private key. Because symmetric key encrypting wasonce the only available means of relaying secretinformation there was a big expense of securing thechannel and key distribution and this could only beafforded by large business or organisation like banksand large corporations. Asymmetric key encryptionchanged all this providing a cheaper and easier meansof sending and receiving encrypted messages.
The authentication in PGP is done in the data block which is sent by the party which want to byauthenticated. The process breaks up into three mainproperties which are making it possible for thereceiver to verify that the data original came from theclaimed sender. That it is impossible for the contentto have secret session keys. The third property is thatthe message is not valid if an active intruder replays apreviously recorded data block. The PGP programoffers functions which can accomplish theseproperties except for the third one which can beeasily accomplished by using digital signatures andpublic key encryption.When a session key is being produced a SHA-1160bit hash code is generated and this hash code isencrypted using sender’s private key and appended tothe original message. The receiver decrypts themessage using sender’s public key and if the twomatch the message is accepted as being received bythe correct user.The most difficult of attacks to handle in theauthentication system is the replay attack but one wayof solving this is to add a time stamp to the datewhich is signed. The SPX authentication can be usedto solve this and the server can then reject anauthentication with an old time stamp. This methodrequires the client and server system clocks to besynchronized.
PGP can be used to send messages confidentially. Asdiscussed in the last few sections PGP uses a processof key encryption and Authentication to insure thatthe message is received by the right person and thatonly the receiver can decrypt the message sent..Forthis, PGP combines private-key encryption andpublic-key encryption.The way in which PGP operates it allows for easydistribution of encryption keys and this makes theencryption process easier to implement. This means itcan be used by anyone to provide confidentiality onmessage or document the user might want to sent.
PGP combines some of the best features of symmetric and asymmetric key cryptography, PGP isa hybrid cryptosystem. When a user encryptsplaintext with PGP, compress has to take place first.The Data is compressed saving modem transmissiontime and disk space and it also strengthenscryptographic security. The cryptanalysis techniquesexploit patterns found in the plaintext to crack thecipher. The compression reduces these patterns in theplaintext and greatly enhances the cryptanalysisproperties. The type of compression used in PGP isZIP compression.
Overview of compression and encryption
In the next step after compression a session key isgenerated by a random number generator createdfrom the random movements of your mouse andkeystrokes. This session key works with the fastconventional encryption algorithm to encrypt themessage. After this the session key is encrypt on thepublic key and then the public key, session key andciphertext are sent to the receiver to decode themessage.
E-mail compatibility andSegmentation
Using PGP to encrypt email is one of the mostpopular uses of the program. Several mail clientssupport some form of PGP like GnuPG. Simplifyinga bit there are two ways mail can be encrypted withPGP, either by using ASCII armour or RFC 2015