Slegers (2002, the.comp.security.pgp FAQ, chap.1) defines that PGP is a program to protect user’s e-mail (electronic mail) privacy. The method is encrypting (jumble) user’s e-mail so that the e-mail could not be read by someone. After the message encrypted, the words look like a meaningless jumble of random characters. PGP has tested itself and it quite capable even if someone tries to use the most sophisticated programs aimed to read the encrypted text.
PGP can be used to put a digital signature in to a message without using encryption method. In general, the digital signature used in public postings where users does not want to hide anything or what they are saying, but especially to allow others to verify that the message really came from a sender. When a digital signature is created, it could not be modified either the signature without any modification detected by PGP or the message.
The PGP and the other PGP products are using RFC 2440 standard to encrypt and decrypt data. The other similar programs are Authora Inc., Veridis, EasyByte Cryptocx, GNU Privacy Guard and Patrick Townsend & Associates.
Barnard (1997, How it works: A Quick & dirty primer on Public Key cryptography, page.2) tries to determine how PGP works. With traditional cryptography, user encrypts their message with a key. To encrypt and decrypt, user needs this key. Both user and their recipient have the key and only those with the same key can decrypt the message. The problem is how is the user getting that key to their recipient? It was still this problem for a long time in good cryptography.
There are two keys involve in public key cryptography. One key is needed for encrypting (the recipient’s public key) and another key needed for decrypting (the recipient’s private key). Once user has encrypted their message with one of these keys, they can only decrypt the message with another key.
When users use PGP, they have to create a keypair. One of those keys is the public key and it should be publicize as widely as possible. The other one is the private key that should be kept by user. So, anyone who wants to send to a recipient private e-mail will encrypt the message with the public key. Once that message is encrypted, only user or the owner of the corresponding private key who can decrypt the message.
Indeed, public key cryptography is very expensive computation. It needs a massive computing power to encrypt and decrypt a message. As a result, PGP does encrypt the message with a modern algorithm (the IDEA algorithm) and uses the recipient’s public key to encrypt the IDEA key to decrypt the message. This job will take by PGP and user do not have to track of any IDEA keys or something like that but its good to know how PGP works.
PGP is very secure against eavesdroppers because the cryptographic algorithms used for signing and encryption in PGP is very well proved and there are no weaknesses found. The only unknown thing is that any encryption method based on RSA whether or not there is an easy way to factor large numbers or there is another way of algorithm that can break the codes without breaking the factoring problem. Even there is no such algorithm founded but RSA is still the weakest link in the PGP chain (Slegers 2002, chap.3).
In PGP, there is a digital signature. Digital signature is an electronic signature which can be used to authenticate the signer of a document or the sender of a message and to ensure that the original document or message that has been sent is unchanged. A digital signature can be used for all messages, whether it is encrypted or not (TechTarget 2006, p.1).
References
Barnard, CL 1997, Getting started with encryption: An introduction to PGP, last updated 28 May 1997, viewed 16 April 2007, <http://people.cs.uchicago.edu/~cbarnard/pgptalk/pkcintro.html>
Digital Signature 2006, last edited 10 July 2006, TechTarget Corporate, Needham, MA, viewed 15 April 2007, <http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci211953,00.html>
Pretty Good Privacy 2007, last edited 10 January 2007, Wikipedia Foundation Inc., St. Petersburg, viewed 15 April 2007, <http://en.wikipedia.org/wiki/Pretty_Good_Privacy>
Slegers, W 2002, The.comp.security.pgp FAQ, last updated n.a., Your Creative Solutions, the USA, viewed 15 April 2007, <http://www.pgp.net/pgpnet/pgp-faq/pgp-faq-general-questions.html>
PGP can be used to put a digital signature in to a message without using encryption method. In general, the digital signature used in public postings where users does not want to hide anything or what they are saying, but especially to allow others to verify that the message really came from a sender. When a digital signature is created, it could not be modified either the signature without any modification detected by PGP or the message.
The PGP and the other PGP products are using RFC 2440 standard to encrypt and decrypt data. The other similar programs are Authora Inc., Veridis, EasyByte Cryptocx, GNU Privacy Guard and Patrick Townsend & Associates.
Barnard (1997, How it works: A Quick & dirty primer on Public Key cryptography, page.2) tries to determine how PGP works. With traditional cryptography, user encrypts their message with a key. To encrypt and decrypt, user needs this key. Both user and their recipient have the key and only those with the same key can decrypt the message. The problem is how is the user getting that key to their recipient? It was still this problem for a long time in good cryptography.
There are two keys involve in public key cryptography. One key is needed for encrypting (the recipient’s public key) and another key needed for decrypting (the recipient’s private key). Once user has encrypted their message with one of these keys, they can only decrypt the message with another key.
When users use PGP, they have to create a keypair. One of those keys is the public key and it should be publicize as widely as possible. The other one is the private key that should be kept by user. So, anyone who wants to send to a recipient private e-mail will encrypt the message with the public key. Once that message is encrypted, only user or the owner of the corresponding private key who can decrypt the message.
Indeed, public key cryptography is very expensive computation. It needs a massive computing power to encrypt and decrypt a message. As a result, PGP does encrypt the message with a modern algorithm (the IDEA algorithm) and uses the recipient’s public key to encrypt the IDEA key to decrypt the message. This job will take by PGP and user do not have to track of any IDEA keys or something like that but its good to know how PGP works.
PGP is very secure against eavesdroppers because the cryptographic algorithms used for signing and encryption in PGP is very well proved and there are no weaknesses found. The only unknown thing is that any encryption method based on RSA whether or not there is an easy way to factor large numbers or there is another way of algorithm that can break the codes without breaking the factoring problem. Even there is no such algorithm founded but RSA is still the weakest link in the PGP chain (Slegers 2002, chap.3).
In PGP, there is a digital signature. Digital signature is an electronic signature which can be used to authenticate the signer of a document or the sender of a message and to ensure that the original document or message that has been sent is unchanged. A digital signature can be used for all messages, whether it is encrypted or not (TechTarget 2006, p.1).
References
Barnard, CL 1997, Getting started with encryption: An introduction to PGP, last updated 28 May 1997, viewed 16 April 2007, <http://people.cs.uchicago.edu/~cbarnard/pgptalk/pkcintro.html>
Digital Signature 2006, last edited 10 July 2006, TechTarget Corporate, Needham, MA, viewed 15 April 2007, <http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci211953,00.html>
Pretty Good Privacy 2007, last edited 10 January 2007, Wikipedia Foundation Inc., St. Petersburg, viewed 15 April 2007, <http://en.wikipedia.org/wiki/Pretty_Good_Privacy>
Slegers, W 2002, The.comp.security.pgp FAQ, last updated n.a., Your Creative Solutions, the USA, viewed 15 April 2007, <http://www.pgp.net/pgpnet/pgp-faq/pgp-faq-general-questions.html>
No comments:
Post a Comment