PGP Encryption

-


What is PGP

PGP (Pretty Good Privacy) encryption is a data encryption computer program that used to encrypt and decrypt email over the internet and used to authenticate messages with digital signatures and encrypted stored flies. This was invented by Philip R.Zimmermann in 1991. In PGP encryption, It uses a mix of data compression , hashing and public-key cryptography. And also symmetric and asymmetric keys use to encrypt data that transferred across networks.

 

How PGP works

Consider a situation Alice (Sender) send a Email message to Bob (Receiver)

At Sender Side




                                                                                                Figure 01 : Sender side process of PGP

 

Below show each steps as description according to the above Figure 01 Numbering.

1.     As the 1st step ,the Email message is hashed to create a digest

2.     Above created digest is encrypted using Alice’s private key

3.     Encrypted digest(Signed digest) is added to the message

4.     Above 3rd step’s message and the encrypted digest both are encrypted using one time secret key created by Alice

5.     Above mentioned Alice’s one time secret key is encrypted using Bob’s public key

6.     Finally Encrypts (Message + Singed digest) (got in the 4th step) and the above 5th step encrypted one time secret key send to bob

 

At Receiver side

 


                                                                                                Figure 02 : Receiver side process of PGP

 

 Below show each steps as description according to above Figure 02 Numbering.

 

1.     As the 1st step in receiver side, decrypt the secret key(one time secret key that received from Alice) with Bob’s private key

2.     Decrypt the encrypted (Message + Singed digest) using above 1st step’s decrypted secret key

3.     Decrypt the signed digest with Alice’s public key

4.     Hashes the above got Message using hash function (This is for message integrity)

5.     Finally, compare the digest of step 3 and step 4 (By this guarantee the authentication and integrity)

 

Differs from other email system(s) that use now

  • When cosidering PGP and S/MIME,both S/MIME and PGP are protocols for authenticating and encrypting messages over the internet using public key cryptography fo email signing and encryption.S/MIME and PGP differ from when user obtains his keypair. When considering S/MIME , the user has to obtain his keypair from a trusted certificate Authority while in PGP , there is a concept of signing a keypair.That is , every user wants to sign his/her own key pair as well as of others with whom the user wants to communicate.Also PGP designed for processing the plain texts while S/MIME designed to process email as well as many multimedia files(various attachments/data files). S/MIME has a wider industrial support compare to PGP. S/MIME protocol is built into most email client software such as Thunderbird , iMail and Outlook(which support S/MIME encryption).Because of PGP needed to download additional plugins to run, S/MIME is easier than PGP to use.

  •      When comparing AES and PGP , AES uses symmetric key encryption algorithm(that uses the same key for encryption and decryption of the data) while PGP uses both symmetric and asymmetric keys to encrypt data being transferred across networks.PGP requires more computational resources compare to AES.AES is faster and works well in closed systems and large databases while PGP used when sharing information across an open network(but it can be slower and works well for individual files)

     

 
How cryptography use in PGP

    Working process of cryptography in PGP mentioned above(under “How PGP works”).Below shows some important points about that using cryptography in PGP,
 
 
  • PGP combines some of the best features of both conventional and public key cryptography(known as hybrid cryptosystem).
  •  When plaintext encrypted with PGP ,it 1st compress the plaintext. So with that,saves disk space, transmission time and reinforces cryptographic security.
  • In PGP working process there is a one time secret key.That key is a random number generated from the random movements of mouse and the keystrokes that type.And also this session key works with a very secure and fast conventional encryption alogrith to encrypt the plaintext(output is ciphertext)
  • In above mentioned PGP working process uses a cryptographically strong hash function on the plaintext .This generates a fixed-length data item known as digest.And PGP uses the digest and the private key to create the “signature” 
 
 
Usage of cryptography in other systems compare to PGP  
 

  • PGP and S/MIME use different formats for key exchange and PGP depends on each user’s key exchange while S/MIME uses hierarchically validated certifier for key exchange.PGP contains 4096 public keys while  S/MIME contains only 1024 public keys. Also in PGP , uses Diffie hellman digital signature while S/MIME uses Elgamal digital signature   
  • AES uses symmetric key encryption algorithm(that uses the same key for encryption and decryption of the data) while PGP uses both symmetric and asymmetric keys to encrypt data being transferred across networks

How security provided in PGP
  •  PGP ensure the confidentiality for messagses and files using encryption
  •  PGP provides intergrity for messages using signing and for files and software packages also using signatures
  • PGP provides availability by providing a globally-sharable public key and with short-and-long key IDs.Also it ensure the availability of key information for verification purpose by public key servers
 

Other techniques/systems that have similarities

  • GPG
  • OpenPGP
  • Free S/WAN
  • Zix Corp(security technology company that provides email encryption like PGP)
  • P=P pretty easy privacy

Present state of PGP usage

PGP is available on MAC ,DOS, Unix and other operating systems and PGP was originally free,but now also have commercial versions available.PGP used in email clients such as Apple Mail and Microsoft outlook.In 2018,It was found that some of PGP implementations suffer from a security flaw could allow a hacker to decrypt HTML emails if the account had been previously compromised.So this mistake affected email clients such as Outlook, Apple mail and Thunderbird (The 6 Most Secure Email Services and the Security Measures They Practice | Zapier, 2021).

 

References 

·       > Users.ece.cmu.edu. 2021. How PGP works. [online] Available at: <https://users.ece.cmu.edu/~adrian/630-f04/PGP-intro.html> [Accessed 11 April 2021].

·       > GeeksforGeeks. 2021. Difference between PGP and S/MIME - GeeksforGeeks. [online] Available at: <https://www.geeksforgeeks.org/difference-between-pgp-and-s-mime/> [Accessed 13 April 2021].

·      >  www.javatpoint.com. 2021. PGP - Pretty Good Privacy - javatpoint. [online] Available at: <https://www.javatpoint.com/computer-network-pgp> [Accessed 13 April 2021].

·       > Slideshare.net. 2021. Network Security Primer. [online] Available at: <https://www.slideshare.net/rvenkatesh25/network-security-primer> [Accessed 13 April 2021].

·       > Zapier.com. 2021. The 6 Most Secure Email Services and the Security Measures They Practice | Zapier. [online] Available at: <https://zapier.com/blog/secure-email/> [Accessed 14 April 2021].


 

 

 

Comments

Post a Comment

Popular posts from this blog

Data Mining(Nursey data set)

-
Image
    1.       Selecting an appropriate data set   Description about the data set Nursery data set was taken from UCI Machine Learning Repository. Nursery database was derived from a hierarchical decision model originally developed to rand applications for nursery schools and it was used during several years in 1980’s when there was excessive enrollment to these schools in Ljubljana, Slovenia and the rejected applications frequently needed an objective explanation. Here the final decision depended on 3 subproblems that are occupation of parents and child’s nursery, family structure and financial standing and social and health picture of the family. This Nursery dataset is a multivariate dataset with categorical data type values(except 1 attribute). And it consists with 8 attributes and 12960 instances. Below shows the table with attributes information, (UCI Machine Learning Repository: Nursery Data Set, 2021)                                       Table 01 : Attribute informa
Read more

How to create custom page borders in WORD

-
Image
      By using following steps , you can make a custom bordered template easily.And this will work on MS word 2013,2016 and 2019 versions. In here I demonstrate a , 15mm all bordered template.   1. STEP 01 : Open MS WORD and select " blank document "        2. STEP 02: Select the " file " tab.   3. STEP 03: Select " Account " .   4. STEP 04: Select " Advanced " in the pop-up window(word options).     5. STEP 05: Select  the units of measurement that you want in the drop down menu (here I use    millimeters). And press " ok " after select.   6. STEP 06: Select " Layout " tab.   7. STEP 07: First select " Margins " and then Select " Custom margins ".   8. STEP 08: Set your margin size as you wish (In here, I make all sides 15mm bordered template.So I set all margins as 15) .After set the margins press " ok " .     9. STEP 09: First select " Design " tab and then select " page border
Read more

UML Class Diagram For Hospital

-
Image
The description for the UML class diagram as follows, Ward is a division of a hospital or a suite of rooms shared by patients who need a similar kind of care. In a hospital, there are several wards, each of which may be empty or have on it one or more patients. Each ward has a unique name. Wards are also differentiated by gender of its patients, i.e., male wards and female wards. A ward can only have patients of a particular gender admitted to it. Every ward has a fixed capacity, which is the maximum number of patients that can be on it at one time (i.e., the capacity is the 50). Different wards may have different capacities. The doctors in the hospital are organized into teams. Each team has a unique name or code (e.g., Orthopedics or Pediatrics) and is headed by a consultant doctor. The consultant doctor is the senior doctor who has completed all of his or her specialist training, residency, and practices medicine in a clinic or hospital, in the specialty learned during residency. Sh
Read more