PRETTY GOODPRIVACY (PGP)
PGPprovidestheconfidentialityandauthenticationservicethatcanbeusedfor electronicmail andfile storage applications. Thesteps involved in PGP are
Select thebest availablecryptographicalgorithms as buildingblocks.
Integratethesealgorithmsintoageneralpurposeapplicationthatisindependent ofoperating systemandprocessorandthatisbasedonasmallsetof easy-to-use commands.
Make the package and its documentation, including the source code, freely available viathe internet,bulletin boards andcommercial networks.
Enterintoanagreementwithacompanytoprovideafullycompatible,lowcost commercial version ofPGP.
PGPhasgrownexplosivelyandisnowwidelyused.Anumberofreasonscanbe cited forthis growth.
It is available freeworldwidein versionsthat runon avarietyof platform.
Itisbasedonalgorithmsthathavesurvivedextensivepublicreviewandare consideredextremelysecure.
e.g., RSA, DSSand DiffieHellman forpublickeyencryption CAST-128,IDEA and 3DESfor conventional encryption SHA-1 forhashcoding.
It hasawiderangeof applicability.
Itwasnotdevelopedby,noritiscontrolledby,anygovernmentalorstandards organization.
Operational description
TheactualoperationofPGPconsistsoffiveservices:authentication,confidentiality, compression, e-mail compatibilityand segmentation.
1. Authentication
Thesequence for authentication is as follows:
Thesendercreates themessage
SHA-1 is used to generate a160-bithash codeof themessage
ThehashcodeisencryptedwithRSAusingthesender‟sprivatekeyand
the resultis prepended to themessage
ThereceiverusesRSAwiththesender‟spublickeytodecryptandrecover
the hash code.
Thereceivergeneratesanewhashcodeforthemessageandcomparesit withthedecryptedhashcode.Ifthetwomatch,the message isacceptedas authentic.
2. Confidentiality
Confidentiality isprovidedbyencryptingmessagestobetransmittedortobe stored locally as files. In both cases, the conventional encryption algorithm CAST-128 maybeused.The64-bitcipherfeedback (CFB) modeis used.
InPGP,eachconventionalkey isusedonly once.Thatis,anewkey isgenerated asarandom128-bitnumber foreachmessage.Thusalthoughthisisreferredtoas asessionkey,itisinreality aonetimekey.Toprotectthekey,itisencrypted with thereceiver‟spublickey.
Thesequence for confidentialityis asfollows:
Thesendergeneratesamessageandarandom128-bitnumbertobeused as a session keyfor this messageonly.
Themessageis encrypted usingCAST-128 with thesession key.
ThesessionkeyisencryptedwithRSA,usingthereceiver‟spublickey
and is prepended to themessage.
ThereceiverusesRSAwithitsprivatekeytodecryptandrecoverthe session key.
Thesession keyis used to decrypt themessage.
Confidentiality andauthentication
Here bothservicesmay beusedforthesamemessage.First,asignatureis generatedfor the plaintextmessageandprependedtothe message.Thenthe plaintextplusthesignatureisencryptedusingCAST-128andthesessionkey is encrypted usingRSA.
3. Compression
Asadefault,PGPcompressesthemessageafter applying thesignaturebut before encryption. This has the benefit of saving space for both e-mail transmission and for filestorage.
Thesignatureisgenerated beforecompression fortwo reasons:
Itispreferabletosignanuncompressedmessagesothatonecanstore only theuncompressedmessagetogetherwiththesignatureforfuture verification.If one signedacompresseddocument,then itwouldbe necessary eithertostoreacompressedversionofthemessageforlater verification orto recompress themessagewhen verification is required.
Evenifonewerewillingtogeneratedynamicallyarecompressedmessage froverification,PGP‟s compressionalgorithmpresentsadifficulty.The algorithmisnotdeterministic; various implementationsof the algorithm achievedifferenttradeoffsinrunningspeedversuscompressionratioand as a result, producedifferent compression forms.
Message encryptionisappliedaftercompressiontostrengthen cryptographic security.Becausethecompressedmessagehaslessredundancy thantheoriginal plaintext, cryptanalysisis moredifficult. Thecompression algorithm used is ZIP.
4. e-mailcompatibility
Manyelectronicmailsystemsonlypermittheuseofblocksconsistingof ASCII texts. To accommodate this restriction, PGP provides the service of convertingthe raw 8-bitbinarystream to astreamof printable ASCIIcharacters. Theschemeusedforthispurposeisradix-64conversion.Eachgroupofthree octets of binarydatais mapped into four ASCIIcharacters.
e.g., consider the 24-bit (3 octets) raw text sequence 00100011 01011100
10010001, wecan express this input inblockof6-bits to produce4 ASCII characters
.
001000110101110010010001
ILYR= correspondingASCII
characters
5. Segmentationandreassembly
E-mailfacilitiesoftenarerestrictedtoamaximumlength.E.g.,manyof thefacilities accessiblethroughthe internetimpose a maximumlengthof50,000 octets.Any messagelongerthanthatmustbebrokenupintosmallersegments, each ofwhich is mailed separately.
Toaccommodatethisrestriction,PGPautomatically subdividesamessage thatistoo largeintosegmentsthatare smallenoughtosendviae-mail.The segmentationisdoneafterallthe other processing,includingthe radix-64 conversion. At thereceivingend, PGP muststrip offall e-mail headersand reassemble theentireoriginal block beforeperformingthe other steps.
PGP message generation
Firstconsidermessagetransmissionandassumethatthemessageistobebothsigned and encrypted. ThesendingPGP entityperforms the followingsteps:
1. Signing themessage
PGPretrievesthesender‟sprivatekeyfromtheprivatekeyringusinguserID asanindex.IfuserIDwasnotprovided,thefirstprivatekey fromtheringis retrieved.
PGP prompts the user for the passpharse (password) to recover the unencrypted private key.
Thesignature component of the messageis constructed.
2. Encrypting themessage
PGP generates asession keyand encrypts themessage.
PGPretrievestherecipient‟spublickeyfromthepublickeyringusinguser ID as index
Thesession keycomponent of the messageisconstructed.
The receivingPGP entityperforms thefollowingsteps:
1. decrypting themessage
PGPretrievesthereceiver‟sprivatekeyfromtheprivatekeyring,usingthe
key ID field in thesession keycomponent ofthemessage as anindex.
PGP prompts the user for the passpharse (password) to recover the unencrypted private key.
PGP then recovers thesession keyand decrypts themessage.
2. Authenticating themessage
PGPretrievesthesender‟spublickeyfromthepublickeyring,usingthekey
IDfield in thesignaturekeycomponent ofthe messageas an index.
PGP recovers thetransmitted messagedigest.
PGPcomputesthe messagedigestforthereceivedmessageandcomparesitto the transmitted messagedigest to authenticate.