The working principle of PGP and its security system (1)

Source: Internet
Author: User
Keywords PGP Key ring
In the modern information society, when the email is popular, the security problem is also very prominent. In fact, the process of e-mail transmission is the process of repeated replication on the network, the network transmission path is uncertain, it is easy to be unknown identity of the theft, tampering, and even malicious destruction, to send and receive both sides trouble. Information encryption to ensure the security of the transmission of e-mail has become an urgent demand for the vast number of e-mail users. The appearance and application of PGP solves the problem of secure transmission of e-mail well. The combination of traditional symmetric encryption and public key method has both advantages. PGP provides a confidential and differentiated service that supports a 1024-bit public key and 128-bit traditional cryptographic algorithms that can be used for military purposes and can fully meet the requirements of e-mail for security performance. 1 operation describes the actual operation of PGP consists of five kinds of services: identification, confidentiality, e-mail compatibility, compression, segmentation and reloading. 1.1 identification as shown in Figure 1. The steps are as follows: (1) The sender creates the message, (2) The 160bit hash code (mail Digest) that the sender uses SHA-1 to generate the message; (3) The sender uses its own private key, uses the RSA algorithm to encrypt the hash code, is connected to the front of the message, and (4) the receiver uses the sender's public key, RSA decrypts and recovers hash code, (5) The receiver generates a new hash code for the message and compares it with the decrypted hash code. If the two matches, the message is received as an authenticated message. In addition, signatures can be separated. For example, legal contracts require multiparty signatures, and each person's signature is independent and can be applied only to documents. Otherwise, the signature is only recursively used, the second signature signs the first signature of the document, and so on. 498) this.width=498 ' OnMouseWheel = ' javascript:return big (This) ' src= '/files/uploadimg/20051219/0934380.jpg ' > 1.2 Confidentiality in PGP, each regular key is used only once, i.e. a new 128bit random number is generated for each message. To protect the key, it is encrypted using the public key of the receiver. Figure 2 shows this step as follows: (1) The sender generates the message and the 128bit random number used as the session key of the message, (2) The sender uses the CAST-128 encryption algorithm to encrypt the message using the session key. You can also use idea or 3DES; (3) The sender uses the RSA algorithm, the session key is encrypted by using the public key of the receiver and appended to the front of the message; (4) The receiver uses the RSA algorithm to decrypt and recover the session key using its own private key, and (5) The receiver uses the session key to decrypt the message. In addition to using RSA algorithm encryption, PGP also provides DIFFIEHELLMAn variant eigamal algorithm. 1.3 Advantages of conventional encryption and public key combination (1) the use of conventional and public key encryption is much faster than using RSA or e1gamal directly. (2) The problem of session key distribution is solved by using public key algorithm. (3) Because of the storage and forwarding characteristics of e-mail, the use of handshake protocol to ensure that both sides have the same session key method is unrealistic, and the use of one-time regular key to strengthen the already strong conventional encryption method. 1.4 Confidentiality and identification as shown in Figure 3, the message can use two services at the same time. The signature is generated for plaintext and appended to the header of the message, and then the plaintext message and signature are encrypted using CAST-128 (or idea, 3DES), and then the session key is encrypted using RSA (or E1gamal). Here to pay attention to the order, if the first encryption and then signed, others can remove the signature after signing their own signature, thus tampering with the signature. 498) this.width=498 ' OnMouseWheel = ' javascript:return big (This) ' src= '/files/uploadimg/20051219/0934381.jpg ' > 1.5 compatibility of e-mail when using PGP, at least part of the transmission message needs to be encrypted, so some or all of the resulting packets are composed of any 8bit byte stream. However, because many e-mail systems allow only blocks of ASCII text, PGP provides a radix-64 (the MIME base 64 format) conversion scheme that transforms the original binary into printable ASCII characters. 1.6 Compression PGP before the encryption of the pre-compression processing, PGP kernel using the PKZIP algorithm to compress the plaintext before encryption. On the one hand, in the case of e-mail, compression after radix-64 encoding may be shorter than the plaintext, which saves the network transmission time and storage space, on the other hand, the plaintext compressed, in fact, the equivalent of a transformation, the ability to resist plaintext attacks more powerful. 1.7 Segmented and reload e-mail facilities are often limited by the maximum packet length (50,000) eight-bit group. Fragmentation occurs only after all other processing, including the radix-64 conversion, is completed, so the session key and signature portions appear only once at the beginning of the first segment of the message. At the receiving end, PGP must peel the email header and reassemble it into its original complete grouping. 2 encryption key and key ring 2.1 session key generation PGP's session key is a random number, which is based on the ANSI x.917 algorithm generated by the random number generator. The random number generator obtains the random number seed from the time interval when the user knocks at the keyboard. The Randseed.bin file on disk is encrypted with the same strength as the message. This effectively prevented him fromThe rules of the actual encryption key are analyzed from the Randseed.bin file. The 2.2 key designator allows the user to have multiple public/private key pairs: (1) Changing the key pair at any time, (2) at the same time, multiple key pairs interacting in different communication groups. Therefore there is no one by one correspondence between the user and their key pair. If a letters to B, B does not know which private key and which public key authentication. Therefore, PGP assigns a key ID to each user's public key, which may be unique in the user ID. It consists of the lowest 64bit of the public key (Kua mod 2 64), which is sufficient to make the key ID repeat probability very small. 2.3 Key ring keys need to be stored and organized in a systematic way for efficient and efficient use. PGP provides a pair of data structures at each node, a public/private key pair (private key ring) that stores the date of the node, and another is a public key that stores all other users known to the node. Accordingly, these data structures are referred to as private key loops and public key loops. 3 Public Key Management 3.1 public key management mechanism a mature encryption system must have a mature key management mechanism for magnetic. Public key system is proposed to solve the traditional encryption system Key distribution process is unsafe, inconvenient shortcomings. For example, one of the most common methods used by Internet hackers is "listening", and the key that is transmitted over the network is easily intercepted. For PGP, the public key is intended to be public, there is no monitoring problem. However, public key publishing can still be a security issue, such as public key tampering, which makes use of the public key inconsistent with the public key holder's public key. This is a serious security issue in the public key cryptography system. Therefore, you must help the user to be sure that the public key you are using is the public key of the person you are communicating with. 498) this.width=498 ' OnMouseWheel = ' javascript:return big (This) ' src= '/files/uploadimg/20051219/0934382.jpg ' > 1 2 Next page >> content navigation to force (0 votes) (0 Votes) nonsense (0 Votes) Professional (0 Votes) The title party (0 Votes) passing (0 Votes) Text: PGP working principle and its security system (1) Return to network security home
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.