Pretty Good Privacy

Introduction to Pretty Good Privacy

Pretty Good Privacy (PGP) is a cryptographic technique that is used to provide cryptographic authentication and privacy for data communication, used for encryption and decryption of text, signing, e-mail, files, and for securing the e-mail conversation. Phil Zimmerman is the father of Pretty Good Privacy. It is quite easy to use and is completely free, including its source code and documentation. A low-cost commercial version of PGP is also available for an organization that requires support.

How do Pretty Good Privacy works?

In PGP, the sender must include the identifier of the algorithm used in the message along with the values of keys.

Pretty Good Privacy involves 5 basic steps, which are as follows:

• Digital Signature
• Compression
• Encryption
• Digital Enveloping
• Base-64 encoding

let’s discuss these steps in detail

Step #1 – Digital Signature

In this step, the sender’s digital signature is created. It consists of email messages where the sender email message is encrypted using the SHA 1 algorithm to produce the message digest. Then this message digest is encrypted using the private key of the sender. the result of this process is Sender’s digital signature.

Step #2 – Compression

In this step, both the input message and digital signature are compressed together to reduce the final message’s size that will be transmitted through the mail. Dor compression process, the ZIP program is used, which is based on the Lempel Ziv algorithm.
Lempel Ziv algorithm finds the repeated words or string and then stores them in a variable. Then it replaces the actual occurrence of repeated word or string with a pointer to the corresponding variable. Since the pointer required less amount memory than the original string, this method results in data compression.

Step #3 – Encryption

In this step, the compressed file which is generated in step 2 is encrypted with a symmetric key using the IDEA algorithm.

Step #4 – Digital Enveloping

In this step, the symmetric key used in the step is encrypted with the receiver’s public key. Output generated from step 3 (Encryption), and step 4 (Digital Enveloping) together form digital enveloping.

Step #5 – Base-64 Encoding

In this step, the final output of step 4 is used as Base-64 encoding.

Pretty Good Privacy Algorithms

Pretty Good Privacy support various numbers of algorithms. The most common of them are as follows.

• Encryption: For the encryption process, it uses algorithms such as IDEA, AES, DES 3, etc.
• Message Digest: For message digest, it uses MD5, SHA1, RIPE-MD
• Asymmetric key: For asymmetric key, it uses RSA and DSS where RSA is used for encryption and signing, and DSS used for signing only.
• Keyrings: When a sender wants to send an email message to another single recipient, there is no problem, but when the user wants to send an email message to multiple recipients, the complexity increases. If A wants to send a message to 10 people, he needs all these 10 people’s public keys. i.e. A need a keyring of 10 people. Pretty Good Privacy specifies a ring of public-private keys. This is because A may want to change his public-private key pair or may want to use different key pairs for a different group of users. In other words, we can say that every Pretty Good Privacy user needs to have two sets of key rings, one is a ring of his public-private key pair, and another is a ring of public keys of other users.

These keyrings can be easy to understand. let’s take an example to understand these prices in detail.

Case #1

A need to send a message to another user in the system

• A create a message digest of the original message and encrypt it using his private key and generate the digital signature.
• A create a one-time symmetric key.
• A encrypts the symmetric key with the public key of the receiver.
• A encrypts the original message with a one-time symmetric key
• A encrypts digital signature with one time symmetric key
• A sends an encrypted digital signature and original message to the receiver.

Case #2

A received message from one of the users in the system

• To get the one-time symmetric key created by sender A uses his private key.
• Using a one-time symmetric key, A decrypts the message
• A calculate the message digest (MD1) of the original message
• Using one-time symmetric key A tries to get the original digital signature
• To decrypthe t digital signature, A uses the public key from the keyring and get the original message digest (MD2)
• A compares MD1 and MD2. If it matches, it sure about message integrity and authentication of a message sender

Pretty Good Privacy Certificate

To trust the user’s public key, we need to have that user’s digital certificate. PGP can use a certificate that is issued by CA or can use its certificate. In the case of X.509, CA is the root of who issues certificates to others. In PGP, things work differently. there is no CA. Anyone can sign the certificate belonging to anyone else in the loop. There is no hierarchy or trust, or structure. Users can have certificates issued by different users.
For example, user A may have a certificate signed by user B and another by user C. So if user X wants to verify user A’s certificate, he has two options: User A and User B; another is user A and user C.

In pretty Good Privacy, the user who issues a certificate is called an introducer which is equivalent to CA in X.509.

Conclusion

This article has seen what Pretty Good Privacy is: the encryption method used for authentication and its working and encryption methods.

Recommended Articles

This is a guide to Pretty Good Privacy. Here we discuss an introduction to Pretty Good Privacy, how does it work with steps various algorithms and certificate. You can also go through our other related articles to learn more –

1. Penetration Testing Services
2. Puppet Alternatives
3. Integration Architecture
4. Model-Driven Architecture