PGP software and its application

Source: Internet
Author: User
Keywords email PGP
1 Introduction e-mail plays an important role in people's work. According to statistics, the average Chinese per user receives 4.4 mails a week, sends 3.6 emails. But the primary protocol for e-mail, such as SMTP, is delivered in plaintext. This information may be obtained by a third party when it passes through an untrusted internet. In a modern society that attaches importance to information security, it clearly meets the requirements. How can this information be kept confidential without tampering or forgery? The PGP (pretty), described in this article, is one such software that is mainly used for encrypting and decrypting e-mails and files. At present, PGP has been widely used. But it is not a cryptographic algorithm in itself, but only some encryption algorithms (such as RSA, IDEA, AES, etc.) combined to achieve a complete security package. PGP was developed primarily by Philip R. Zimmermann and was released on the Internet free of charge in 1991. He mainly did the following work: Select better algorithms, such as RSA, idea, etc. as the basic components of cryptographic algorithms, integrate these algorithms into a user-friendly application, make software packages and their documents, and source code is free to expose the backdoor, to avoid hidden back door; Now users can download PGP from www.pgp.com. The current version is 9.0. 2 principle PGP combines some of the algorithms that most people think are safe, including the traditional symmetric key encryption algorithm and public key algorithm, make full use of the characteristics of these two types of encryption algorithms, realize the following services: identification, encryption, compression, and so on. When the sender PGP encrypts a clear text, PGP first compresses the clear text, then PGP establishes a one-time session key, uses the traditional symmetric encryption algorithm (for example AES and so on) to encrypt the just compressed plaintext, produces the cipher text. The receiver's public key is then used to encrypt the one-time session key and transmit it to the receiver along with the cipher. The receiver first decrypts with the private key, obtains the one-time session key, finally uses this key to decrypt the text. 2.1 Digital Signature Digital signature ensures that the information received by the receiver is not tampered with by unauthorized third parties, and that the message is from the sender. PGP implements digital signatures by using the following steps: 2.1.1 The sender creates the message, then uses the SHA-2 hash algorithm to generate the hash code, then uses its own private key to encrypt the hash code using RSA, and the result is threaded in front of the message. The 2.1.2 Receiver uses the sender's public key, uses RSA to decrypt the hash code, and then compares the hash code that is recalculated based on the received message, and accepts the message if it matches. Currently, the hash functions used by PGP include: SHA-2 (256bit), SHA-2 (384bit), SHA-2 (512bit), SHA-1 (160bit), RIPEMD (128bit),MD-5 (128bit). 2.2 Compression compression is to reduce network transmission time and disk space, improve security: Compression reduces the context-related information in clear text. (Of course, if the file is too short or the compression performance is bad, do not compress.) PGP compresses the message before encrypting it. It uses a zip compression algorithm written in Jean-lup Gailly,mark Adler,richard Wales. 2.3 Encryption PGP for each session of the message encryption after transmission, it uses the encryption algorithm includes: AES-256, AES-192, AES-128, CAST, 3DES, Idea, Twofish and so on. For example, using the AES key up to 256bit is safe enough. It should be noted here that PGP combines conventional key encryption and public key encryption algorithms, first, the time of consideration, symmetric encryption algorithm than public key encryption speed of about 10,000 times times faster; the second is that the public key solves the session key distribution problem, because only the receiver can decrypt the one-time session key with the private key. PGP skillfully combines the conventional key encryption and public key encryption, so that the session security is guaranteed. 2.4 Key Management in PGP, perhaps the most distinctive is its key management. PGP contains four key types: a one-time session key, a public key, a private key, and a regular key based on a passphrase. When a user uses PGP, a public key/private key pair should be generated first. Where public keys can be exposed, and private keys are never exposed. PGP stores public and private keys in two files, one for storing the user's public/private key, called a private key ring, and another for storing other users ' public keys, known as public key loops. To ensure that only the user can access the private key ring, PGP uses a relatively concise and efficient algorithm. When a user generates a new public/private key pair using RSA, enter a passphrase, then use the hash algorithm (such as SHA-1) to generate the password hash code, as a key, using the CAST-128 and other conventional encryption algorithm to encrypt the private key, stored in the private key ring. When a user accesses a private key, it must provide the corresponding passphrase, and PGP obtains the hash code based on the passphrase, which is used as the key to decrypt the encrypted private key. In this way, it is ensured that the security of the system depends on the security of the password. The following describes the public key management of PGP. If a wants to get a public key for B, there are several ways to do it, including copying to a, verifying that the public key is correct on the phone, obtaining from the trust of both parties C, obtaining from the certification center, etc. PGP does not have the concept of establishing a certification center, which uses trust mechanisms. Each entity on the public key ring has a key legitimacy field that identifies the degree of trust. Trust levels include full trust, small amounts of trust, untrustedThe trust of Ren and not knowing. When a new public key is available, the weight of the trust value is calculated based on the signature appended above and the degree of trust is determined. Both parties use a one-time session key to decrypt each session content. The key itself is a random number based on the user's mouse and keyboard keystroke times. Note that each session has a different key. This key is sent to each other via RSA or Diffie encryption and message. 2.5 e-mail is encrypted with PGP software, the cipher is composed of any 8bit byte stream, but many e-mail systems only allow printable ASCII characters, so PGP uses radix-64 to convert any 8bit byte stream to printable ASCII characters to meet this limit. In addition, PGP can automatically divide too long packets into suitable sizes to meet the maximum message length requirements of network facilities. The message consists of three parts: a message section, an optional digital signature, and an optional session key component. Here is a flowchart of the sender sending an e-mail message, where a is the sender, B is the receiver, and M is the content of the message. The receiver's flowchart is similar, but the procedure is the opposite, space is limited, this is no longer given. 498) this.width=498 ' OnMouseWheel = ' javascript:return big (This) ' src= '/files/uploadimg/20051219/0940210.gif ' border =0> Figure 1 Senders in PGP Send e-mail flow chart 3 The application of PGP provides most of the operating system platforms. With more and more e-mail usage, we can use PGP to meet the security needs of our job. For example, for Windows systems, e-mail clients are generally OUTLOOK,PGP seamless integration in Outlook, automatically based on user's configuration and file information, to receive and send messages to achieve encryption, decryption, signature, authentication and so on. Users can use it to deliver confidential letters, such as business contracts, payroll information, technical documents, and so on. A user can upload a public key to a key server provided by PGP or establish a key server within its own organization for employees to use. PGP also provides instant messaging (IM) software (such as ICQ), encryption and decryption of disk files, and so on, no longer repeat. To force (0 Votes) Tempted (0 Votes) nonsense (0 Votes) Professional (0 Votes) The title party (0 Votes) passing (0 Votes) text: PGP software and its application return to the network security home
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.