This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
This report aims at analyzing the methods of PGP Encryption Technology for establishing secure communication over the internet. PGP essentially devices a powerful envelope that allows individuals the same privacy in communications as enjoyed by governments and large corporations. The report analyses the working principle of PGP Encryption technology, its components and their applications.
A message is PlainText. The process of converting a message into a form such that its content is hidden is called Encryption. An encrypted message is CipherText. The process of reverting CipherText back to the original text is called Decryption. Cryptography is the science of securing data in a way that the data can be understood only by the person it is intended for and not for any other person in the middle. Cryptanalysis is the process of breaking the secure communication. Cryptology encapsulates both Cryptography and Cryptanalysis. There are two general kinds of Key-based algorithms, Symmetric and Asymmetric Key algorithms, which are further elaborated.
SYMMETRIC KEY ALGORITHM
Also called Secret Key algorithm or conventional algorithm, this algorithm involves the use of a single key for both the encryption and decryption processes. The key used, called the Symmetric Key is shared by the sender and the receiver and is used first, to encrypt the message at the receiver's end and transform it to Ciphertext and then is used to decrypt the Ciphertext to get back the plaintext.
This process requires the sender and the receiver to first agree on a key for establishing communication. The entire security of the crypto graphical system relies on this key and thus its security is of prime importance. The generation of a single key for encryption and decryption makes this algorithm a reasonably quick one.
Figure 1.1: Symmetric Key Encryption
PUBLIC KEY ALGORITHM
Public key algorithm (also called Symmetric Key algorithm involves the use of two different kinds of keys for the encryption and decryption processes. The algorithm is called public key algorithm because the encryption key can be made public safely. The key for decrypting the ciphertext is called a Private Key.
This implies that the effectiveness of the algorithm relies on a pair of keys and not just a single key as was the case of a Symmetric key, thus it can be inferred that this algorithm is relatively more secure than Symmetric key cryptography.
Figure 1.2: Public Key Encryption
There are a number of cryptographic algorithms used today out of which the most common ones are:
DES (Data Encryption Standard) is the most popular computer encryption algorithm. DES is a US and international standard. It is a symmetric algorithm, i.e. the same key is used for encryption and decryption.
RSA (named for its creators-Rivest, Shamir and Adleman) is the most popular public key algorithm. It can be used for both encryption and digital signatures.
DSA (Digital Signature Algorithm, used as a part of the Digital Signature Standard) is another public key algorithm. It cannot be used for encryption, but only for digital signatures.
In the real world public key algorithms are not a substitute for symmetric key algorithms. They are generally preferred to encrypt keys instead of encrypting messages. In most practical implementations, public key algorithms are used to secure and distribute Session Keys, those keys will be used to encrypt the message.
This forms the basis of a Hybrid Cryptosystem.
Using public key cryptography for key distribution solves a very important key management problem. Using symmetric key for encryption of message ensures secure transmission of the message across the network, once the keys are securely exchanged.
CHAPTER 2: INTRODUCTION TO PGP ENCRYPTION
Originally written by Phil Zimmerman in 1991, pretty good privacy (PGP) is an email encryption scheme that has become a de-facto standard, with thousands of users all over the globe. It is a means by which the average end user can effectively protect the privacy of his or her own Internet mail. It was made for the purpose of allowing the average citizen to have a means of protecting their communications from those whom it was not intended. It acts as a means to provide the end user with the kind of security enjoyed by the governments or secret agencies around the world. More and more of our private communications are being routed through electronic channels. E-mail messages are just too easy to intercept and scan for interesting keywords. This can be done easily, routinely, automatically, and undetectably on a grand scale. Thus securing the email is vital and this can be achieved by using the PGP encryption technology.
2.2 METHODS AND ALGORITHMS USED
PGP generates encrypted files by use of the freeware UNIX `ZIP' compression utility and two encoding schemes know as `IDEA' (International Data Encryption Algorithm, an algorithm for generating shared, `secret keys') and `RSA' (an algorithm for `public-key' encryption).
`IDEA' was developed by James L. Massey and Huejia Lai in 1990. As of 1995, IDEA has resisted cryptanalysis better than most other ciphers. A block length of sixty-four bits makes it very strong against brute-force attacks. `IDEA' also uses a one hundred and twenty-eight bit key. It utilizes means to confuse the cryptanalyst by making repetition of characters meaningless.
RSA' was developed at MIT by Rivest, Shamir, and Adleman (hence the name `RSA'). It is an `asymmetric' encryption process. This means that a different key is needed to decrypt than to encrypt the message. At present, it is the only accepted algorithm for public-key encryption.
Furthermore, for the generation of hash using the digital signing process, PGP uses the MD5 message digest algorithm. Once the digital signature is generated, the `Radix-64' format is used to convert the signature into a text ready format.MD5 processes a variable-length message into a fixed-length output of 128 bits. The content of this digest is totally different from the original message and cannot be understood.
CHAPTER 3: PRINCIPLES OF PGP ENCRYPTION TECHNOLOGY
PGP combines some of the best features of both conventional and public key cryptography. PGP is a Hybrid Cryptosystem. When a user encrypts plaintext with PGP, PGP first compresses the plaintext using freeware UNIX ZIP compress utility. Data compression saves modem transmission time and disk space and, more importantly, strengthens cryptographic security. Most cryptanalysis techniques exploit patterns found in the plaintext to crack the cipher. Compression reduces these patterns in the plaintext, thereby greatly enhancing resistance to cryptanalysis. (Files that are too short to compress or which don't compress well aren't compressed.)
PGP then creates a Session Key, which is a one-time-only secret key. This key is a random number generated from the random movements of your mouse and the keystrokes you type. This session key works with a very secure, fast conventional encryption algorithm to encrypt the plaintext; the result is ciphertext. Once the data is encrypted, the session key is then encrypted to the recipient's public key. This public key-encrypted session key is transmitted along with the ciphertext to the recipient.
`IDEA' (International Data Encryption Algorithm, an algorithm for generating shared, `session key') and `RSA' (an algorithm for `public-key' encryption) are used for generation of Session and Public keys respectively.
3.2 DIGITAL SIGNATURE
A major benefit of public key cryptography is that it provides a method for employing digital signatures. Digital signatures enable the recipient of information to verify the authenticity of the information's origin, and also verify that the information is intact. Thus, public key digital signatures provide authentication and data integrity. A digital signature also provides non-repudiation, which means that it prevents the sender from claiming that he or she did not actually send the information.
In digital signature, PGP first creates a digest of the message using the MD5 algorithm. MD 5 is a one-way hash function that processes a variable-length message into a fixed-length output of 128 bits. The content of this digest is totally different from the original message and cannot be understood. It is also not possible to get back the original message using the digest.
This digest is then 'signed' using the private key of the sender, and thus can be decrypted only by the respective public key. The distribution of this public key is controlled and thus only the person having a copy of the sender's public key will be able to decrypt the digital signature.
3.3 DIGITAL CERTIFICATE
In a public key environment, it is vital that you are assured that the public key to which you are encrypting data is in fact the public key of the intended recipient and not a forgery.
Digital certificates, simplify the task of establishing whether a public key truly belongs to the purported owner.
A certificate is a form of credential. A digital certificate is data that functions much like a physical certificate. A digital certificate is information included with a person's public key that helps others verify that a key is genuine or valid. Digital certificates are used to thwart attempts to substitute one person's key for another.
A digital certificate consists of three things:
A public key.
Certificate information. ("Identity" information about the user, such as name, user ID, and so on.)
One or more digital signatures.
The purpose of the digital signature on a certificate is to state that the certificate information has been attested to by some other person or entity. The digital signature does not attest to the authenticity of the certificate as a whole; it vouches only that the signed identity information goes along with, or is bound to, the public key.
Thus, a certificate is basically a public key with one or two forms of ID attached, plus a hearty stamp of approval from some other trusted individual.
3.4 CERTIFICATE DISTRIBUTION
Certificates are utilized when it's necessary to exchange public keys with someone else. These can come in the form of storage-only repositories called Certificate Servers, or more structured systems that provide additional key management features and are called Public Key Infrastructures (PKIs).
A certificate server, also called a cert server or a key server, is a database that allows users to submit and retrieve digital certificates. A cert server usually provides some administrative features that enable a company to maintain its security policies - for example, allowing only those keys that meet certain requirements to be stored.
Public Key Infrastructures
A PKI contains the certificate storage facilities of a certificate server, but also provides certificate management facilities (the ability to issue, revoke, store, retrieve, and trust certificates). The main feature of a PKI is the introduction of what is known as a Certification Authority, or CA, which is a human entity - a person, group, department, company, or other association - that an organization has authorized to issue certificates to its computer users. (A CA's role is analogous to a country's government's Passport Office.) A CA creates certificates and digitally signs them using the CA's private key. Because of its role in creating certificates, the CA is the central component of a PKI. Using the CA's public key, anyone wanting to verify a certificate's authenticity verifies the issuing CA's digital signature, and hence, the integrity of the contents of the certificate (most importantly, the public key and the identity of the certificate holder).
Decryption works in the reverse.
The certificate issued by the Certificate Authority is decrypted using the Certificate authority's key and thus ensured the identity of the sender.
The digital signature is used to verify the authenticity of the message. The public key of the sender is used to decrypt the digest which is then compared with a new digest created by the receiver using the same, MD5 algorithm, and then both the digests are compared to ensure integrity is maintained through the communication process.
The recipient's copy of PGP uses his or her private key to recover the temporary session key, which PGP then uses to decrypt the conventionally-encrypted ciphertext.
The combination of the two encryption methods combines the convenience of public key encryption with the speed of conventional encryption. Conventional encryption is about 1, 000 times faster than public key encryption. Public key encryption in turn provides a solution to key distribution and data transmission issues. Used together, performance and key distribution are improved without any sacrifice in security.
CHAPTER 4: PGP DESKTOP CLIENT
Working on the principle of the PGP encryption technology discussed above, the PGP desktop client is an easy-to-use desktop encryption application that secures the most confidential of data for an average internet user- the e-mail. It automatically encrypts emails with the installed desktop client and sends it securely to the intended recipient.
4.2 GENERATION OF KEYS
The PGP desktop client first prompts the user to generate his pair of public and private keys that would be used for the public key cryptography phase of the encryption process. Figure 4.1 shows the window screenshot during the process of generation of keys. The user is asked to make a key ring consisting of the keys owned by the user.It then asks for the email of the user that he intends to use for sending emails encrypted with PGP technology.
Figure 4.1: Generation of keys using PGP desktop client
4.3 BROADCASTING THE PUBLIC KEY
After the creation of the public key-private key pair, one needs to send the public key to the person one wants to establish communication with so that the receiver at the other end. The PGP desktop client accomplishes this task by sending the public key of the user in an email, by attaching it to the email. This email can be sent to multiple recipients at the same time so that each of them has a copy of the sender's public key and can use this key in the future to encrypt the messages they want to send to the user.
Figure 4.2: Sending the public key
4.4 PGP ZIP
Automatically detecting POP and IMAP email accounts, PGP Desktop Home encrypts emails without installing special plug-ins or requiring extra mouse clicks. You can use the default configuration to encrypt emails or customize encryption rules, including rules to encrypt based on recipient, subject header, and message content. All emails can be digitally signed, validating the integrity and source of messages for recipients. Background notification windows indicate whenever a message is encrypted, decrypted, or digitally signed.
Figure4.3: PGP Zip
CHAPTER 5: FUTURE WORK
The first phase of the project has accomplished the task of analysing the basic principles of Pretty Good Privacy Technology. We now move to implementation of these principles using Java based programming. We would be attempting to create an application that would use the principles and describe how PGP technology ensures secure transmission of the message.
It can be concluded that PGP is a very powerful privacy tool. It is a very effective security mechanism for securely transmitting email over the internet. It protects one's privacy and is practical for a non-technical end user. The infrastructure that has been provided by Phil Zimmerman may well be the means by which we protect our rights. No encryption algorithm is perfect. Cryptanalysists will try to break the message continually, the best we can hope for is to make it so expensive to decrypt that the effort just isn't worth the money or is so time consuming that the information is worthless by the time it is decrypted. PGP can be considered to consist of very powerful algorithms like IDEA, RSA and MD5 whose efficiencies have been tested and approved for usage. It is easy to implement and can be trusted to provide a good level of security for email to any average user who wants to hide his message from malicious intruders.