PRETTY GOOD ENCRYPTION TECHNOLOGY ( PGP )
Seminar Report
Department of Computer Science and Engineering
National Institute of Technology, Calicut 2011
SREENU NAIK BHUKYA
Seminar Coordinator Dept. of Computer Science &Engineering
Submitted By: Vibhuti Bhushan B080487CS S7, CSE
Certificate
This is to certify that the seminar entitled PRETTY GOOD ENCRYPTION TECHNOLOGY (PGP) is a report of the seminar
presented by VIBHUTI BHUSHAN (S7,CSE) under our supervision and guidance. The seminar report has been submitted to the Department of Computer Science and Engineering of National Institute of Technology, Calicut in partial fulfillment of the award of the Degree of Bachelor of Technology in Computer Science and Engineering.
SREENU NAIK BHUKYA
Seminar Coordinator Dept. of Computer Science &Engineering
CONTENTS
0.Abstract. 4 1.Introduction .. 5 2. BASICS OF e-Mail Security... 6 2.1 Cryptographic Algorithms..... 6 2.2Cryptographic Security. 6 2.2Certificates.......... 6 3. PGP encryption Components .. 7 3.1 Scenarios 7 3.2 PGP Algorithms . 8 3.3 Key Rings . 10 3.4 PGP Certificates . ...... 10 3.5 Key Ring tables . 10 4. How PGP work... 11 4.1Encrypton .. 12 4.2Decryption . 13 5. Trust Model in PGP... 15 6. Recent Developments ........ 15 7.Current PGP Products .......16 8. Conclusion ....... 17 9.Bibliography .... 17
0.ABSTRACT
The IT organizations are trying to secure systems and communications to protect brand equity and the obligations for compliance. The PGP encryption platform allows them to manage multiple encryption applications cost-effectively thereby saving the precious human resources and capital which can be channelized for additional projects. In large organizations, the business-critical data can be moved easily and with little impact on existing systems by using the PGP .The sensitive information stored on servers and backup media can also be protected using the PGP.
1.INTRODUCTION
Pretty Good Privacy (PGP) is a computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting and decrypting e-mails to increase the security of e-mail communications. PGP can be used to create a secure e-mail message or to store a file securely for future retrieval. It was originally created by Philip Zimmermann in 1991. PGP and other similar products follow the OpenPGP standard (RFC 4880) for encrypting and decrypting data a public key encryption program originally written by Phil Zimmermann in 1991. Over the past few years, PGP has got thousands of adherent supporters all over the globe and has become a de-facto standard for encryption of email on the Internet.
2.BASICS OF e-Mail Security
Sending an email is a one-time activity. The sender and receiver do not create any kind of session in between them. Security of a unidirectional message communication involves following terms : Cryptographic Algorithms Since there is no session or handshaking involved, to negotiate the algorithms there are two solutions for this. 1. Underlying protocol selects one algorithm for each cryptographic operation and force the sender to use only these. This solution is very restrictive and limits the capabilities of both paries. 2. The underlying protocol defines a set of algorithms for each operation and sender includes the name of algorithm in the message itself.
Cryptographic Secrets
Most e-mail security protocols today require that encryption/decryption be done using a symmetric-key algorithm and a one-time secret key sent with the message.
Certificates
How to be assured of the the recievers or senders public key?
This is problem could be solved using PGP which eventually makes a web of trust between a group of people.
3. PGP ENCRYPTION COMPONENTS
The first version of Pretty Good Privacy (PGP) protocol is invented by Phil Zimmerman to provide email with privacy, integrity, and authentication. It is more widely used in electronic mail security than any other area. PGP is a hybrid cryptosystem; it is a combination of some of the best known encryption algorithms in existence. While PGP has the speediness of a symmetric-key encryption algorithm, it maintains the high level of security of a public-key encryption algorithm. 1. Scenarios 1.a) Plaintext
A plain text message looks like above. 1.b) Message Integrity
An authenticated message. Digest is signed by sender. 1.c) Compression
1.d) Confidentiality with one-time session key
1.e) Code Conversion Another service provided by PGP is code conversion. PGP uses Radix-64 conversion. 1.f) Segmentation PGP allows segmentation of the message 2.
PGP Algorithms
10
3. Key Rings
4. PGP Certificates
`4.1) X.509 Certificates: Protocols that use X.509 certificates depend on the hierarchical structure of the trust. 4.2) PGP Certificates: In PGP, there is no need for CAs; anyone in the ring can sign a certificate for anyone else in the ring.
5. Key Ring tables
There are many sets of keys in a PGP Protocol and these keys are saved in two tables. i) ii) Private Key Ring Table Public Key Ring Table
10
11
Format of Private key ring table:
Format of Public key ring table:
4. How PGP Works
PGP encryption uses public-key cryptography and includes a system which binds the public keys to a user name and/or an e-mail address. The first version of this system was generally known as a web of trust to contrast with the X.509 system which uses a hierarchical approach based on certificate authority and which was added to PGP implementations later. Current versions of PGP encryption include both options through an automated key management server.
11
12
The following algorithms are employed by PGP: 1. IDEA Cipher International Data Encryption Algorithm, developed by James Massey & Xuejia Lai in 1990 1. RSA Public Key Encryption - developed by Rivest, Shamir, and Adelman in 1977 1. GZIP - A combination of Lempel-Ziv and Huffman Encoding
How PGP Encrypts:
o Extracting information at the sender site
Original text is encrypted into IDEA cipher text with a 128-bit random key via IDEA encryption.
12
13
The IDEA session key is encrypted with a large public key via RSA encryption. The encrypted IDEA session key is appended to the IDEA cipher text. GZIP is used to compress the data into a PGP package.
How PGP Decrypts: 1. PGP package is decompressed and is separated into the encrypted IDEA session key and the encrypted IDEA cipher text. 2. IDEA session key is decrypted with RSA private key. 3. IDEA session key decrypts the IDEA cipher text into the original plain text.
13
14
Extracting information at the receiver site:
14
15
5.Trust Model in PGP
PGP works on the web of trust model
6. RECENT DEVELOPMENT IN PGP
In December 1997, PGP Inc. was acquired by Network Associates Inc. ("NAI which is now named McAfee) In August 2002, several ex-PGP team members formed a new company, PGP Corporation. On April 29, 2010 Symantec Corp announced that it would acquire PGP for $300 million.
15
16
7. CURRENT PGP PRODUCTS
PGP encryption is widely in use in offices, internet and industry. Different companies and many individuals are continuously producing and designing new products based upon PGP Encryption Technology. Lots of Research work is going on in this field. Depending on application, the products feature desktop e-mail, digital signatures, IM security, whole disk encryption, file and folder security, self decrypting archives, and secure shredding of deleted files. Some products based on PGP are listed here: PGP Desktop 10.1 (Windows and Mac-OS Platforms) OpenPGP - The Free Software Foundation has developed its own OpenPGP-compliant program called GNU Privacy
Guard(abbreviated GnuPG or GPG) PGP Desktop 9.x family includes PGP Desktop Email, PGP Whole Disk Encryption, and PGP NetShare. Command Line, which enables command line-based encryption and signing of information for storage, transfer, and backup,
PGP Support Package for BlackBerry which enables RIM
BlackBerry devices to enjoy sender-to-recipient messaging encryption.
16
17
8 .CONCLUSION
PGP found its way onto the Internet, and it very rapidly acquired a considerable following around the world. It is the most widely accepted standard to encrypt/decrypt and send e-mail over internet. Continuous efforts are made to make it more secure and fullproof so that organizations and individuals can rely on its privacy and integrity and authentication.
BIBLIOGRAPHY
PGP International Homepage. http://www.pgpi.org, 2001. PGP Security BIND vulnerability COVERT CyberCop Gauntlet. www.pgp.com, 2001. Back, Adam, PGP Timeline. http://www.cypherspace.org/~adam/timeline/, 1998. Brown, Lawrie, Cryptography and Computer Security. http://www.cs.adfa.oz.au/teaching/studinfo/csc/lectures/, 2001. Davie and Peterson, Larry L., Computer Networks. 2nd ed. Boston: Morgan Kaufmann, 2000. Page 599-601. Gimon, Charles A., The Phil Zimmerman Case. http://www.skypoint.com/members/gimonca/philzima.html, 1996.
17