PGP is an email encryption software based on the RSA public key encryption system. You can use it to keep your emails confidential to prevent unauthorized reading, and it can also digitally sign your emails so that recipients can be sure that the emails are from you. It allows you to communicate securely with people you have never met, without the need for any confidential channels to pass the keys in advance. It uses: prudent key management, a hybrid algorithm of RSA and traditional encryption, mail digest algorithm for digital signatures, compression before encryption, etc., and a good ergonomic design. It's powerful and fast. And its source code is free.
In fact, the functions of PGP are more than what is mentioned above: PGP can be used to encrypt files, and PGP can also be used instead of UUencode; to generate; RADIX; 64; format (that is, MIME;'s; BASE; 64; format ) encoding file.
PGP’s founder is American Phil Zimmermann. His creativity lies in the fact that he combines the convenience of the RSA public key system with the high speed of the traditional encryption system, and has ingenious designs in digital signature and key authentication management mechanisms. Therefore, PGP has become almost the most popular public key encryption software package.
PGP is an encryption software for public use. Encryption is for security, and privacy is a basic human right. In modern society, email and file transfer over the Internet have become a part of life. Email security issues have become increasingly prominent. Everyone knows that data transmitted on the Internet is not encrypted. If you don't protect your information, a third party can easily obtain your secrets. ; Another issue is information authentication. How to make the recipient convinced that the email has not been tampered with by a third party requires digital signature technology. The characteristics of the RSA public key system make it very suitable to meet the above two requirements:
Privacy and Authentication.
RSA (Rivest-Shamir-Adleman) algorithm is a public key system based on the assumption that it is impossible to factorize large numbers into prime factors. To put it simply, find two very large prime numbers, one is open to the world, and the other is not told to anyone. One is called the "public key" and the other is called the "private key" (Public;key;&;Secretkey;or;Private;key). These two keys are complementary, which means that ciphertext encrypted with the public key can be decrypted with the private key, and vice versa. Suppose A wants to send a letter to B, and they know each other's public key. A uses B's public key to encrypt the email and sends it. After B receives it, he can use his own private key to decrypt A's original text. Since no one else knows B's private key, even A himself cannot decrypt the letter, which solves the problem of keeping the letter confidential. On the other hand, since everyone knows B's public key, they can all send a letter to B, so B cannot be sure whether it is a letter from A. The problem of authentication arises, and digital signatures are useful at this time.
Before explaining the digital signature, we must first explain what a "message; digest" is. Simply speaking, it is to use a certain algorithm to calculate a message that can reflect the "essence" of the message. This number will change once there is any change in the email. Then this number plus the author's name (actually in the author's key) and date, etc., can be used as a signature. To be precise, PGP uses a 128-bit binary number as the "email digest". The algorithm used to generate it is called MD5 (message; digest; 5). The proposer of MD5 is Ron; Rivest. The code used in PGP is Written by Colin Plumb, MD5 itself is public software. So there is no mention of it in the legal terms of PGP. MD5 is a one-way hash algorithm. Unlike the CRC check code, it is difficult to find a replacement email that has the same "essence" as the original.
Back to the digital signature, A uses his private key to encrypt the above 128-bit "essence", attaches it to the email, and then uses B's public key to encrypt the entire email.
In this way, after the ciphertext is received by B, B uses his own private key to decrypt the email and obtains A's original text and signature. B's PGP also calculates a 128-bit "essence" from the original text and then uses A's public key. Compare the numbers obtained by decrypting the signature. If they match, it means that the email is indeed from A. In this way both requirements are met.
PGP can also only sign without encrypting. This is suitable for making public statements. In order to prove his or her identity (this is the only way on the Internet), the declarant can sign with his or her private key. This allows the recipient to confirm the identity of the sender and prevents the sender from denying his statement. This has great application prospects in the commercial field. It can prevent the sender from denying the letter and the letter from being tampered with on the way.
So why is it said that PGP uses a hybrid algorithm of RSA and traditional encryption? Because the RSA algorithm is extremely computationally intensive and is not suitable for encrypting large amounts of data in terms of speed, PGP actually uses not RSA itself for encryption, but a traditional encryption algorithm called IDEA. Let me first explain what traditional encryption is. Simply put, it uses a key to encrypt plaintext and then uses the same key to decrypt it. The representative of this method is DES (US; Fed eral; Data Encryption; Standard), which is multiplicative encryption. Its main disadvantage is that the key transmission channel cannot solve the security problem and is not suitable for email encryption needs in network environments.
2009-1-20 23:37 Reply
Italy
lvchenyang_
24 fans
2 Lou
IDEA; is a patented algorithm, and the patent holder is ETH and a Swiss company: Ascom-Tech; AG.
There is no need to pay fees to them for non-commercial IDEA implementations. IDEA's encryption (decryption) speed is much faster than RSA, so in fact, PGP uses a randomly generated key (different for each encryption) to encrypt the plaintext using the IDEA algorithm, and then encrypts the key using the RSA algorithm. In this way, the recipient also uses RSA to decrypt the random key, and then uses IDEA to decrypt the email itself. Such chain encryption achieves both the confidentiality of the RSA system and the speed of the IDEA algorithm. Half of the creativity of PGP lies in this point. Why has the RSA system been proposed in the 1970s but has not been promoted and applied? The speed is too slow! So where is the other half of PGP's creativity? Next I will talk about PGP key management.
A mature encryption system must be accompanied by a mature key management mechanism. The public key system was proposed to solve the shortcomings of traditional encryption systems in which key distribution is difficult to keep secret. For example, one of the common methods used by network hackers is "listening". It would be too dangerous if the key is transmitted through the network. For example: In the old version of Novell Netware, the user's password was transmitted in clear text on the line, so the listener could easily obtain other people's passwords. Of course, the user password in the packet header in Netware 4.1 is now encrypted. For PGP, the public key has to be made public, so there is no problem of preventing eavesdropping. However, there are still security issues in the release of public keys, such as public key tampering (Public; Key; Tampering). This may be the biggest vulnerability in the public key cryptography system, because most novices cannot discover this quickly. You have to be sure that the public key you get belongs to the person it appears to belong to. In order to make this issue clear, I will give an example and then talk about how to correctly use PGP to plug this loophole.
Take the communication between you and Alice as an example. Suppose you want to send a letter to Alice, then you must have Alice’s public key. You downloaded Alice’s public key from the BBS and used it to encrypt the letter. I sent it to Alice using the email function of the BBS. Unfortunately, neither you nor Alice know that another user named Charlie sneaked into the BBS and replaced Alice's public key with the public key in the key pair he generated using Alice's name. Then the public key you use to send the letter does not belong to Alice but to Charlie. Everything seems normal because the user name of the public key you obtained is "Alice".
So Charlie can use the private key in his hand to decrypt your letter to Alice, and he can even use Alice's real public key to forward your letter to Alice, so that no one will be suspicious. If he wants to change the letter you sent to Alice, There's nothing wrong with Alice's letter either. What's more, he can also forge Alice's signature to send a letter to you or others. Because the public key in your hands is forged, you will think it is really a letter from Alice.
The best way to prevent this situation is to avoid giving anyone else the opportunity to tamper with the public key, such as getting Alice's public key directly from her when she is thousands of miles away or unable to see it. This is very difficult. PGP developed a public key introduction mechanism to solve this problem. For example: If you and Alice have the same friend David, and David knows that the public key of Alice in his hand is correct (there is another method of PGP about how to authenticate the public key, which will be discussed later, assuming here David has authenticated her public key with Alice). In this way, David can use his own private key to sign Alice's public key (using the signature method mentioned above), indicating that he guarantees that the public key belongs to Alice. Of course, you need to use David's public key to verify the public key he gave you to Alice. Similarly, David can also authenticate your public key to Alice, so that David becomes the "introducer" between you and Alice. In this way, Alice or David can safely upload Alice's public key signed by David to the BBS for you to get. No one can tamper with it without you discovering it, even the administrator of the BBS. This is a secure means of transferring public keys from public channels.
Some people may ask: How do you get David's public key safely? Isn't this a chicken or egg problem? It is indeed possible that the public key of David you obtained is also fake, but this requires the troublemaker to participate in the entire process. He must be familiar with the three of you and plan for a long time, which is generally impossible. Of course, PGP also has preventive suggestions for this possibility, which is to let a person or institution that everyone generally trusts play this role. He is called the "key waiter" or "certification authority". Every public key signed by him is considered authentic, so everyone only needs to have a copy of his public key. It is convenient to authenticate this person's public key. Yes, because he provides this service widely, it is extremely difficult to counterfeit his public key because his public key is widely circulated. Such "authority" is suitable to be acted by non-individual control organizations or government agencies, and institutions with hierarchical certification systems already exist.
2009-1-20 23:37 Reply
Italy
lvchenyang_
24 fans
3 Lou
For those who are very scattered, PGP prefers to use private key referral methods, because such organic unofficialness can better reflect people's natural social interactions, and people can also freely Choose someone you trust to introduce. Anyway, it's the same as meeting people you don't know. Each public key has at least one "User; ID". Please try to use your full name, and it is best to add your email address to avoid confusion.
Attention! One rule you must follow is: before you use any public key, you must authenticate it first! ! ! No matter what temptation you are exposed to, and of course there will be this temptation, you should not, absolutely do not, directly trust a public key obtained from public channels (especially those that appear to be confidential). Remember to use an acquaintance to introduce it. public key, or authenticate yourself and the other party in person. Similarly, you should not sign and certify other people's public keys casually. Just like in real life, you will only give your house keys to people you trust.
Next, I will talk about how to authenticate the key through the phone. Each key has its own identification (keyID). keyID is an eight-digit hexadecimal number. The probability that two keys have the same keyID is one in billions.
And PGP also provides a more reliable method of identifying keys: "key"s; fingerprint.
Each key corresponds to a sequence of numbers (sixteen eight-digit hexadecimal numbers), and the possibility of this number being repeated is even slimmer. Moreover, no one can specify to generate a key with a certain fingerprint. The key is randomly generated, and the key cannot be deduced from the fingerprint. In this way, after you get someone's public key, you can check the fingerprint with him on the phone to authenticate his public key. If you can't talk to Alice on the phone, you can talk to David on the phone to authenticate David's public key, thereby authenticating Alice's public key through David. This is a combination of direct authentication and indirect introduction.
This leads to another method, which is to collect your own public keys signed by different people and send them to public places. In this way, you can hope that most people will know at least one of them, and thus Indirectly authenticates your public key. Similarly, after you sign your friend's public key, you should send it back to him, so that he can be authenticated by your other friends through you. It's a bit interesting, it's the same as how people interact in real society. PGP will automatically find out for you which of the public keys you got were introduced by your friends, which ones were introduced by your friends' friends, and which ones were introduced by friends of friends of friends... It will help you Divide them into different trust levels so you can decide how much to trust them. You can designate someone to have several levels of ability to refer public keys, which decreases as the certificate is passed.
The referral authentication mechanism is transitive, which is an interesting issue. Phil Zimmermann, the author of PGP.
There is a saying: "Trust is not transitive; I have a friend who I believe will never lie. But he is a fool who believes that the president will never lie, but obviously I do not think that the president will never lie. Don’t lie.”
The security of public keys is the core of PGP security, so I won’t go into details here. As with traditional single-key systems, the confidentiality of the private key is decisive. Compared with the public key, the private key does not have the problem of being tampered with, but there is the problem of leakage. The private key of RSA is a very long number, and it is impossible for users to remember it. PGP's method is to let users specify a password (pass; phase) for the randomly generated RSA private key. The private key can only be released for use by giving a password. The method of encrypting the private key with a password is as confidential as PGP itself. Therefore, the security issue of private keys is actually the confidentiality of user passwords. Of course, losing the confidentiality of the private key file itself is also very dangerous, because all the decipherer needs is to use exhaustive methods to detect your password. Although it is very difficult, it still loses a layer of security. Just a simple thing to remember here, keep your private key like any private key and don't let anyone have access to it.
PGP’s careful consideration of security issues is reflected in every aspect of PGP. For example, the actual key for each encryption is a random number. Everyone knows that computers cannot generate truly random numbers. The PGP program is very cautious about the generation of random numbers. The generation of key random numbers such as RSA keys is based on the random number seed obtained from the time interval between the user's keyboard glances. The randseed.bin file on the disk is encrypted with the same strength as the email. This effectively prevents others from analyzing the pattern of your actual encryption key from your randseed.bin file.
Here I would like to mention PGP’s pre-encryption pre-compression processing. The PGP core uses the PKZIP algorithm to compress the plaintext before encryption. On the one hand, for emails, the ciphertext that is compressed, encrypted, and then encoded with 7 bits may be shorter than the plaintext, which saves network transmission time. On the other hand, after plaintext is compressed, it is actually equivalent to a transformation. The information is more messy and disorganized, and the resistance to plaintext attacks is stronger. The PKZIP algorithm used in PGP is approved by the original author. The PKZIP algorithm is a recognized compression algorithm with good compression rate and compression speed.
What is used in PGP is PKZIP; version 2.0 compatible algorithm.
Okay, I will introduce the issue of PGP security in the article "Security of PGP". I have said so much above just to let everyone know that PGP is very safe, as long as you follow the correct usage method. For information on the installation and use of PGP, please refer to the article "Installation and Use of PGP;2.6.3i".
If you have some unclear vocabulary when reading English documents, please try to find clues from the article "PGP Glossary". PGP;2.6.3i is the PGP version that I recommend everyone to use. For detailed questions about this version, please refer to the article "PGPi; Questions and Answers".
Articles signed with PGP can be seen everywhere on the Internet today, and the PGP version is also being updated rapidly. It is said that PGP;3.0; will be launched in a few months. More and more people around the world are using PGP, and we Chinese should also pay attention to protecting our legal privacy rights. I translated and compiled these articles to promote the use of PGP in China. Although it is still a new thing, we have to see that it will definitely grow rapidly in the Internet space (CyberSpace). Although China started late, it is not much worse than the United States. We should catch up.