Pretty Good Privacy (PGP) is a computer program that provides cryptographic privacy and authentication. PGP is often used for signing, encrypting and decrypting e-mails to increase the security of e-mail communications. It was originally created by Philip Zimmermann in 1991.
PGP and other similar products follow the OpenPGP standard (RFC 4880) for encrypting and decrypting data
a public key encryption program originally written by Phil Zimmermann in 1991. Over the past few years, PGP has got thousands of adherent supporters all over the globe and has become a de-facto standard for encryption of email on the Internet
How PGP encryption works
PGP encryption uses public-key cryptography and includes a system which binds the public keys to a user name and/or an e-mail address. The first version of this system was generally known as a web of trust to contrast with the X.509 system which uses a hierarchical approach based on certificate authority and which was added to PGP implementations later. Current versions of PGP encryption include both options through an automated key management server.
PGP supports message authentication and integrity checking. The latter is used to detect whether a message has been altered since it was completed (the message integrity property), and the former to determine whether it was actually sent by the person/entity claimed to be the sender (a digital signature). In PGP, these are used by default in conjunction with encryption, but can be applied to plaintext as well. The sender uses PGP to create a digital signature for the message with either the RSA or DSA signature algorithms. To do so, PGP computes a hash (also called a message digest) from the plaintext, and then creates the digital signature from that hash using the sender's private keys.
Web of trust
Main article: Web of trust
Both when encrypting messages and when verifying signatures, it is critical that the public key one used to send messages to someone or some entity actually does 'belong' to the intended recipient. Simply downloading a public key from somewhere is not overwhelming assurance of that association; deliberate (or accidental) spoofing is possible. PGP has, from its first versions, always included provisions for distributing a user's public keys in an 'identity certificate' which is so constructed cryptographically that any tampering (or accidental garble) is readily detectable. But merely making a certificate which is impossible to modify without being detected effectively is also insufficient. It can prevent corruption only after the certificate has been created, not before. Users must also ensure by some means that the public key in a certificate actually does belong to the person/entity claiming it. From its first release, PGP products have included an internal certificate 'vetting scheme' to assist with this; a trust model which has been called a web of trust. A given public key (or more specifically, information binding a user name to a key) may be digitally signed by a third party user to attest to the association between someone (actually a user name) and the key. There are several levels of confidence which can be included in such signatures. Although many programs read and write this information, few (if any) include this level of certification when calculating whether to trust a key.
i want total report for PGP
a digital data encryption program
A word about PGP one of the strongest encryption tools available
Encryption is the process whereby codes are used to attempt to conceal the meaning of a message
Cryptography is the science of writing messages in secret codes . It is about the right to privacy, freedom of speech, freedom of political association, freedom of the press, freedom from unreasonable search and seizure, freedom to be left alone
to promote awareness of the privacy issue in a digital age
Where did PGP come from and how does it work?
PGP is the culmination of a long history of cryptographic discoveries.
PGP uses public and private Key encryption
you'll share your Public Key with anyone you wish
Your Public Key is used to encrypt a message
you'll guard your Private Key secret
The Private Key is used to decrypt data that have been encrypted using your Public Key.
Public and Private Key encryption
the message encrypted using your Public Key can only be decrypted by you, the owner of the corresponding Private Key
encryption solves 1of 2 major problems with older methods, namely that you had to somehow share the key with anyone you wanted to be able to read (decrypt) your secret message
The second major problem with older methods
Unlike earlier encryption methods, the security of PGP encryption lies entirely with the key.
It is PGP's selection of the complex keys used to do an encryption that makes it next to impossible to crack.
Key attributes of Secret key vs. Public key
Thousands years use
Keys shared between usually only 2 people
No non-repudiation (need 3rd party as witness)
Less than 50 years
Public: widely shared
Nonrepudiation: Can’t deny having sent a message
Vocabulary, definitions, and acronyms
Fi(n)=# positive integers <n relatively prime to n
DES=Data Encryption Standard
NSA=National Security Agency
Brute force attack
Public key encryption systems
1976: Diffie and Hellman
1978: Rivest-Shamir-Adelman (RSA)
1984: El gamal and digital signature
operates with arithmetic mod n
e=encryption key; d=decryption key
P=plaintext---> Pe mod n =cyphertext
(Pe)d mod n = P recovered plaintext
Encryption and decryption are mutual inverses and commutative
Select large n=pq p & q prime
Choose e relatively prime to (p-1)(q-1)
Select d so e*d=1 mod (p-1)(q-1)
Or e*d=1 mod fi(n) as fi(p)=p-1 for p prime
Euler-Fermat: x**fi(n)=1mod n for all x relatively prime to n
Simple knapsack example
Public key cryptography is based on multiplicative inverses
Suppose message to encrypt is ABC
Translate to 23+69+14=106
106 is sent
Since 23*22=1 mod 101 the recipient will multiply 106x22=2332=9 mod 101
And infer that the message is ABC since 9=1+3+5
An interceptor will spend a long time figuring it out.
RSA vs. Knapsack
An error was discovered in the knapsack encryption by Shamir (from RSA), and is no longer used.
Modular inverse pairs are more used in RSA than in Knapsack.
RSA is the most widely used public key cryptographic system.
It bases its security on the difficulty of performing inverse calculations.
PGP is a remarkable phenomenon that provides confidentiality, authentication, and compression for email and data storage.
Its building blocks are made of the best available cryptographic algorithms: RSA, DSS, Diffie-Hellman.
It is independent of operating system and processor.
It has a small set of easy-to-use commands
Because PGP is freely available via the Internet, and has a fully compatible low-cost commercial version it is now widely used.
It has a wide range of applicability from corporations to individuals who wish to communicate worldwide securely over the Internet and other networks.
It is not controlled by any government which makes it attractive to many.