Professional Documents
Culture Documents
(PGP)
Security for Electronic Email
1
There are two main schemes which are especially
designed to provide confidentiality and
authentication for electronic mail systems. These
are:
PGP
(Pretty Good Privacy)
S/MIME
(Secure/Multipurpose Internet Mail Extension)
2
S/MIME
S/MIME uses public key certificates
conforming to standard X.509 and signed
by a certification agency. In other respects,
S/MIME is quite similar to PGP.
S/MIME is not studied in any detail on this
course and is not examinable.
Details of the scheme are available in
Chapter 5 of Stalling if you are interested.
3
PGP
• Developed by Phil Zimmerman in 1995.
• Documentation and source code is freely
available.
• The package is independent of operating
system and processor.
• PGP does not rely on the “establishment”
and it’s popularity and use have grown
extensively since 1995.
4
• PGP combines the best available
cryptographic algorithms to achieve
secure e-mail communication.
• It is assumed that all users are using
public key cryptography and have
generated a private/public key pair.
• Either RSA (with RSA digital signatures)
or El Gamel (with DSA) can be used.
• All users also use a symmetric key system
such as triple DES or Rijndael.
5
What does PGP do?
6
PGP Authentication
This is a digital signature scheme with
hashing.
1. Alice has (private/public) key pair (Ad/Ae)
and she wants to send a digitally signed
message m to Bob.
2. Alice hashes the message using SHA-1 to
obtain SHA(m).
7
3. Alice encrypts the hash using her private
key Ad to obtain ciphertext c given by
c=pk.encryptAd(SHA(m))
8
6. He computes the hash of m using SHA-1
and if this hash value is equal to s then the
message is authenticated.
10
4. Alice encrypts the message m with the
session key k to get ciphertext c
c=sk.encryptk(m)
11
7. Bob uses the session key k to decrypt the
ciphertext c and recover the message m
m=sk.decryptk(c)
13
2. Alice generates a random session key k
and encrypts the message m and the
signature c using a symmetric
cryptosystem to obtain ciphertext C
C=sk.encryptk(m,c)
4. She encrypts the session key k using Bob’s
public key
k’ = pk.encryptBe(k)
14
6. Bob recieves k’ and C and decrypts k’
using his private key Bd to obtain the
session key k
k=pk.decryptBd(k’)
15
8. Bob now has the message m. In order to
authenticate it he uses Alice’s public key
Ae to decrypt the signature c and hashes
the message m using SHA-1.
If SHA(m) = pk.decryptAe(c)
Then the message is authenticated.
16
PGP Compression
PGP can also compress the message if
desired. The compression algorithm is ZIP
and the decompression algorithm is
UNZIP.
19
8. Now Bob has the original message m and
signature c. He verifies the signature using
SHA-1 and Alice’s public key as before.
20
PGP E-Mail Compatibility
Many electronic mail systems can only
transmit blocks of ASCII text. This can
cause a problem when sending encrypted
data since ciphertext blocks might not
correspond to ASCII characters which can
be transmitted.
PGP overcomes this problem by using
radix-64 conversion.
21
Radix-64 conversion
Suppose the text to be encrypted has been
converted into binary using ASCII coding
and encrypted to give a ciphertext stream of
binary.
Radix-64 conversion maps arbitrary binary
into printable characters as follows:
22
Radix-64 conversion
1. The binary input is split into blocks of 24
bits (3 bytes).
2. Each 24 block is then split into four sets
each of 6-bits.
3. Each 6-bit set will then have a value
between 0 and 26-1 (=63).
4. This value is encoded into a printable
character.
23
6 bit Character 6 bit Character 6 bit Character 6 bit Character
value encoding value encoding value encoding value encoding
0 A 16 Q 32 g 48 w
1 B 17 R 33 h 49 x
2 C 18 S 34 i 50 y
3 D 19 T 35 j 51 z
4 E 20 U 36 k 52 0
5 F 21 V 37 l 53 1
6 G 22 W 38 m 54 2
7 H 23 X 39 n 55 3
8 I 24 Y 40 o 56 4
9 J 25 Z 41 p 57 5
10 K 26 a 42 q 58 6
11 L 27 b 43 r 59 7
12 M 28 c 44 s 60 8
13 N 29 d 45 t 61 9
14 O 30 e 46 u 62 +
15 P 31 f 47 v 63 /
(pad) =
24
PGP Segmentation
Another constraint of e-mail is that there is
usually a maximum message length.
PGP automatically blocks an encrypted
message into segments of an appropriate
length.
On receipt, the segments must be re-
assembled before the decryption process.
25
Key Issues
1. Key Generation
Recall that a new session key is required
each time a message is encrypted. How
are these keys generated?
27
• In the case of encryption, (Alice uses Bob’s
public key) Alice can send Bob the public
key with the message since this is not secret
(in fact Alice only sends the 64 least
significant bits so that Bob can identify the
key).
• In the case of digital signatures Alice uses
her private key and Bob uses Alice’s
corresponding public key. Alice cannot
send Bob her private key, but she can look
up the corresponding public key and send
the 64 least significant bits of that.
28
So a PGP message might consist of: