EDUCBA

EDUCBA

MENUMENU
  • Free Tutorials
  • Free Courses
  • Certification Courses
  • 600+ Courses All in One Bundle
  • Login

Pretty Good Privacy

By Swati TawdeSwati Tawde

Home » Software Development » Software Development Tutorials » Cyber Security Tutorial » Pretty Good Privacy

Pretty Good Privacy

Introduction to Pretty Good Privacy

Pretty Good Privacy (PGP) is a cryptographic technique that is used to provide cryptographic authentication and privacy for data communication, used for encryption and decryption of text, signing, e-mail, files, and for securing the e-mail conversation. Phil Zimmerman is the father of Pretty Good Privacy. It is quite easy to use and is completely free, including its source code and documentation. A low-cost commercial version of PGP is also available for an organization that requires support.

How do Pretty Good Privacy works?

In PGP, the sender must include the identifier of the algorithm used in the message along with the values of keys.

Start Your Free Software Development Course

Web development, programming languages, Software testing & others

Pretty Good Privacy involves 5 basic steps, which are as follows:

  • Digital Signature
  • Compression
  • Encryption
  • Digital Enveloping
  • Base-64 encoding

let’s discuss these steps in detail

Step #1 – Digital Signature

In this step, the sender’s digital signature is created. It consists of email messages where the sender email message is encrypted using the SHA 1 algorithm to produce the message digest. Then this message digest is encrypted using the private key of the sender. the result of this process is Sender’s digital signature.

Step #2 – Compression

In this step, both the input message and digital signature are compressed together to reduce the final message’s size that will be transmitted through the mail. Dor compression process, the ZIP program is used, which is based on the Lempel Ziv algorithm.
Lempel Ziv algorithm finds the repeated words or string and then stores them in a variable. Then it replaces the actual occurrence of repeated word or string with a pointer to the corresponding variable. Since the pointer required less amount memory than the original string, this method results in data compression.

Step #3 – Encryption

In this step, the compressed file which is generated in step 2 is encrypted with a symmetric key using the IDEA algorithm.

Popular Course in this category
All in One Software Development Bundle (600+ Courses, 50+ projects)600+ Online Courses | 3000+ Hours | Verifiable Certificates | Lifetime Access
4.6 (3,144 ratings)
Course Price

View Course

Related Courses
Cyber Security Training (12 Courses, 3 Projects)Ethical Hacking Training (9 Courses, 7+ Projects)Penetration Testing Training Program (2 Courses)

Step #4 – Digital Enveloping

In this step, the symmetric key used in the step is encrypted with the receiver’s public key. Output generated from step 3 (Encryption), and step 4 (Digital Enveloping) together form digital enveloping.

Step #5 – Base-64 Encoding

In this step, the final output of step 4 is used as Base-64 encoding.

Pretty Good Privacy Algorithms

Pretty Good Privacy support various numbers of algorithms. The most common of them are as follows.

  • Encryption: For the encryption process, it uses algorithms such as IDEA, AES, DES 3, etc.
  • Message Digest: For message digest, it uses MD5, SHA1, RIPE-MD
  • Asymmetric key: For asymmetric key, it uses RSA and DSS where RSA is used for encryption and signing, and DSS used for signing only.
  • Keyrings: When a sender wants to send an email message to another single recipient, there is no problem, but when the user wants to send an email message to multiple recipients, the complexity increases. If A wants to send a message to 10 people, he needs all these 10 people’s public keys. i.e. A need a keyring of 10 people. Pretty Good Privacy specifies a ring of public-private keys. This is because A may want to change his public-private key pair or may want to use different key pairs for a different group of users. In other words, we can say that every Pretty Good Privacy user needs to have two sets of key rings, one is a ring of his public-private key pair, and another is a ring of public keys of other users.
Note: A maintains the set of key pairs in one of the keyrings, while in other keyrings, he maintains the public key of other users. A cannot have access to the private keys of other users. Similarly, other users will have two key rings.

These keyrings can be easy to understand. let’s take an example to understand these prices in detail.

Case #1

A need to send a message to another user in the system

  • A create a message digest of the original message and encrypt it using his private key and generate the digital signature.
  • A create a one-time symmetric key.
  • A encrypts the symmetric key with the public key of the receiver.
  • A encrypts the original message with a one-time symmetric key
  • A encrypts digital signature with one time symmetric key
  • A sends an encrypted digital signature and original message to the receiver.

Case #2

A received message from one of the users in the system

  • To get the one-time symmetric key created by sender A uses his private key.
  • Using a one-time symmetric key, A decrypts the message
  • A calculate the message digest (MD1) of the original message
  • Using one-time symmetric key A tries to get the original digital signature
  • To decrypthe t digital signature, A uses the public key from the keyring and get the original message digest (MD2)
  • A compares MD1 and MD2. If it matches, it sure about message integrity and authentication of a message sender

Pretty Good Privacy Certificate

To trust the user’s public key, we need to have that user’s digital certificate. PGP can use a certificate that is issued by CA or can use its certificate. In the case of X.509, CA is the root of who issues certificates to others. In PGP, things work differently. there is no CA. Anyone can sign the certificate belonging to anyone else in the loop. There is no hierarchy or trust, or structure. Users can have certificates issued by different users.
For example, user A may have a certificate signed by user B and another by user C. So if user X wants to verify user A’s certificate, he has two options: User A and User B; another is user A and user C.

In pretty Good Privacy, the user who issues a certificate is called an introducer which is equivalent to CA in X.509.

Conclusion

This article has seen what Pretty Good Privacy is: the encryption method used for authentication and its working and encryption methods.

Recommended Articles

This is a guide to Pretty Good Privacy. Here we discuss an introduction to Pretty Good Privacy, how does it work with steps various algorithms and certificate. You can also go through our other related articles to learn more –

  1. Penetration Testing Services
  2. Puppet Alternatives
  3. Integration Architecture
  4. Model-Driven Architecture

All in One Software Development Bundle (600+ Courses, 50+ projects)

600+ Online Courses

3000+ Hours

Verifiable Certificates

Lifetime Access

Learn More

0 Shares
Share
Tweet
Share
Primary Sidebar
Cyber Security Tutorial
  • Basics
    • What is Cyber Security
    • Careers in Cyber Security
    • Types of Cyber Security
    • Cyber Security Challenges
    • Cyber Security Principles
    • Cyber Security Standards
    • Cybersecurity Framework
    • Cybersecurity Fundamentals
    • Invest in Cybersecurity
    • Cyber Marketing
    • Cyber Security Incidents
    • What is Data Breach?
    • Pretty Good Privacy
    • What is Incognito Mode?
    • Important Cyber security Tools
    • The Importance Cyber Security
    • Cyber Crime in India
    • Guide On Viruses Function Lives
    • Malware Analysis
    • Cyber Forensics
    • What is SSL Certificate?
    • Techniques of fraud detection analytics
    • Types of Computer Worms
    • Types of Network Security Attacks
    • Cyber Security Interview Questions

Related Courses

Cyber Security Training Course

Ethical Hacking Training Course

Penetration Training Course

Footer
About Us
  • Blog
  • Who is EDUCBA?
  • Sign Up
  • Corporate Training
  • Certificate from Top Institutions
  • Contact Us
  • Verifiable Certificate
  • Reviews
  • Terms and Conditions
  • Privacy Policy
  •  
Apps
  • iPhone & iPad
  • Android
Resources
  • Free Courses
  • Java Tutorials
  • Python Tutorials
  • All Tutorials
Certification Courses
  • All Courses
  • Software Development Course - All in One Bundle
  • Become a Python Developer
  • Java Course
  • Become a Selenium Automation Tester
  • Become an IoT Developer
  • ASP.NET Course
  • VB.NET Course
  • PHP Course

© 2020 - EDUCBA. ALL RIGHTS RESERVED. THE CERTIFICATION NAMES ARE THE TRADEMARKS OF THEIR RESPECTIVE OWNERS.

EDUCBA Login

Forgot Password?

EDUCBA
Free Software Development Course

Web development, programming languages, Software testing & others

*Please provide your correct email id. Login details for this Free course will be emailed to you
Book Your One Instructor : One Learner Free Class

Let’s Get Started

This website or its third-party tools use cookies, which are necessary to its functioning and required to achieve the purposes illustrated in the cookie policy. By closing this banner, scrolling this page, clicking a link or continuing to browse otherwise, you agree to our Privacy Policy

EDUCBA

*Please provide your correct email id. Login details for this Free course will be emailed to you
EDUCBA
Free Software Development Course

Web development, programming languages, Software testing & others

*Please provide your correct email id. Login details for this Free course will be emailed to you

Special Offer - All in One Software Development Bundle (600+ Courses, 50+ projects) Learn More