PGP

PGP( Pretty Good Privacy )

PGP uses a variation of the public key system. In this system, each user has a public key and a private key. You encrypt a message you send to someone else using their public key. When they receive it, they decrypt it using their private key.
Since encrypting an entire message can be time-consuming, PGP uses a faster encryption algorithm to encrypt the message and then uses the public key to encrypt the shorter key that was used to encrypt the entire message.

Both the encrypted message and the short key are sent to the receiver who first uses the receiver's private key to decrypt the short key and then uses that key to decrypt the message.


PGP comes in two public key versions -

Rivest-Shamir-Adleman (RSA) -The RSA version uses the IDEA algorithm to generate a short key for the entire message and RSA to encrypt the short key.

Diffie-Hellman - The Diffie-Hellman version uses the CAST algorithm for the short key to encrypt the message and the Diffie-Hellman algorithm to encrypt the short key.

For sending digital signatures, PGP uses an efficient algorithm that generates a hash from the user's name and other signature information. This hash code is then encrypted with the sender's private key. The receiver uses the sender's public key to decrypt the hash code. If it matches the hash code sent as the digital signature for the message, then the receiver is sure that the message has arrived securely from the stated sender. PGP's RSA version uses the MD5 algorithm to generate the hash code. PGP's Diffie-Hellman version uses the SHA-1 algorithm to generate the hash code.


PGP consists of the following five services:
1. Authentication
2. Confidentiality
3. Compression
4. E-mail compatibility
5. Segmentation

PGP Services

Authentication

 The hash function used is SHA-1 creates a 160 bit message digest and the algorithm used for encryption/decryption is RSA.

The combination of SHA-1 and RSA provides an effective digital signature scheme. Due to the strength of RSA the recipient is assured that only the possessor of the matching private key can generate the signature. Because of the strength of SHA-1 the recipient is assured that no one else could generate a new message that matches the hash code and hence, the signature of the original message.

Confidentiality

Confidentiality is provided by encrypting the messages to be transmitted. The user has a choice of CAST-128, IDEA or 3DES in 64 bit cipher feedback (CFB) mode. The symmetric key is used only once and is created as a random number with the require number of bits. It is transmitted along with the message and is encrypted using the recipients public key.

The sequence:
1. The sender generates a message and a random number to be used as a session key for this message only.
2. The message is encrypted using CAST-128, IDEA or 3DES with the session key.
3. The session key is encrypted with recipients public key (RSA/ElGamal) and is prepended to the message.
4. The receiver uses its private key to decrypt and recover the session key.
5. The session key is used to decrypt the message.

Public key encryption is a lot more computationally intensive(Time-taking) than symmetric encryption. For this reason , the message itself (which is the largest part of the transmission) is encrypted using symmetric key cryptography whereas only the key is encrypted using the public key algorithm.

Confidentiality and Authentication

Both services may be used for the same message. First, a signature is generated for the plaintext message and prepended to the message. Then the plaintext message plus signature is encrypted using CAST-128 (or IDEA or 3DES), and the session key is encrypted using RSA (or ElGamal). This sequence is preferable to the opposite: encrypting the message and then generating a signature of the encrypted message. It is generally more convenient to store a signature with a plaintext version of a message. Furthermore, for purposes of third party verification, if the signature is performed first, a third party need not be concerned with the symmetric key when verifying the signature.


EP (DP) represents public encryption (decryption) and the algorithm used can be RSA or DSS. The message may be compressed using and algorithm called ZIP. This is represented by “Z” in the figure.

Compression

 PGP compresses the message after applying the signature but before encryption. This has the benefit of saving space both for e-mail transmission. The placement of the compression algorithm for compression(Z) and decompression(Z−1) is critical:
1. The signature is generated before compression for two reasons:
(a) It is preferable to sign an uncompressed message so it is free of the need
for a compression algorithm for later verification.
(b) Different version of PGP produce different compressed forms. Applying
the hash function and signature after compression would constrain all PGP
implementation to the same version of the compression algorithm.
2. Message encryption is applied after compression to strengthen cryptographic
security. Because the compressed message has less redundancy than the original
plaintext, cryptanalysis is more difficult.
The compression algorithm used is called ZIP which is described in the recommended
text.

12.2.5 E-mail compatibility
Many electronic mail systems only permit the use of blocks consisting of ASCII text.
When PGP is used, at least part of the block to be transmitted is encrypted. This basically
produces a sequence of arbitrary binary words which some mail systems won’t
accept. To accommodate this restriction PGP uses and algorithm known as radix64
which maps 6 bits of a binary data into and 8 bit ASCII character. Unfortunately this
expands the message by 33% however, with the compression algorithm the overall
compression will be about one third (in general).
12.2.6 Segmentation
E-mail facilities are often restricted to a maximum message length. For example, many
of the facilities accessible throughout the Internet impose a maximum length of 50,000
octets. Any message longer than that must be broken up into smaller segments, each
of which is mailed separately.
To accommodate this restriction, PGP automatically subdivides a message that is too
large into segments that are small enough to sent via e-mail. The segmentation is done
after all the other processing, including the radix-64 conversion. Thus the session key
component and signature component appear only once, at the beginning of the first
segment. At the receiving end, PGP must strip off all e-mail headers and reassemble
the entire original block before performing the steps illustrated in figure 12.3.