PGP and message encryption

Source: Internet
Author: User
Keywords PGP
E-Mail has become the most convenient way of communication in the Internet age, because of the freedom of the Internet, so the security of the mail is becoming more and more prominent. Today, with the popularity of the Internet, e-mail is becoming more and more popular, open a book or magazine newspaper, have an e-mail address, even the ads are marked with e-mail address; this has become a fashion, the most convenient way to communicate in the Internet era, save money, fast. It is because of the freedom of the Internet, so the security of the message is increasingly prominent. The average person thinks it's safe to send messages via e-mail. In fact, we all know that the data transmitted on the Internet is not encrypted, if you do not protect your own information, the third party will easily learn all your secrets. The best way to solve these problems is to encrypt e-mail messages. To encrypt an e-mail message, you must use the key, which is a tool to turn your message content into garbled. The Most excellent email encryption program is the use of public key encryption system. This system gives each user two keys: one is a public key and the other is a private key. These two keys are actually two parts of the same key: one that can open another lock. As a result, people often refer to them as key pair, and you have to have two keys to encrypt e-mail messages. You can give your own public key to any recipient. You can even store public keys on a public server or on your own web page. In this way, anyone can access your public key through the Internet. However, the private key can only be owned by you alone. What if someone intercepted a message when it was delivered? Don't worry, nothing will happen. If there is no corresponding private key, your message content will only be a piece of unreadable garbled. So no one can decrypt the message, no matter how many people have your public key, unless they also have your private key. You-the only person with a private key. There are a lot of mail encryption software now, but there is no standard to guarantee that different cryptographic software can be shared with each other. The two most common protocols now are the RSA Date security S/MIME, and the OpenPGP of Pretty's well Privacy. If you encrypt your message with some kind of protocol, the recipient must use software that has the same protocol. Pgp──pretty, a Privacy, is a mail encryption software based on RSA public key cryptography, which proposes public keys or asymmetric file encryption and digital signatures. Its founder is Phil Zimmermann of the United States. His creativity is that he combines the convenience of the RSA public key system with the high speed of the traditional encryption system, and in the digital signature and the secretThe key authentication management mechanism has ingenious design, so PGP becomes the most popular public-key encryption software package at present. To understand PGP it is necessary to recognize several common cryptographic algorithms. One, several common encryption algorithms des algorithm des is a widely used data encryption mechanism, there are many kinds of hardware and software can be implemented. It converts plaintext information to Cheng Mi-wen (ciphertext) using a special algorithm and a value called a key, which can be used to convert ciphertext to raw data if the receiver knows the key. A potential weakness of all cryptographic systems is the need to remember the key to data encryption, which is similar to remembering passwords. If the key is recorded by an unauthorized party, your original data can be interpreted by others, and if you forget the key, you cannot recover the original data. RSA algorithm RSA (Rivest-shamir-adleman) algorithm is a public key system based on the assumption of large number of impossible mass factorization. Simply put, it is to find two large prime numbers, one to the world, called "Public Key", the other not to tell anyone, called "private key." The two keys complement each other--ciphertext encrypted with public key can be decrypted with the private key, and vice versa. Suppose A letters to B, they know the other's public key. A can be encrypted with B public key mail sent, B received with their own private key to solve A's original text, so as to ensure the security of the message. IDEA Algorithm idea algorithm is an improved traditional algorithm. The traditional algorithm is to encrypt the plaintext with the key and then decrypt it with the same key. Its main disadvantage is that the key transmission channel can not solve the security problem, not to meet the needs of network environment mail encryption. We can give a simple definition of PGP: PGP is a hybrid algorithm for RSA and traditional cryptography. So why does PGP use RSA and the traditional encryption of the miscellaneous algorithm? Because the RSA algorithm calculation is very high in speed is not suitable for encryption of large amounts of data, so PGP is actually used to encrypt not the RSA itself, but the idea of the traditional encryption algorithm. Idea has a much faster encryption rate than RSA, so in fact PGP uses a random-generated key (each time encryption is different) to encrypt the plaintext using the idea algorithm and then encrypt the key with the RSA algorithm. The recipient is also using RSA to decrypt the following secret key, and then use idea to decrypt the message itself. This kind of chain encryption to achieve both the confidentiality of the RSA system, but also the idea of the fast algorithm. Second, the main characteristics of PGP use PGP to encrypt messages, to prevent illegal reading and to append digitally signing encrypted messages so that the recipient is further convinced of the sender of the message without the need for any confidential channel to pass the key, and to implement a signature without encryption, which is applicable to issuing a public statementThe actual declaration of identity, but also to prevent the declaration of repudiation, which in the commercial field has a great application prospects; Can encrypt files, including graphics files, sound files and other types of files, using PGP instead of Uuencode to generate radix 64 (is the MIME BASE 64 format) encoding files. Three, PGP Key System Management PGP Key System contains symmetric encryption Algorithm (IDEA), the Asymmetric Encryption Algorithm (RSA), the one-way hashing algorithm (MD5) and the random number generator (the seed of pseudo-random number sequence from the user keystroke frequency), each algorithm is an integral part of PGP. The public key system is proposed in order to overcome the disadvantage that the key distribution process of traditional encryption system is difficult to keep secret. and PGP adopts public key introduction mechanism not only solves the shortcoming of public key system, but also develops it. The so-called public key introduction mechanism, is a general trust of people or institutions to act as a reference, known as "certification Authority", each signed by his public key is considered to be true, so that everyone only have a copy of his public key on the line. It is convenient to authenticate the person's public key, because he provides the service widely, so his public key is widely circulated. It is now accepted that the effective method is to manage and distribute the public key through the Key Distribution center KDC, which provides a reliable guarantee for the network of business. Of course, individual users can not need to carry out the organization certification, and through private key referral, which reflects the natural state of people's interaction. Iv. use of PGP Mail encryption we have a look at the current PGP 6.0.2i software to see how it encrypts messages. Using PGP 6.0.2i can be a simple and efficient way to implement the encryption and digital signature of a message or file. When the PGP 6.0.2i installation is complete, a small lock icon ──pgp trays that is unique to PGP appears in the taskbar. Click the left button, you can activate PGPtools. In PGP 6.0.2i, the PGPkeys management key Ring (keyring) is used, and the key ring file holds all the public keys associated with you and maintains and manages them, such as the generation, dissemination or abolition of keys, digital signatures, trust management, resource inquiries, and so on. If the machine is connected to the Internet, online key authentication and online key updates can also be achieved. Generation, propagation, and abolition of keys each user must generate his or her own key pair, which is the first step in using PGP encryption, usually done during installation. In the PGPkeys can also generate a new key, that is, select "Keys"-"New Key" in the menu, Pop-up dialog window, prompting the user to fill out the user name, e-mail address, and then to select the key length, general selection of 2048bit. The key life cycle is then determined: You can customize the key to expire after a certain number of days, and the default valuefor implies. Finally, define the password that protects the key. After the key is generated, you can choose whether to send the new public key to the Internet key server immediately, so that users who want to communicate with you can download your keys directly to the key server. The key server can be used to upload and download the key, and to exchange the public key with others conveniently. If you wish to abolish it, you should only select Revoke. Digital signature If you wish to send a letter or document that is not being falsified or tampered with, you can use your private key to sign the message. The recipient can use your public key to authenticate the signature. PGP 6.0.2i can also be encrypted after the signature, to avoid the old version of the signature file in the plaintext state--can only be guaranteed not to be tampered with, can not encrypt the shortcomings of the transmission. Encryption and decryption below we take gx.txt as an example to illustrate the specific process of implementing encryption. Click on "Encrypt", appear to select the Encrypted File dialog box, select Gx.txt, further select the encrypted output format, respectively, the following 4 options: Text outputconventional encryptionwipe Originalsecure Viewer Depending on the importance of the message and file, you can choose the appropriate output format. In this case, select conventional encryption. The next step is to prompt for the password, after the confirmation, select Output filename A, and then all ok! decryption is the encryption of the reverse process. PGP 6.0.2i decryption process is also simple, click "Decrypt/verify", Pop-up File Selection dialog box, select the file to decrypt, enter the password used when encryption, after calculation, select the output file name again, decryption completed. V. Other here I mention the pre-compression processing of PGP, the PGP kernel uses the PKZIP algorithm to compress the plaintext before encryption. On the one hand, in the case of e-mail, compressed encryption after the 7BITS encoded ciphertext may be shorter than the plaintext, which saves the network transmission time. On the other hand, the plaintext is compressed, in fact, the equivalent of a transformation, the information is more cluttered, the ability to resist plaintext attacks more powerful. The PKZIP algorithm used in PGP is approved by the original author. The PKZIP algorithm is an accepted compression algorithm with a fairly good compression rate and compression speed. The PKZIP version 2.0 compatibility algorithm is used in PGP. Security problems of PGP keys and Passwords PGP's most likely way to compromise is if someone gets your password and your private key file, then the entire encryption system will be silent. Another thing to note is password settings, password settings not too simple. PGP is "password" (passphase), not "password" (password),It means that you can include multiple words and spaces in your password. An attacker may use a dictionary or a famous book to find your password, so you can create sentences or find sentences in very obscure literary texts in order to get a good, hard guessing password. The length of the password is best greater than 8 characters, but also can be mixed with the case of English letters and numbers, symbols and so on. In general, each increase in the length of the key will allow the attacker to spend one more time to break, so in theory, if there is no updated computing technology appears, can always find the key in a given time cannot be cracked. The tampering and impersonation of public keys can be said to be the greatest threat to PGP. When you use someone else's public key, you should be sure it comes directly from the other person or by another credible signature. Make sure that no one can tamper with your own public key ring file; Keep your physical control of your key-ring files as much as possible in your personal computer instead of a remote time-sharing system. Backup your own key ring file. Vi. Summary of encrypted messages I suggest you use PGP for the following three reasons: PGP is the most commonly used encryption software at present. You can use PGP to encrypt messages on any kind of e-mail software. For example, if you use Outlook Express, you can ignore the S/MIME encryption built into Outlook Express, and instead use PGP to encrypt your messages. As long as you and the recipient have PGP, you can make your e-mail has the most secure encryption level. PGP is currently the most advanced encryption technology, the use of PGP encryption software, especially e-mail, can effectively guarantee the security of communications, thereby ensuring the interests of online users. To force (0 Votes) Tempted (0 Votes) nonsense (0 Votes) Professional (0 Votes) The title party (0 Votes) passing (0 Votes) Text: PGP and message encryption return to network security home

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.