PGP-IMPLEMENTING SECURITY

Chandani Gupta
Indian Institute of information Technology,Allahabad

PGP means Pretty Good Privacy. It is a computer program which is used to provide privacy and authentication to  e-mails and files stored in computer system. PGP increases the security of e-mail communication by signing and encrypting the e-mails. Philip Zimmermann developed PGP encryption in 1991.It was the first version of PGP. In other words we can say that he is the father of PGP. This article will describe, purpose of PGP  and working of PGP. And the rest details will be covered in upcoming issue.

Purpose of PGP :-


PGP can be used for the following purposes:

  • Encrypt files:- PGP can be used for encrypting file using IDEA, a powerful private key encryption algorithm. The encrypted files can be decrypted only by those who know the pass phrase of the encrypted file.

  • Create secret and public keys :- PGP creates private and public keys to encrypt, sign  and decrypt the message.

  • Manage keys:- PGP can create and manage the address book of public keys. These keys belongs to those people to whom you wants to communicate and for this you have to know his e-mail address.

  • Send and receive encrypted mails:- PGP can be used to encrypt the emails we want to send and to decrypt the email we receive.

  • Use digital signature:- PGP can be used for electronically signing the documents and for verifying the other’s signature.

  • Certify keys:- PGP can be used for certify the other’s public keys by signing their public keys electronically.

  • Revoke, disable, and escrow keys:- PGP can be used to revoke or disable ours or other’s keys which are compromised. It can also be used to put the keys in safekeeping using manual escrow facility.

  • Customize PGP:-PGP provides the facility to change the settings in PGP configuration file to suit your own site and encryption needs.

  • PGP internet key server:- PGP provides the facility to upload your public key in key server and you can download other’s public key from the key server for easiness of the secure communication.

PGP  uses a number of mathematical algorithms :-

  • IDEA

  • RSA

  • MD5

These algorithms are used to encrypt and decrypt the message. The technique and algorithms that PGP employs provides an international recognised tool that can be used to :

  • Keep information private

  • Verify the integrity of message, and

  • Authenticate the author of the message

How PGP works:-


PGP has the feature of public key cryptography as well as secret key cryptography. PGP is a hybrid cryptosystem. When a user encrypts plaintext with PGP, PGP performs the following steps serially :

  • first compresses the plaintext. Data compression saves modem transmission time and disk space and, more importantly, strengthens cryptographic security.

  • PGP creates a random value to use as the key in the IDEA encryption process; this key is termed the session key. This also known as one-time-only secret key.

  • PGP encrypts the compressed message using the session key and IDEA.

  • The session key is encrypted to the recipient’s public key using RSA .

  • The encrypted message and the encrypted session key are packaged into a single PGP file.


                               Fig : PGP encryption


When a user decrypts ciphertext with PGP, PGP performs the following steps serially :

  • The recipient’s copy of PGP uses recipient’s private key to decrypt the session key.

  • PGP uses that decrypted session key to decrypt the conventionally encrypted cipher text. And original plaintext is received.


                                Fig : PGP decryption


Digital Signature, Encryption, and Decryption process of  a message with PGP :--

  • PGP uses digital signature ( a combination of hashing and public-key encryption) to provide integrity, authentication and non-repudiation.

  • It uses a combination of secret-key and public-key encryption to provide privacy.

  • Specifically, it uses one hash function, one secrete key and two private-public key pairs.

Encryptionà

  • The email message is hashed to create a digest.

  • The digest is encrypted using sender’s private key.

  • The message and the digest are encrypted using the one-time secret key created by Alice.

  • The secret key is encrypted using receiver’s public key and is sent together with the encrypted combination of message and digest.


                                    Fig : PGP encryption of digitally signed data
Decryptionà

  • The recipient’s copy of PGP uses recipient’s private key to decrypt the session key.

  • PGP uses that session key to decrypt the encrypted combination of message and digest. And get signed digest and email.

  • PGP uses sender’s public key to decrypt the signed digest.

  • PGP take hash of the received email to create digest.

  • PGP compares both the decrypted and created digest.

  • If both the digests are same then the message can be viewed otherwise discarded.


                                       Fig : PGP decryption of digitally signed data
Conclusion :-


PGP ensures the privacy, authenticity, and integrity of emails and messages stored in systems. We do not want that our private e-mails or confidential documents read or altered by anyone else. So PGP prevents these threats and provides secure communication.


The rest of the details will be covered in upcoming issue.