120 likes | 326 Views
PGP (Pretty Good Privacy). Sheila Alston Old Dominion University November 2, 2005. What is PGP?. Secure mail protocol Performs encryption and integrity protection on files Original author – Phil Zimmerman Guerrilla Freeware Generates private key for you
E N D
PGP (Pretty Good Privacy) Sheila Alston Old Dominion University November 2, 2005
What is PGP? • Secure mail protocol • Performs encryption and integrity protection on files • Original author – Phil Zimmerman • Guerrilla Freeware • Generates private key for you • Uses public key cryptography for personal keys
How PGP Encryption Works • User encrypts plaintext using PGP • PGP compresses the plaintext • PGP creates a session key, which is a one-time secret key • The secret key works with the plaintext using a conventional encryption algorithm to encrypt the plaintext • The end result is ciphertext • Once data is encrypted the session key is encrypted to the recipient’s public key • Public key-encrypted session key is transmitted along with the encrypted data to the recipient
How PGP Decryption Works • The recipient's copy of PGP uses their private key to recover the session key • PGP uses the recovered session key to decrypt the ciphertext • The combination of the two encryption methods combines the convenience of public key encryption with the speed of conventional encryption
Key Distribution • PGP uses public key cryptography for personal keys • Each user decides which keys to trust • PGP doesn’t require certificates. They are optional. • To send someone mail or to verify their signature, you need to know their public key • People publish their PGP fingerprints on their websites, business cards, in their books, etc.
Private Key • PGP will generate a private key for you • You can specify the size of the key • It prompts you for a password • Password is converted into a IDEA key by doing MD5 message digest • IDEA key is used to encrypt the private key • Encryption is done with 64-bit CFB using a random IV which is stored with the encrypted private key
Key Rings • PGP creates key rings • Key Rings are data structures that contain. pubic keys, information about people and certificates. • Key Rings can be used as a database of public keys. • There are three levels of trust in PGP: none, partial, or complete.
Conclusion • PGP is used to perform encryption and decryption for mail and for integrity protection of files. • It is capable of accepting different types of formats:message formats and primitive object formats. • PGP is used to protect our privacy.
References • “How PGP Works”, http://www.pgpi.org/doc/pgpintro/ • Network Security Private Communication in a Public World, Second Edition, Prentice Hall PTR • ftp://ftp.pgpi.org/pub/pgp/6.5/docs/english/IntroToCrypto.pdf • PGP Corporation - Home Page: http://www.pgp.com/