for one paragraph longer.
...
We decided to test whether better metaphors might be able to close
this gap between security and usability. Specifically, we wanted
metaphors that represented the cryptographic actions a user performs
to send secure email and were evocative enough that users could
reason about the security properties of PGP without needing to read
a lengthy, technical introduction. We settled on four objects: a
key, lock, seal and imprint. To send someone a message, secure it
with that person’s lock. Only this recipient has the corresponding
key, so only they can open it. To prove your identity, stamp the
message with your seal. Since everyone knows what your seal’s
imprint looks, it’s easy to verify that the message came from you.
Neal
More information about the Gnupg-users
mailing list