PGP stands for Pretty Good Privacy. It is an encryption software designed to provide privacy, security and identity verification protection for online communication systems. Phil Zimmerman is the developer behind the first PGP program. As he said, the demand for privacy is growing and the software is available for free.
Simple Application Server
USD1.00 New User Coupon
* Only 3,000 coupons available.
* Each new user can only get one coupon(except users from distributors).
* The coupon is valid for 30 days from the date of receipt.
What is PGP? How to use pgp public key cipher block
Since it was created in 1991, many versions of
PGP software have appeared on the market. In 1997, Phil Zimmerman made a proposal to the Internet Engineering Task Force (IETF) to create an open source PGP standard. The proposal was immediately accepted, and then the OpenPGP protocol was created, which defines a standard format for
encryption keys and messages.
Although PGP was originally only used to protect e-mails and related attachments, it has now been used in various fields, including digital signatures, disk encryption integrity verification, and network protection.
The copyright of PGP software was originally owned by PGP, which was later acquired by Network Associates. In 2010, Symantec acquired PGP for another US$300 million, and the trademark has been used in its OpenPGP compatible products.
working principle
PGP is one of the first large-scale application software to implement
public key cryptography. It uses a hybrid cryptographic system architecture, using symmetric encryption and asymmetric encryption to achieve a high level of security.
In the basic process of encrypting content, plain text (data that can be clearly understood) is converted into cipher text (unreadable data). But before encryption, most PGP systems will perform data compression. PGP software compresses plain text files before transferring them, which can save disk space and transfer time, while also improving security.
After the file is compressed, the actual encryption begins next. At this stage, the compressed plaintext file is encrypted with a one-time key, which is called the session key. The key is randomly generated using symmetric encryption, and each PGP communication session has a unique session key.
Next, use asymmetric encryption to encrypt the session key (1) itself: the receiver (Bob) provides her public key (2) to the sender of the message (Alice) so that she can encrypt the session key. Regardless of the security conditions of the two, this step allows Alice to safely share the session key with Bob via the Internet.
PGP working principle
The asymmetric encryption of the session key is usually done using the RSA algorithm. Many other
encryption systems use RSA for encryption, including the Transport Layer Security (TLS) protocol used to protect most Internet applications.
After Bob receives the ciphertext of the message and the encrypted session key, he can use his private key (3) to decrypt the session key, and then use the decrypted session key to decrypt the ciphertext to obtain the plaintext.
What is a PGP public key block?
In addition to the basic functions of encryption and decryption, PGP also supports digital signatures. It has at least the following three functions:
Identity verification: Bob can verify that the sender of the message is indeed Alice.
Completeness: Bob can be sure that the message has not been changed.
Non-repudiation: After digitally signing the email, Alice cannot deny that she did not send the email.
Use Cases
One of the most common uses of PGP is to protect email. E-mails protected by PGP will become a string of unreadable characters (ciphertext), and can only be decrypted with the corresponding decryption key. In terms of working mechanism, it is the same as encrypting text messages, and some software applications support the implementation of PGP functions on top of other applications, thereby effectively adding encryption functions to unreliable secure communications.
Although
PGP is mainly used to protect Internet communications, it can also be used to encrypt various types of equipment. In this article, PGP can be used to encrypt the disk partition of a computer or mobile device. By encrypting the hard disk, the user is required to provide a password every time the system starts.
Pros and cons
Due to the combined use of symmetric and asymmetric encryption, PGP supports users to securely share information and encryption keys via the Internet. As a hybrid system, PGP benefits from the security of asymmetric encryption and the timeliness of symmetric encryption. In addition to security and timeliness, PGP can also provide a digital signature function to ensure the integrity of the data and the authenticity of the sender.
The OpenPGP protocol can be used in a standardized environment, and PGP solutions can now be provided by multiple companies and organizations to provide technical support. However, all PGP programs that conform to the OpenPGP standard are compatible with each other. This means that the files and keys generated in one program can be used in another program.
On the disadvantages, it is not easy to use and understand the PGP system, especially for users with little technical knowledge. Moreover, the length of the public key is considered very inconvenient for users to use.
In 2018, the Electronic Frontier Foundation (EFF) released a critical vulnerability called EFAIL. EFAIL allows an attacker to use the HTML connection in the encrypted email to access the email in plain text format.
However, since the late 1990s, the PFA community has been aware of a series of problems described by EFAIL. In fact, the occurrence of these vulnerabilities is related to the implementation of the email client, and has nothing to do with PGP itself. Therefore, despite the shocking and misleading explosive news, the PGP encryption function has not been cracked, and it still maintains a high degree of security.
Sum up thoughts
Since it was developed in 1991, PGP has been used as an important tool for data protection, and is now widely used in various fields to provide privacy, security and authentication protection for most communication systems and digital service providers.
Although the discovery of the EFAIL vulnerability in 2018 raised major concerns about the security of the protocol, its core technology is still robust and encrypted. It is worth noting that different PGP implementations can also provide different levels of security.
