PGP Encryption
What is PGP
PGP (Pretty Good Privacy) encryption is a data encryption computer program that used to encrypt and decrypt email over the internet and used to authenticate messages with digital signatures and encrypted stored flies. This was invented by Philip R.Zimmermann in 1991. In PGP encryption, It uses a mix of data compression , hashing and public-key cryptography. And also symmetric and asymmetric keys use to encrypt data that transferred across networks.
How PGP works
Consider a situation Alice (Sender) send a Email message to Bob (Receiver)
At Sender Side
Figure 01 : Sender side process of PGP
Below show each steps as description according to the above Figure 01 Numbering.
1. As the 1st step ,the Email message is hashed to create a digest
2. Above created digest is encrypted using Alice’s private key
3. Encrypted digest(Signed digest) is added to the message
4. Above 3rd step’s message and the encrypted digest both are encrypted using one time secret key created by Alice
5. Above mentioned Alice’s one time secret key is encrypted using Bob’s public key
6. Finally Encrypts (Message + Singed digest) (got in the 4th step) and the above 5th step encrypted one time secret key send to bob
At Receiver side
Figure 02 : Receiver side process of PGP
Below show each steps as description according to above Figure 02 Numbering.
1. As the 1st step in receiver side, decrypt the secret key(one time secret key that received from Alice) with Bob’s private key
2. Decrypt the encrypted (Message + Singed digest) using above 1st step’s decrypted secret key
3. Decrypt the signed digest with Alice’s public key
4. Hashes the above got Message using hash function (This is for message integrity)
5. Finally, compare the digest of step 3 and step 4 (By this guarantee the authentication and integrity)
Differs from other email system(s) that use now
- When cosidering PGP and S/MIME,both S/MIME and PGP are protocols for authenticating and encrypting messages over the internet using public key cryptography fo email signing and encryption.S/MIME and PGP differ from when user obtains his keypair. When considering S/MIME , the user has to obtain his keypair from a trusted certificate Authority while in PGP , there is a concept of signing a keypair.That is , every user wants to sign his/her own key pair as well as of others with whom the user wants to communicate.Also PGP designed for processing the plain texts while S/MIME designed to process email as well as many multimedia files(various attachments/data files). S/MIME has a wider industrial support compare to PGP. S/MIME protocol is built into most email client software such as Thunderbird , iMail and Outlook(which support S/MIME encryption).Because of PGP needed to download additional plugins to run, S/MIME is easier than PGP to use.
-
When comparing AES and PGP , AES uses symmetric key encryption algorithm(that uses the same key for encryption and decryption of the data) while PGP uses both symmetric and asymmetric keys to encrypt data being transferred across networks.PGP requires more computational resources compare to AES.AES is faster and works well in closed systems and large databases while PGP used when sharing information across an open network(but it can be slower and works well for individual files)
- PGP combines some of the best features of both conventional and public key cryptography(known as hybrid cryptosystem).
- When plaintext encrypted with PGP ,it 1st compress the plaintext. So with that,saves disk space, transmission time and reinforces cryptographic security.
- In PGP working process there is a one time secret key.That key is a random number generated from the random movements of mouse and the keystrokes that type.And also this session key works with a very secure and fast conventional encryption alogrith to encrypt the plaintext(output is ciphertext)
- In above mentioned PGP working process uses a cryptographically strong hash function on the plaintext .This generates a fixed-length data item known as digest.And PGP uses the digest and the private key to create the “signature”
- PGP and S/MIME use different formats for key exchange and PGP depends on each user’s key exchange while S/MIME uses hierarchically validated certifier for key exchange.PGP contains 4096 public keys while S/MIME contains only 1024 public keys. Also in PGP , uses Diffie hellman digital signature while S/MIME uses Elgamal digital signature
- AES uses symmetric key encryption algorithm(that uses the same key for encryption and decryption of the data) while PGP uses both symmetric and asymmetric keys to encrypt data being transferred across networks
How security provided in PGP
- PGP ensure the confidentiality for messagses and files using encryption
- PGP provides intergrity for messages using signing and for files and software packages also using signatures
- PGP provides availability by providing a globally-sharable public key and with short-and-long key IDs.Also it ensure the availability of key information for verification purpose by public key servers
Other techniques/systems that have similarities
- GPG
- OpenPGP
- Free S/WAN
- Zix Corp(security technology company that provides email encryption like PGP)
- P=P pretty easy privacy
Present state of PGP usage
PGP is available on MAC ,DOS, Unix and other operating systems and PGP was originally free,but now also have commercial versions available.PGP used in email clients such as Apple Mail and Microsoft outlook.In 2018,It was found that some of PGP implementations suffer from a security flaw could allow a hacker to decrypt HTML emails if the account had been previously compromised.So this mistake affected email clients such as Outlook, Apple mail and Thunderbird (The 6 Most Secure Email Services and the Security Measures They Practice | Zapier, 2021).
· > Users.ece.cmu.edu. 2021. How PGP works. [online] Available at: <https://users.ece.cmu.edu/~adrian/630-f04/PGP-intro.html> [Accessed 11 April 2021].
· > GeeksforGeeks. 2021. Difference between PGP and S/MIME - GeeksforGeeks. [online] Available at: <https://www.geeksforgeeks.org/difference-between-pgp-and-s-mime/> [Accessed 13 April 2021].
· > www.javatpoint.com. 2021. PGP - Pretty Good Privacy - javatpoint. [online] Available at: <https://www.javatpoint.com/computer-network-pgp> [Accessed 13 April 2021].
· > Slideshare.net. 2021. Network Security Primer. [online] Available at: <https://www.slideshare.net/rvenkatesh25/network-security-primer> [Accessed 13 April 2021].
· > Zapier.com. 2021. The 6 Most Secure Email Services and the Security Measures They Practice | Zapier. [online] Available at: <https://zapier.com/blog/secure-email/> [Accessed 14 April 2021].
Comments
Post a Comment