Wednesday, September 3, 2008
Sunday, June 3, 2007
Individual thought about assignment 2
Some of the instructions are confusing and weird in the subject outline, but it was not bothered us much. I want to thank for all of you guys and Peter, as a lecturer, has guided us along this assignment so we can finish this assignment on time. Good on ya.
Monday, April 30, 2007
PGP article (For Technical readers - Magazine)
PGP can be used to put a digital signature in to a message without using encryption method. In general, the digital signature used in public postings where users does not want to hide anything or what they are saying, but especially to allow others to verify that the message really came from a sender. When a digital signature is created, it could not be modified either the signature without any modification detected by PGP or the message.
The PGP and the other PGP products are using RFC 2440 standard to encrypt and decrypt data. The other similar programs are Authora Inc., Veridis, EasyByte Cryptocx, GNU Privacy Guard and Patrick Townsend & Associates.
Barnard (1997, How it works: A Quick & dirty primer on Public Key cryptography, page.2) tries to determine how PGP works. With traditional cryptography, user encrypts their message with a key. To encrypt and decrypt, user needs this key. Both user and their recipient have the key and only those with the same key can decrypt the message. The problem is how is the user getting that key to their recipient? It was still this problem for a long time in good cryptography.
There are two keys involve in public key cryptography. One key is needed for encrypting (the recipient’s public key) and another key needed for decrypting (the recipient’s private key). Once user has encrypted their message with one of these keys, they can only decrypt the message with another key.
When users use PGP, they have to create a keypair. One of those keys is the public key and it should be publicize as widely as possible. The other one is the private key that should be kept by user. So, anyone who wants to send to a recipient private e-mail will encrypt the message with the public key. Once that message is encrypted, only user or the owner of the corresponding private key who can decrypt the message.
Indeed, public key cryptography is very expensive computation. It needs a massive computing power to encrypt and decrypt a message. As a result, PGP does encrypt the message with a modern algorithm (the IDEA algorithm) and uses the recipient’s public key to encrypt the IDEA key to decrypt the message. This job will take by PGP and user do not have to track of any IDEA keys or something like that but its good to know how PGP works.
PGP is very secure against eavesdroppers because the cryptographic algorithms used for signing and encryption in PGP is very well proved and there are no weaknesses found. The only unknown thing is that any encryption method based on RSA whether or not there is an easy way to factor large numbers or there is another way of algorithm that can break the codes without breaking the factoring problem. Even there is no such algorithm founded but RSA is still the weakest link in the PGP chain (Slegers 2002, chap.3).
In PGP, there is a digital signature. Digital signature is an electronic signature which can be used to authenticate the signer of a document or the sender of a message and to ensure that the original document or message that has been sent is unchanged. A digital signature can be used for all messages, whether it is encrypted or not (TechTarget 2006, p.1).
References
Barnard, CL 1997, Getting started with encryption: An introduction to PGP, last updated 28 May 1997, viewed 16 April 2007, <http://people.cs.uchicago.edu/~cbarnard/pgptalk/pkcintro.html>
Digital Signature 2006, last edited 10 July 2006, TechTarget Corporate, Needham, MA, viewed 15 April 2007, <http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci211953,00.html>
Pretty Good Privacy 2007, last edited 10 January 2007, Wikipedia Foundation Inc., St. Petersburg, viewed 15 April 2007, <http://en.wikipedia.org/wiki/Pretty_Good_Privacy>
Slegers, W 2002, The.comp.security.pgp FAQ, last updated n.a., Your Creative Solutions, the USA, viewed 15 April 2007, <http://www.pgp.net/pgpnet/pgp-faq/pgp-faq-general-questions.html>
PGP article (For Non-technical readers - Newspaper)
Bacard (2005, Non technical – PGP FAQ, p.1) determines that Pretty Good Privacy (PGP) is a computer program to scramble (encrypt) and unscrambles (decrypt) data so that an e-mail (electronic mail) hard to tapped by someone. This program was created by Philip Zimmermann in 1991.
How PGP works?
PGP is a public key cryptography method. When user starts using PGP, the program will generate two keys which belong uniquely to user. The easy way to remember is that these keys are computer counterparts of the keys in user pocket. One PGP key is secret and stores in user computer and the other key is public. User will give this second key to their partners (Barcard 2005, p.2).
Here is a sample of public key:
-----BEGIN PGP PUBLIC KEY BLOCK-----Version: 5.0 mQCNAi44C30AAAEEAL1r6ByIvuSAvOKIk9ze9yCK+ZPPbRZrpXIRFBbe+U8dGPM9XdJS4L/cy1fXr9R9j4EfFsK/rgHV6i2rE83LjOrmsDPRPSaizz+EQTIZi4AN99jiBomfLLZyUzmHMoUoE4shrYgOnkc0u101ikhieAFje77j/F3596pT6nCx/9/AAURtCRBbmRyZSBCYWNhcmQgPGFiYWNhcmRAd2VsbC5zZi5jYS51cz6JAFUCBRAuOA6O7zYZz1mqos8BAXr9AgCxCu8CwGZRdpfSs65r6mb4MccXvvfxO4TmPi1DKQj2FYHYjwYONk8vzA7XnE5aJmk5J/dChdvfIU7NvVifV6AF=GQv9-----END PGP PUBLIC KEY BLOCK-----
Suppose that the public key above belongs to A and A e-mail it to his friend (called B). B can store A’s public key in B PGP program and use A public key to encrypt a message that only A can read it. One benefit of PGP is that A can spread his public key as same as telephone number. An example is if A has B’s phone number, A can call B phone, but A cannot answer B phone. This example has the same way with public key. If B has A’s public key, B can send A mail; on the other hand, B cannot read A letter.
What is a PGP digital signature?
Suppose that this report signed by A’s PGP “digital signature”. This authorization would allow persons who have A’s Public key and PGP to verify that A wrote this document and nobody can change this text since A signed it. PGP signatures will be helpful for transferring money, verifying a person’s detail and signing contracts (Youd 1996, p.1).
References
Bacard, A 2005, (Non-Technical) PGP FAQ, last updated n.a., Computer Privacy Handbook, France, viewed 13 April 2007, <http://www.andrebacard.com/pgp.html>
Digital Signature 2006, last edited 10 July 2006, TechTarget Corporate, Needham, MA, viewed 13 April 2007, <http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci211953,00.html>
Feisthammel, P 2002, Explanation to the wordings used with PGP, last updated 19 June 2002, Germany, viewed 13 April 2007, <http://www.rubin.ch/pgp/glossar.en.html>
Slegers, W 2002, The.comp.security.pgp FAQ, last updated n.a., your Creative Solutions, the USA, viewed 13 April 2007, <http://www.pgp.net/pgpnet/pgp-faq/pgp-faq-general-questions.html>
Youd, D 1996, What is a Digital Signature?, last updated n.a., The Youd Zone, the USA, viewed 13 April 2007, <http://www.youdzone.com/signature.html>
Note 57
Reference
A basic introduction to installing and using PGP 2007, last edited n.a., place of publishing n.a., viewed 30 April 2007, <http://www.shac.net/pgp/>
Note 56
Reference
Hasselbacher, K 1999, Replacing PGP 2.x with GnuPG, last updated n.a., palce of publishing n.a., viewed 20 April 2007, <http://www.gnupg.org/gph/en/pgp2x.html>
Sunday, April 29, 2007
Note 55
Reference
Helmberger, F 1997, A pretty good PGP reference card, last edited 16 April 1997, O'reilly and Associates Inc., USA, viewed 29 April 2007, <http://www.geocities.com/Athens/1802/pgpcard.html>