PGP (Pretty good Privacy) is a mail encryption software based on RSA public key encryption system.
Create a background:
There is a problem with the SMTP protocol used in the transport of e-mail
1. There is no guarantee that the message will not be read during transmission.
2. Unable to confirm source
3. Unable to determine if the message was tampered with during transmission
4. When the message is sent to the wrong address, it may cause information disclosure
PGP provides a secure e-mail solution for these issues, with the following features
1. Message encryption
2. Digital signature
3. Completeness Confirmation
4. Data compression
The symmetric algorithm used by PGP: Idea, Des, Triple des, CAST, AES, Twofish
The asymmetric algorithm used by PGP: RSA, DH
Encryption process:
Use the session key to encrypt the plaintext, then encrypt the session key with the public key, and say that the two encrypted contents are packaged together for transmission.
Decryption process:
Separate the received data (ciphertext and encrypted session keys), use the private key to decrypt the encrypted session key, get the session key, and use the session key to decode the text.
Session key encryption decryption with the same put, so is the symmetric encryption algorithm. Another public key encryption, private key decryption, is the public key encryption algorithm.
PGP integrates symmetric and public-key encryption schemes.
The characteristic of fast speed of symmetric encryption algorithm is maintained, and the key distribution of public key algorithm is convenient.
PGP Digital Signature:
Signature algorithm: RSA+MD5, rsa+ SHA1, DSS+SHA1
Digital Signature Process:
Digital signatures are encrypted with a private key, which confirms the source of the message and guarantees integrity, because the private key is personal and is signed by the plaintext.
But there are some problems with directly signing the text digitally
1. Very slow speed
2. Generate large amounts of data
The solution to PGP is to use a hash function for plaintext (PGP uses the hash function: MD5, SHA1) to produce a fixed-length data called a message digest. Use the signature algorithm to sign the digest, and then put the signature together with the plaintext.
The following is an important problem of public key cryptography, how to propagate the public key?
Suppose there is such a scenario, a want to write to B,a first to get B's public key, a somewhere to find a public key thought is B, is actually C's public key, is C intentionally fake b,c eavesdropping to vomited, and then with the corresponding private key decryption, C saw the contents of the letter. At this point, C has been counterfeit B success, C and a letter to a, a still use the false public key B to open the letter C, a read C fake B letter.
Therefore, the distribution of public keys is important.
Public Key Distribution model:
1. Pyramid model
The basis of this model is to have the upper body is the value of the trust of the Organization, by the upper body to distribute the public key, when the public key needs to ask the upper body.
2. Trust the Network Model (PGP Adoption):
PGP Data Certificate:
Certificate contains information about the owner
Certificates can be created and declared on their own
The certificate contains a self-signed
The certificate may contain more than one person's signature
Certificate correctness Check
1. Manual approach: Ask the recipient to hand over the public key to you personally
Check the thumbprint of the certificate
2. Trust pathway: believe that a third-party result has been performed on the inspection process (there may be some signatures to ensure that the public key on the certificate belongs to someone)
Private key protection issues:
PGP uses a passphrase to obtain its own private key.
Compression preprocessing issues:
PGP compresses the plaintext before it is encrypted, using the PKZIP algorithm.
Benefits: Compression is shorter than the original plaintext, saving network transmission time; compression is equivalent to a transformation, the information becomes cluttered, and the ability to resist attacks is stronger.
Examples of modern cryptography applications-PGP