In modern society, e-mail and file transfer on the network has become a part of life, the security of the message is increasingly prominent. It is well known that the data transmitted over the Internet is usually unencrypted, and if you do not protect your important information, the third party will easily gain your privacy. Another problem is information authentication, that is, how to convince the recipient that the message has not been tampered with by a third person, which requires digital signature technology. PGP is such a product. Pgp--pretty, a Privacy, is a mail encryption software based on RSA public key cryptography, which proposes public keys or asymmetric file encryption and digital signatures. Its founder is Phil Zimmermann of the United States. His creativity is that he combines the convenience of the RSA public key system with the high speed of the traditional encryption system, and has the ingenious design in the digital signature and the key authentication management mechanism, therefore PGP becomes the current most popular public key cryptographic package. This paper mainly introduces the principle and application of PGP implementation. One, several encryption algorithms 1. Des algorithm des is a widely used data encryption mechanism, there are many kinds of hardware and software can be implemented. It converts plaintext information to Cheng Mi-wen (ciphertext) using a special algorithm and a value called a key, which can be used to convert ciphertext to raw data if the receiver knows the key. A potential weakness of all cryptographic systems is the need to remember the key to data encryption, which is similar to remembering passwords. If the key is recorded by an unauthorized party, your original data can be interpreted by others, and if you forget the key, you cannot recover the original data. The 2.RSA algorithm RSA (Rivest-shamir-adleman) algorithm is a public key system based on the assumption of large number of impossible mass factorization. Simply put, it is to find two large prime numbers, one to the world, called "Public Key", the other not to tell anyone, called "private key." Two keys complement each other--ciphertext encrypted with public key can be decrypted with the private key, and vice versa. Suppose a letters to B, they know the other's public key. A can be encrypted with B public key mail sent, B received with their own private key to solve A's original text, so as to ensure the security of the message. The 3.IDEA algorithm idea algorithm is an improved traditional algorithm. The traditional algorithm is to encrypt the plaintext with the key and then decrypt it with the same key. Its main disadvantage is that the key transmission channel can not solve the security problem, not to meet the needs of network environment mail encryption. Second, the main characteristics of PGP use PGP to encrypt messages to prevent illegal reading; You can append a digital signature to an encrypted message so that the recipient is further convinced of the sender of the message without the need for any confidential channels to pass the key; The application of the identity of the claimant to the publication of the public statement can also prevent the declaration from being denied, which has great potential in the commercial field.To encrypt files, including graphics files, sound files, and other types of files, and use PGP instead of Uuencode to generate radix 64 (the MIME Base 64 format) encoding file. Three, PGP Key System Management PGP Key System contains symmetric encryption Algorithm (IDEA), the Asymmetric Encryption Algorithm (RSA), the one-way hashing algorithm (MD5) and the random number generator (the seed of pseudo-random number sequence from the user keystroke frequency), each algorithm is an integral part of PGP. Because of the large amount of calculation of RSA algorithm, the speed is not suitable for encrypting a lot of data, so PGP is actually used to encrypt not RSA itself, but the use of traditional encryption algorithm Idea,idea and decryption faster than RSA. PGP randomly generates a key, uses the idea algorithm to encrypt the plaintext, and then encrypts the key with the RSA algorithm. The recipient is also using RSA to solve the secret key, and then use Ieda to solve the original. Such chain encryption has both the confidentiality of RSA algorithm (Privacy) and authentication (authentication), but also maintain the idea of the advantages of fast algorithm speed. The public key system is proposed in order to overcome the disadvantage that the key distribution process of traditional encryption system is difficult to keep secret. and PGP adopts public key introduction mechanism not only solves the shortcoming of public key system, but also develops it. The so-called public key introduction mechanism, is a general trust of people or institutions to act as a reference, known as "certification Authority", each signed by his public key is considered to be true, so that everyone only have a copy of his public key on the line. It is convenient to authenticate the person's public key, because he provides the service widely, so his public key is widely circulated. It is now accepted that the effective method is to manage and distribute the public key through the Key Distribution center KDC, which provides a reliable guarantee for the network of business. Of course, individual users can not need to carry out the organization certification, and through private key referral, which reflects the natural state of people's interaction. Four, the use of PGP 6.0.2i can be concise and efficient implementation of mail or file encryption, digital signature. When the PGP 6.0.2i installation is complete, a small lock icon--pgp trays that is unique to PGP appears in the taskbar. Click the left button, you can activate PGPtools. In PGP 6.0.2i, the PGPkeys management key Ring (keyring) is used, and the key ring file holds all the public keys associated with you and maintains and manages them, such as the generation, dissemination or abolition of keys, digital signatures, trust management, resource inquiries, and so on. If the machine is connected to the Internet, online key authentication and online key updates can also be achieved. 1. Generation, propagation and abolition of keys each user must generate his or her own key pair, which is the first step in the use of PGP encryption, which is usually done during the installation process. A new key can also be generated in the PGPkeys, which is selected in the menuChoose "Keys"-"New Key", pop-up dialog window, prompts the user to fill in the user name, e-mail address, and then to select the key length, general selection of 2048bit. The key lifetime is then determined: You can customize the key to expire after a certain number of days, and the default value is implies. Finally, define the password that protects the key. After the key is generated, you can choose whether to send the new public key to the Internet key server immediately, so that users who want to communicate with you can download your keys directly to the key server. The key server can be used to upload and download the key, and to exchange the public key with others conveniently. If you wish to abolish it, you should only select Revoke. 2. Digital signature If you want to send a letter or document not to be false or tampered with, you can use your private key to the mail and other signatures. The recipient can use your public key to authenticate the signature. PGP 6.0.2i can also be encrypted after the signature, to avoid the old version of the signature file in the clear state-only to ensure that not be tampered with, can not encrypt the shortcomings of the transmission. 3. Encryption and decryption below we take to-pymd.txt as an example to illustrate the specific process of implementing encryption. Click on "Encrypt", appear to select the Encrypted File dialog box, select To-pymd.txt, further select the encrypted output format, respectively, the following 4 options: Text output Conventional Encryption Wipe Original Secure Viewer can choose the appropriate output format depending on the importance of the message and the file. In this case, select conventional encryption. The next step is to prompt for the password, after the confirmation, select Output filename A, and then all ok! decryption is the encryption of the reverse process. PGP 6.0.2i decryption process is also simple, click "Decrypt/verify", Pop-up File Selection dialog box, select the file to decrypt, enter the password used when encryption, after calculation, select the output file name again, decryption completed. The reader can decrypt the file by reference to the encryption process. V. Security of PGP keys and passwords the most likely way to compromise is to write your password somewhere, and there is no guarantee that no one else can see it except you. If someone gets your password and your private key file, the entire encryption system will be silent. Another old topic is that passwords are not too easy. PGP is "password" (passphase), not "password" (password), which means that you can include multiple words and spaces in your password. An attacker may use a dictionary or a famous book to find your password, so you can create sentences or find sentences in very obscure literary texts in order to get a good, hard guessing password. The length of the password is best greater than 8 characters, but also can be mixed with the case of English letters and numbers, symbols and so on. Generally speaking, each increase in the length of the key will allow the attacker to spend one more time to crack, so in theory, if no newer computing technology appears, it is always possible to find a key that cannot be cracked at a given time. The tampering and impersonation of public keys can be said to be the greatest threat to PGP. When you use someone else's public key, you should be sure it comes directly from the other person or by another credible signature. Make sure that no one can tamper with your own public key ring file; Keep your physical control of your key-ring files as much as possible in your personal computer instead of a remote time-sharing system. Backup your own key ring file. Conclusion because data security involves the protection of all kinds of information from the State to the common people, what kind of control technology should be used to ensure data security has been the world's attention. PGP is currently the most advanced encryption technology, the use of PGP encryption software, can effectively ensure the security of communications, thereby ensuring the interests of online users. Although the user also pays the additional transmission time and the key maintenance management cost, but in order to be safe, the necessary cost is worth. To force (0 Votes) Tempted (0 Votes) nonsense (0 Votes) Professional (0 Votes) The title of the party (0 Votes) passed (0 Votes) Original: Excellent encryption tool--PGP 6.0.2i profile back to network security home
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.