Introduction to Pretty Good Privacy
Pretty Good Privacy (PGP) is a cryptographic technique that is used to provide cryptographic authentication and privacy for data communication, used for encryption and decryption of text, signing, e-mail, files, and for securing the e-mail conversation. Phil Zimmerman is the father of Pretty Good Privacy. It is quite easy to use and is completely free, including its source code and documentation. A low-cost commercial version of PGP is also available for an organization that requires support.
How do Pretty Good Privacy works?
In PGP, the sender must need to include the identifier of the algorithm that is being used in the message along with the values of keys.
Pretty Good Privacy involves 5 basic steps which are as follows:
- Digital Signature
- Digital Enveloping
- Base-64 encoding
let’s discuss these steps in detail
Step #1 – Digital Signature
In this step, the sender’s digital signature is created. It consists of email messages where the sender email message is encrypted using the SHA 1 algorithm to produce the message digest. Then this message digest is encrypted using the private key of the sender. the result of this process is Sender’s digital signature.
Step #2 – Compression
In this step, both the input message and digital signature are compressed together to reduce the size of the final message that will be transmitted through the mail. Dor compression process the ZIP program is used which is based on the Lempel Ziv algorithm.
Lempel Ziv algorithm finds the repeated words or string and then stores them in a variable. Then it replaces the actual occurrence of repeated word or string with a pointer to the corresponding variable. Since the pointer required less amount memory than the original string, this method results in data compression.
Step #3 – Encryption
In this step, the compressed file which is generated in step 2 is encrypted with a symmetric key using the IDEA algorithm.
Step #4 – Digital Enveloping
In this step, the symmetric key which is used in step is encrypted with the public key of the receiver. Output generated from step 3 (Encryption) and step 4 (Digital Enveloping) together form digital enveloping.
Step #5 – Base-64 Encoding
In this step, the final output of step 4 is used as Base-64 encoding.
Pretty Good Privacy Algorithms
Pretty Good Privacy support various numbers of algorithms. most common of them are as follows
- Encryption: For the encryption process, it uses algorithms such as IDEA, AES, DES 3, etc.
- Message Digest: For message digest, it uses MD5, SHA1, RIPE-MD
- Asymmetric key: For asymmetric key, it uses RSA and DSS where RSA is used for encryption and signing, and DSS used for signing only.
- Keyrings: When a sender wants to send an email message to another single recipient, there is no problem, but when the user wants to send an email message to multiple recipients, the complexity increases. If A wants to send a message to 10 people, he needs the public keys of all these 10 people. i.e. A need a keyring of 10 people. Pretty Good Privacy specifies a ring of public-private keys. This is because A may want to change his public-private key pair, or may want to use different key pairs for a different group of users. In other words, we can say that every Pretty Good Privacy user needs to have two sets of key rings, one is a ring of his public-private key pair and another is a ring of public keys of other users
These keyrings can be easy to understand. let’s take an example to understand these prices in detail.
A need to send a message to another user in the system
- A create a message digest of the original message and encrypt it using his private key and generate the digital signature.
- A create a one-time symmetric key
- A encrypts the symmetric key with the public key of the receiver.
- A encrypts the original message with one-time symmetric key
- A encrypts digital signature with one time symmetric key
- A sends an encrypted digital signature and original message to the receiver.
A received message from one of the users in the system
- To get the one-time symmetric key created by sender A uses his private key.
- Using one-time symmetric key A decrypts the message
- A calculate the message digest (MD1) of the original message
- Using one-time symmetric key A tries to get the original digital signature
- To decrypt digital signature A uses the public key from the keyring and get the original message digest (MD2)
- A compares MD1 and MD2. If it matches it sure about message integrity and authentication of a message sender
Pretty Good Privacy Certificate
To trust the user’s public key, we need to have that user’s digital certificate. PGP can use a certificate which is issued by CA or can use its certificate. In the case of X.509, CA is the root who issues certificates to others. In PGP, things work differently. there is no CA. Anyone can sign the certificate belonging to anyone else in the loop. There is no hierarchy or trust or structure. Users can have certificates issued by different users.
For example, user A may have a certificate signed by user B and another by user C. So if user X wants to verify the certificate of user A, he has two options, one is User A and User B, another is user A and user C.
In pretty Good Privacy, the user who issues certificate is called as introducer which is equivalent to CA in X.509.
In this article, we have seen what is Pretty Good Privacy is the encryption method used for authentication along with its working and encryption methods.
This is a guide to Pretty Good Privacy. Here we discuss an introduction to Pretty Good Privacy, how does it work with steps various algorithms and certificate. You can also go through our other related articles to learn more –