Post: PGP Introduction

This article describes the principles and background of PGP implementation. For more information about PGP installation and use, see other documents provided in this document. PGP pretty good privacy is a mail encryption software based on the RSA public key encryption system. You can use it to keep your email confidential to prevent unauthorized users from reading it. It can also add a digital signature to your email so that the recipient can be confident that the email is sent by you. It allows you to securely communicate with people you have never seen before, without any confidential channels to transmit keys. It adopts: prudent key management, a combination of RSA and traditional encryption algorithms, e-mail digest algorithms for digital signatures, pre-encryption compression, etc, there is also a good human-machine engineering design. Its functions are powerful and fast. And its source code is free of charge. In fact, the PGP function is not only mentioned above: PGP can be used to encrypt files, but also PGP can be used to generate Radix 64 format (that is, mime Base 64 format) encoding files instead of uencode. PGP was founded by Phil Zimmermann of the United States. He was creative in combining the convenience of the RSA public key system with the high speed of the traditional encryption system and clever design of the digital signature and key authentication management mechanism. Therefore, PGP becomes the most popular public key encryption software package. PGP is an encryption software for the public. Encryption is for security, and private authentication is a basic ****. In modern society, email and file transmission on the Internet have become part of our daily life. The security of emails has become increasingly prominent. We all know that data transmitted over the Internet is not encrypted. If you do not protect your information, a third party will easily gain your secret. Another problem is information Authentication. How to Make the recipient convinced that the email is not tampered with by a third party requires digital signature technology. The characteristics of the RSA public key system make it very suitable for meeting the two requirements above: privacy and authentication ).
The RSA (Rivest-Shamir-Adleman) algorithm is a public key system based on the assumption that a large number of prime factor cannot be decomposed. Simply put, we need to find two large prime numbers. One is made public to the world and the other is not to be told to anyone. One is called the public key, and the other is called the private key (Public Key & secretkey or private key ). The two keys complement each other, that is, the ciphertext encrypted with the public key can be decrypted with the private key, and the opposite is the same. Suppose a wants to send a message to B, and they know each other's public keys. A sends an encrypted email with the public key of B. After receiving the email, B can use its own private key to decrypt the original text of. Since no one knows the private key of Party B, even party A himself cannot decrypt the letter, which solves the confidentiality issue of the letter. On the other hand, because everyone knows the public key of B, they can send a letter to B, then B cannot be sure whether it is a letter. The authentication problem occurs, and the digital signature is useful at this time.
Before you describe the digital signature, you must first explain what is "Message Digest ), in a single case, an algorithm is used to calculate a number that can reflect the "essence" of an email. Once any change is made to the number of emails, then this number plus the author's name (in fact in the author's key) and date can be used as a signature. Specifically, PGP uses a 128-bit binary number as the "email extraction". The algorithm used to generate PGP is MD5 (message digest 5). the MD5 algorithm is Ron Rivest, the code used in PGP is written by Colin plumb, and MD5 is a public software. So PGP does not mention it in its legal terms. MD5 is a one-way hashing algorithm. Unlike the CRC verification code, it is difficult to find an alternative email and it has the same "excellent" as the original ".
Return to the digital signature, and use your private key to encrypt the "essence" of the above 128 bits, attach them to the email, and then use the public key of B to encrypt the entire email. After receiving the ciphertext, Party B decrypts the email with its private key to obtain the original text and signature of Party, b's PGP also calculated a 128-bit "excellent" from the original text to use a's public key to decrypt the signature to obtain the number of comparisons, if yes, it indicates that the email was sent by. Both of these requirements are met.
PGP can also only sign without encryption. This applies to the public statement, the declarative can use its own private key signature in order to verify his identity (this is the only way on the network. In this way, the recipient can recognize the sender's identity and prevent the sender from denying his/her statement. This has a great future in the business field, and it can prevent the sender from being tampered with on the way.
So why is PGP using a combination of RSA and traditional encryption algorithms? Because the RSA algorithm requires a large amount of computing, it is not suitable for encrypting a large amount of data at a high speed. Therefore, PGP is not used to encrypt RSA itself, but uses a traditional encryption algorithm called idea. I will first explain what is traditional encryption. Simply put, it is to encrypt plaintext with a key and then decrypt it with the same key. This method is represented by DES (US federal dataencryption standard), that is, multiplication encryption. Its main drawback is that the transmission channel of the key cannot solve the security problem, it is not suitable for email encryption in the network environment. Idea is a patented algorithm. The patent holder is ETH and a Swiss company: ASCOM-Tech Ag. For non-commercial idea implementations, you do not have to pay for them. Idea encryption is much faster than RSA encryption. Therefore, in practice, PGP uses a random generated key (different encryption keys each time) to encrypt plaintext using the idea algorithm, then, use the RSA algorithm to encrypt the key. In this way, the receiver uses RSA to decrypt the random key and then uses idea to decrypt the mail itself. Such chain encryption achieves both the confidentiality of the RSA System and the efficiency of the idea algorithm. Half of PGP's ideas are at this point. Why did the RSA system have not been promoted and applied since 1970s? The speed is too slow! So where is the other half of the PGP idea? Next, let's talk about the key management of PGP.
A mature encryption system must have a mature key management mechanism. The public key system is proposed to solve the shortcomings of the traditional encryption system that the key distribution is difficult to keep confidential. For example, one of the common methods used by network hackers is "listening". If the key is transmitted over the network, it is too dangerous. For example, in the old version of novellnetware, users' passwords are transmitted in plain text on the line, so that the listener can easily obtain others' passwords. Of course, in NetWare 4.1, the user password of the Data header is now encrypted. For Pgp, the Public Key should have been made public, so there is no anti-listening problem. However, security issues still exist in the release of public keys, such as public key tampering, which may be the biggest vulnerability in the public key password system, because most new users cannot quickly find this. You must be sure that the public key you get belongs to the person it looks to belong. To clarify this issue, let me give you an example and then explain how to use PGP to block the vulnerability correctly.
Take your communication with Alice as an example. If you want to send a mail to Alice, you must have Alice's public key. You have downloaded Alice's public key from BBS, encrypted the mail and sent it to Alice using the BBS email function. Unfortunately, neither you nor Alice knows that another user called Charlie sneaked into BBs, replace the public key in the key pair generated by Alice with the public key of Alice. The public key you use to send a mail is not Alice's but Charlie's. Everything seems to be normal, because the User Name of the public key you get is "Alice ". So Charlie can use the private key in his hand to decrypt your letter to Alice. Even he can use Alice's real public key to forward your letter to Alice, in this way, no one will be suspicious. It is okay if he wants to change the letter you sent to Alice. What's more, he can also forge Alice's signature to send messages to you or others, because the keys in your hands are forged and you will think Alice's letter is true.
The best way to prevent this situation is to prevent anyone else from tampering with the public key, for example, getting her public key from Alice, but when she is thousands of miles away or unable to see her, this is very difficult. PGP has developed a Public Key introduction mechanism to solve this problem. For example, if you have a friend David with Alice, and David knows that Alice's public key in his hand is correct (PGP also has a way to authenticate the public key, we will talk about it later. Here we assume that David has authenticated her public key with Alice ). In this way, David can use his private key to sign Alice's public key (that is, the signature method described above), indicating that he guarantees that this public key belongs to Alice. Of course, you need to use the key of David to verify the key of Alice he gave you. Similarly, David can also authenticate your key to Alice, in this way, David becomes the "introducer" between you and Alice ". In this way, Alice or David can upload the public key of Alice signed by David to BBS for you to get it. No one may tamper with it without being discovered by you, even the BBS administrator. This is the security means to transmit public keys from public channels.
Someone may ask: how can you safely get David's public key? Isn't that a chicken or an egg question? It is indeed possible that the public key of David you get is false, but this requires the hacker to participate in the whole process. He must be familiar with all three of you and have to plan for a long time, this is generally not possible. Of course, PGP also has preventive advice on this possibility, that is, it is assumed by a person or institution that is generally trusted by everyone. He is called a "Key waiter" or "Certification Authority". Every public key signed by him is considered true, so that everyone only needs to have a copy of his public key, it is convenient to authenticate the public key of a person. Because he provides this service extensively, it is very difficult to impersonate the public key because it is widely spread. This "authority" is suitable for non-individual control organizations or *** organizations. It is now available in organizations with a hierarchical certification system.
For those who are very scattered, PGP is more in favor of private key referral, because organic unofficial people are more likely to reflect their natural social interactions, in addition, people can freely choose people to trust. In short, it's the same as meeting people you don't know. Each public key has at least one "User ID". Please use your full name whenever possible. You 'd better add your own email address to avoid confusion.
Note! One rule you must follow is to authenticate it before using any public key !!! No matter what temptation you get, of course there will be such a temptation, you do not want to, absolutely not, directly trust a public key from the public channel (by which it looks confidential, remember to use the public key introduced by an acquaintance, or authenticate it yourself with the other party. Similarly, you should not sign and authenticate their public keys for others. Just like in your real life, you will only give the door key to trusted people.
Next, let's talk about how to use the phone to authenticate the key. Each key has its own identifier (keyid). The keyid is an eight-digit hexadecimal number. The possibility of two keys having the same keyid is several billions of times, in addition, PGP also provides a more reliable way to identify the key: Key's fingerprint ). Each key corresponds to a string of numbers (16 hexadecimal digits), which may be even more subtle. In addition, no one can specify to generate a key with a certain fingerprint. The key is randomly generated and cannot be reversed from the fingerprint. After you get someone's public key, you can check the fingerprint with him on the phone to authenticate his public key. If you cannot connect to Alice, you can connect to David to authenticate the key of David and then use David to authenticate the key of Alice. This is a combination of direct authentication and indirect introduction.
In this way, we can collect the public keys signed by different people and send them to public places. In this way, we hope most people will know at least one of them, this indirectly authenticates your public key. Similarly, if you sign a friend's public key, you should send it back to him so that he can pass the authentication by other friends. It's a bit interesting. It's just like the interactions between people in real society. PGP will automatically find out which of the keys you get are introduced by your friends and those of your friends, which are introduced by friends of friends ...... It will help you divide them into different levels of trust, so that you can determine the degree of trust in them by reference. You can specify a person's ability to have several levels of referral keys, which decreases with the delivery of authentication.
The referral authentication mechanism is passed, which is an interesting question. Phil Zimmermann, author of PGP. There is a saying: "Trust is not a matter of transmission; I have a friend who I believe will never lie. But he is a fool who determines that the President does not lie, but obviously I do not think that the president will never lie ."
The security of public keys is the core of PGP security. I will not elaborate on them here. Like the traditional single-key system, the confidentiality of private keys is also decisive. The private key is not tampered with, but is leaked. The RSA private key is a long number and cannot be remembered by the user. The PGP method is to allow the user to specify a password (pass phase) for the random RSA private key ). Only when a password is provided can the private key be released for use. The encryption method of the private key with the password is the same as that of PGP. Therefore, the security of the private key is actually the first to keep the user's password confidential. Of course, the private key file itself is also very dangerous, because all the deciphering personnel need is to use the exhaustive method to test your password. Although it is very difficult, it is a loss of security after all. Here, we only need to remember one thing. We need to save your private key like any privacy, so we don't want anyone to get in touch with it.
The careful consideration of PGP in terms of security is embodied in the various rings of PGP. For example, the actual key encrypted each time is a random number. As we all know, the computer cannot generate a real random number. The PGP program is very careful about the generation of random numbers. The generation of key random numbers, such as RSA keys, is to obtain random number seeds from the user's time interval on the keyboard. The randseed. BIN file on the disk is encrypted with the same strength as the mail. This effectively prevents others from analyzing the actual encryption key rules from your randseed. binfile.
Here I will mention PGP pre-compression processing before encryption. The PGP kernel uses the PKZIP algorithm to compress the plaintext before encryption. On the one hand, for emails, it is possible that the encrypted ciphertext after 7 bits encoding may be shorter than the plaintext, which saves the network transmission time. On the other hand, the plain text is compressed, which is equivalent to a transformation. The information is more disorganized and the ability to defend against plaintext attacks is stronger. The PKZIP Algorithm Used in PGP is approved by the original author. The PKZIP algorithm is a well-recognized compression algorithm with excellent compression ratio and compression speed. PGP uses PKZIP 2.0 compatible algorithms.
Well, I will introduce PGP security issues in PGP security. I 've mentioned so much just to let everyone know that PGP is very safe, as long as you follow the correct method. For more information about PGP installation and use, see PGP 2.6.3i installation and use. If you are not familiar with the terms in the English document, try to find a clue in PGP glossary. PGP 2.6.3i is the PGP version I recommend. For details about this version, see the pgpi Q & A set.
PGP signatures are everywhere on the internet today. PGP versions are also rapidly updated. It is said that PGP 3.0 will be available in a few months. More and more people in the world are using PGP. We Chinese people should also pay attention to protecting their legitimate privacy rights. I have translated these articles to promote the use of PGP in China. Although it is still a new thing, we need to see that in cyberspace, it will certainly grow rapidly. Although China started late, it is not much worse than the United States, we should catch up.