Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Standard view
Full view
of .
Look up keyword
Like this
0 of .
Results for:
No results containing your search query
P. 1
PGP (Pretty Good Privacy)

PGP (Pretty Good Privacy)

Ratings: (0)|Views: 140|Likes:
An essay for the 2012 Undergraduate Awards Competition by Cathal Garry. Originally submitted for Electronic engineering at University of Limerick, with lecturer Mairtin ODroma in the category of Computer Sciences & Information Technology
An essay for the 2012 Undergraduate Awards Competition by Cathal Garry. Originally submitted for Electronic engineering at University of Limerick, with lecturer Mairtin ODroma in the category of Computer Sciences & Information Technology

More info:

Published by: Undergraduate Awards on Aug 31, 2012
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
See more
See less


PGP (Pretty Good Privacy)
This report looks into PGP as a software tool that canbe used to implement encryption in differentmessages. The report looks into the background of PGP like who created and how has it changed overthe years. Other section looks into how PGP worksand how it generates its encryptions keys. The lastfew section looks at how the software tool can beused with email. Overall it is hoped that the reportwill provide a useful guide to people who wish to usePGP.
Pretty good privacy(PGP) is a type of data encryptionand decryption program that provides the user withcryptographic privacy and authentication datacommunication. PGP is often used for signingencrypting and decrypting texts, E-mails and files toincreases security of e-mail communications. PGPplaces public key cryptography in the hands of everyinternet user.It was created by Philip Zimmermann in 1991 and hetook a great personal risk in creating PGP and makingit available to the public. While it was a difficultbattle, he succeeded, and the program is now usedaround the world as the primary Internet encryptionstandard for the ordinary users.PGP was first released in 1991 as a DOS programthat earned a reputation for being difficult. Then inJune 1997, PGP Inc. released PGP 5.x for Win95/NT.PGP 5.x which included plugins for several popularemail programs. The plugins for Microsoft Outlook,Microsoft Outlook Express, Qualcomm's Eudora, andClaris Emailer install themselves into their respectiveemail programs and appear as a menu item and a setof buttons on the message window. This made thePGP more user friendly and encourage more peopleto start using the program. With the latest version of PGP it is even easier to install and uses. In addition toworking with the user email it is now possible toprotect files by right-clicking on the document inwindows explorer.
Asymmetric key encryption
An asymmetric key is where there are two keys usedin the encryption process, one public key and oneprivate key. Everyone can see the public key but theuser only see their own private key. The encryptedmessage can be read by anyone with a public orprivate key. With symmetric key encryption there isonly one key that is needed to encrypt the messageand this key is used to decode the message as well.There are advantages and disadvantages of eachprocess like the fact symmetric key is a lot faster andsafer but the distribution of the key is a lot moredifficult compare to using the asymmetric keyprocess.Asymmetric key solves the problem of distribution of keys using public key cryptography. This conceptwas first introduced back in 1975 by Whitfield Diffieand Martin Hellmam. It allows anyone with a copy of your public key to encrypt information that only youcan read as long as they have your public key. It isimpossible to get the private key by using the publicgive by one user and anyone can encrypt theinformation but only the person with a private keycan decrypt the message received.
Outline of process
The main benefit of a public key cryptography is thatit allows people who have no pre-existing security toexchange secure messages. The need for sender andreceiver to share secret keys via some secure channelis eliminated. This means that only the public keyneeds to be transmitted and there is no sharing of the
private key. Because symmetric key encrypting wasonce the only available means of relaying secretinformation there was a big expense of securing thechannel and key distribution and this could only beafforded by large business or organisation like banksand large corporations. Asymmetric key encryptionchanged all this providing a cheaper and easier meansof sending and receiving encrypted messages.
The authentication in PGP is done in the data block which is sent by the party which want to byauthenticated. The process breaks up into three mainproperties which are making it possible for thereceiver to verify that the data original came from theclaimed sender. That it is impossible for the contentto have secret session keys. The third property is thatthe message is not valid if an active intruder replays apreviously recorded data block. The PGP programoffers functions which can accomplish theseproperties except for the third one which can beeasily accomplished by using digital signatures andpublic key encryption.When a session key is being produced a SHA-1160bit hash code is generated and this hash code isencrypted using sender’s private key and appended tothe original message. The receiver decrypts themessage using sender’s public key and if the twomatch the message is accepted as being received bythe correct user.The most difficult of attacks to handle in theauthentication system is the replay attack but one wayof solving this is to add a time stamp to the datewhich is signed. The SPX authentication can be usedto solve this and the server can then reject anauthentication with an old time stamp. This methodrequires the client and server system clocks to besynchronized.
PGP can be used to send messages confidentially. Asdiscussed in the last few sections PGP uses a processof key encryption and Authentication to insure thatthe message is received by the right person and thatonly the receiver can decrypt the message sent..Forthis, PGP combines private-key encryption andpublic-key encryption.The way in which PGP operates it allows for easydistribution of encryption keys and this makes theencryption process easier to implement. This means itcan be used by anyone to provide confidentiality onmessage or document the user might want to sent.
PGP combines some of the best features of symmetric and asymmetric key cryptography, PGP isa hybrid cryptosystem. When a user encryptsplaintext with PGP, compress has to take place first.The Data is compressed saving modem transmissiontime and disk space and it also strengthenscryptographic security. The cryptanalysis techniquesexploit patterns found in the plaintext to crack thecipher. The compression reduces these patterns in theplaintext and greatly enhances the cryptanalysisproperties. The type of compression used in PGP isZIP compression.
Overview of compression and encryption
In the next step after compression a session key isgenerated by a random number generator createdfrom the random movements of your mouse andkeystrokes. This session key works with the fastconventional encryption algorithm to encrypt themessage. After this the session key is encrypt on thepublic key and then the public key, session key andciphertext are sent to the receiver to decode themessage.
E-mail compatibility andSegmentation
Using PGP to encrypt email is one of the mostpopular uses of the program. Several mail clientssupport some form of PGP like GnuPG. Simplifyinga bit there are two ways mail can be encrypted withPGP, either by using ASCII armour or RFC 2015

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->