Using symmetric encryption requires, though, that a sender share the encryption key with the recipient in plain text, and this would be insecure. So by encrypting the symmetric key using the asymmetric public-key system, PGP combines the efficiency of symmetric encryption with the security of public-key cryptography. In practice, sending a message encrypted with PGP is simpler than the above explanation makes it sound.
You will see a padlock icon on the subject line of their emails. The email will look like this the email addresses have been blurred for privacy reasons :. ProtonMail — like most email clients that offer PGP — hides all of the complexity of the encryption and decryption of the message.
If you are communicating to users outside of ProtonMail, you need to send them your public key first. And so, although the message was sent securely, the recipient does not have to worry about the complexities of how this was done.
Of these three uses, the first — sending secure email — is by far the dominant application of PGP. As in the example above, most people use PGP to send encrypted emails. In the early years of PGP, it was mainly used by activists, journalists, and other people who deal with sensitive information.
The PGP system was originally designed, in fact, by a peace and political activist named Paul Zimmerman, who recently joined Startpage, one of the most popular private search engines. Today, the popularity of PGP has grown significantly. As more users have realized just how much information corporations and their governments are collecting on them, huge numbers of people now use the standard to keep their private information private.
A related use of PGP is that it can be used for email verification. If a journalist is unsure about the identity of a person sending them a message, for instance, they can use a Digital Signature alongside PGP to verify this. If even one character of the message has been changed in transit, the recipient will know. This can indicate either the sender is not who they say they are, that they have tried to fake a Digital Signature, or that the message has been tampered with.
A third use of PGP is to encrypt files. In fact, this algorithm is so secure that it has even been used in high-profile malware such as the CryptoLocker malware. However, the strong cryptography employed by PGP is the best available today. Vigilance and conservatism will protect you better, however, than claims of impenetrability. A cryptographic algorithm, plus all possible keys and all the protocols that make it work comprise a cryptosystem. PGP is a cryptosystem. Conventional encryption.
Obviously, this is exceedingly weak cryptography by today's standards, but hey, it worked for Caesar, and it illustrates how conventional cryptography works. Recall a character from your favorite spy movie: the person with a locked briefcase handcuffed to his or her wrist. What is in the briefcase, anyway? It's the key that will decrypt the secret data. For a sender and recipient to communicate securely using conventional encryption, they must agree upon a key and keep it secret between themselves.
If they are in different physical locations, they must trust a courier, the Bat Phone, or some other secure communication medium to prevent the disclosure of the secret key during transmission.
Anyone who overhears or intercepts the key in transit can later read, modify, and forge all information encrypted or authenticated with that key. From DES to Captain Midnight's Secret Decoder Ring, the persistent problem with conventional encryption is key distribution: how do you get the key to the recipient without someone intercepting it?
Public key cryptography is an asymmetric scheme that uses a pair of keys for encryption: a public key, which encrypts data, and a corresponding private, or secret key for decryption. Youpublishyour public keytotheworldwhile keeping your private key secret.
Anyone with a copy of your public key can then encrypt information that only you can read. Even people you have never met. It is computationally infeasible to deduce the private key from the public key.
Anyone who has a public key can encrypt information but cannot decrypt it. Only the person who has the corresponding private key can decrypt the information. Public key encryption. The primary benefit of public key cryptography is that it allows people who have no preexisting security arrangement to exchange messages securely.
The need for sender and receiver to share secret keys via some secure channel is eliminated; all communications involve only public keys, and no private key is ever transmitted or shared. Because conventional cryptography was once the only available means for relaying secret information, the expense of secure channels and key distribution relegated its use only to those who could afford it, such as governments and large banks or small children with secret decoder rings.
Public key encryption is the technological revolution that provides strong cryptography to the adult masses. Remember the courier with the locked briefcase handcuffed to his wrist?
Public-key encryption puts him out of business probably to his relief. PGP then creates a session key, which is a one-time-only secret key. This key is a random number generated from the random movements of your mouse and the keystrokes you type.
This session key works with a very secure, fast conventional encryption algorithm to encrypt the plaintext; the result is ciphertext. Once the data is encrypted, the session key is then encrypted to the recipient's public key. This public key-encrypted session key is transmitted along with the ciphertext to the recipient. How PGP encryption works. Decryption works in the reverse. The recipient's copy of PGP uses his or her private key to recover the temporary session key, which PGP then uses to decrypt the conventionally-encrypted ciphertext.
How PGP decryption works. The combination of the two encryption methods combines the convenience of public key encryption with the speed of conventional encryption. Conventional encryption is about 1, times faster than public key encryption. Public key encryption in turn provides a solution to key distribution and data transmission issues. Used together, performance and key distribution are improved without any sacrifice in security. However, public key size and conventional cryptography's secret key size are totally unrelated.
A conventional bit key has the equivalent strength of a bit public key. A conventional bit key is equivalent to a bit public key. Again, the bigger the key, the more secure, but the algorithms used for each type of cryptography are very different and thus comparison is like that of apples to oranges. While the public and private keys are mathematically related, it's very difficult to derive the private key given only the public key; however, deriving the private key is always possible given enough time and computing power.
This makes it very important to pick keys of the right size; large enough to be secure, but small enough to be applied fairly quickly. Additionally, you need to consider who might be trying to read your files, how determined they are, how much time they have, and what their resources might be. Larger keys will be cryptographically secure for a longer period of time. If what you want to encrypt needs to be hidden for many years, you might want to use a very large key.
Of course, who knows how long it will take to determine your key using tomorrow's faster, more efficient computers? There was a time when a bit symmetric key was considered extremely safe. Keys are stored in encrypted form. PGP stores the keys in two files on your hard disk; one for public keys and one for private keys.
These files are called keyrings. As you use PGP, you will typically add the public keys of your recipients to your public keyring. Your private keys are stored on your private keyring.
If you lose your private keyring, you will be unable to decrypt any information encrypted to keys on that ring. A digital signature serves the same purpose as a handwritten signature.
However, a handwritten signature is easy to counterfeit. A digital signature is superior to a handwritten signature in that it is nearly impossible to counterfeit, plus it attests to the contents of the information as well as to the identity of the signer.
Some people tend to use signatures more than they use encryption. The basic manner in which digital signatures are created is illustrated in Figure Instead of encrypting information using someone else's public key, you encrypt it with your private key.
If the information can be decrypted with your public key, then it must have originated with you. Simple digital signatures. PGP uses a cryptographically strong hash function on the plaintext the user is signing. This generates a fixed-length data item known as a message digest. Again, any change to the information results in a totally different digest. Then PGP uses the digest and the private key to create the "signature. Upon receipt of the message, the recipient uses PGP to recompute the digest, thus verifying the signature.
PGP can encrypt the plaintext or not; signing plaintext is useful if some of the recipients are not interested in or capable of verifying the signature. As long as a secure hash function is used, there is no way to take someone's signature from one document and attach it to another, or to alter a signed message in any way. The slightest change in a signed document will cause the digital signature verification process to fail. Secure digital signatures.
Digital signatures play a major role in authenticating and validating other PGP users' keys. In a public key environment, it is vital that you are assured that the public key to which you are encrypting data is in fact the public key of the intended recipient and not a forgery.
You could simply encrypt only to those keys which have been physically handed to you. But suppose you need to exchange information with people you have never met; how can you tell that you have the correct key?
Digital certificates, or certs, simplify the task of establishing whether a public key truly belongs to the purported owner. A certificate is a form of credential. Examples might be your driver's license, your social security card, or your birth certificate. Each of these has some information on it identifying you and some authorization stating that someone else has confirmed your identity.
Some certificates, such as your passport, are important enough confirmation of your identity that you would not want to lose them, lest someone use them to impersonate you.
A digital certificate is data that functions much like a physical certificate. A digital certificate is information included with a person's public key that helps others verify that a key is genuine or valid.
Digital certificates are used to thwart attempts to substitute one person's key for another. A digital certificate consists of three things:. Thus, a certificate is basically a public key with one or two forms of ID attached, plus a hearty stamp of approval from some other trusted individual.
Anatomy of a PGP certificate. Certificate servers A certificate server, also calledacert server or a key server, is a database that allows users to submit and retrieve digital certificates. A cert server usually provides some administrative features that enable a company to maintain its security policies — for example, allowing only those keys that meet certain requirements to be stored.
Public Key Infrastructures A PKI contains the certificate storage facilities of a certificate server, but also provides certificate management facilities the ability to issue, revoke, store, retrieve, and trust certificates. Only one thing left to tackle: transmission. Do we leave the message unguarded during the transmission phase? So, once the message arrives at the other end user B he or she will be able to decrypt the session key using the private key.
What about message auth and the dreaded integrity check? Digital signatures to the rescue! By embedding a digital signature, one can verify the authenticity of the message i. At the same time, by digitally signing the message you would have provided a much-need integrity check. Well, long story short, decryption would not be possible.
To create the digital signature, the sender would use PGP in order to compute a message digest. This message digest or hash is computed from the plaintext. In the chapter concerning PGP keys bookkeeping and key validation, Zimmerman says that:.
As time goes on, you will accumulate keys from other people that you may want to designate as trusted introducers. Everyone else will each choose their own trusted introducers. And everyone will gradually accumulate and distribute with their key a collection of certifying signatures from other people, with the expectation that anyone receiving it will trust at least one or two of the signatures.
This will cause the emergence of a decentralized fault-tolerant web of confidence for all public keys. There are very few well-documented incidents involving PGP encryption. Some scarce footnotes, some legal doodles, and the list end right here. Or does it? Evidence was piling up and the authorities needed just one last piece to complete the puzzle.
The seized PDAs might have provided the necessary information. However, all of them were PGP-encrypted. So, what happened? With no legal grounds for obtaining the credentials, the authorities had no choice but to abandon the PDAs. The case, which was minutely documents, especially due to its constitutional implications, revolved around Boucher, an illegal Canadian immigrant who was accused of disseminating child pornography over the Internet.
Of course, the encryption PGP could not be broken. The magistrates ordered Boucher to relinquish the credentials. Still here? I feel some of you fretting over this. How does he or she go about it? Step 2. The message itself is used to compute the SHA hash. This produces the byte string H.
Step 3. The computed hash will be digitally signed with the help of the RSA algorithm. This standard sets out the encryption algorithms, formats, composition and other features that programs must use to be OpenPGP-compliant. PGP encryption is used in a number of proprietary programs, such as the Symantec products mentioned above.
The most prominent of these is Gpg4win , which is a free suite of encryption tools for Windows. PGP encryption relies on several major elements that you will need to get your head around in order to understand how it works. The most important ones are symmetric-key cryptography, public-key cryptography , digital signatures and the web of trust. Symmetric-key cryptography involves using the same key to both encrypt and decrypt data.
In PGP, a random, one-off key is generated, which is known as the session key. The session key encrypts the message , which is the bulk of the data that needs to be sent. This type of encryption is relatively efficient, but it has a problem. How do you share the session key with your recipient? If you send it alongside your email, then anyone who intercepts the message can access the contents just as easily as your recipient.
Without the key, your recipient will only see the ciphertext. PGP solves this problem with public-key cryptography , also known as asymmetric cryptography. In this kind of encryption there are two keys: a public key and a private one. Each user has one of each. The public key of your potential correspondent can be found by searching through key servers or by asking the person directly.
Public keys are used by the sender to encrypt data, but they cannot decrypt it. This is why public keys are freely handed out, but private keys need to be guarded carefully. If your private key is compromised by an attacker, it enables them to access all of your PGP encrypted emails. Because public-key encryption is simply too inefficient. It would take too long and use a larger amount of computational resources. Since the body of the message usually contains the bulk of the data, PGP uses the more economical symmetric-key encryption for this.
It reserves the lumbering public-key encryption for the session key, making the whole process more efficient. In this way, the message gets encrypted through more practical means, while public-key encryption is used to securely deliver the session key to your recipient. Since only their private key can decrypt the session key, and the session key is needed to decrypt the message, the contents are secure from attackers.
Our written signatures are frequently used to verify that we are who we say we are. They are far from foolproof, but they are still a useful way of preventing fraud. Digital signatures are similar, using public-key cryptography to authenticate that the data comes from the source it claims to and that it has not been tampered with. The process makes digital signatures essentially impossible to forge unless the private key has been compromised. It all depends on what you are sending and why.
If the message must be delivered intact and without alteration, then a digital signature will need to be used. If both are important, you should use them together. The plaintext of your message is fed through a hash function , which is an algorithm that transforms inputs into a fixed-size block of data, called a message digest. This encrypted message digest is what is known as the digital signature. In PGP encryption, the digital signature is sent alongside the message body which can either be encrypted or in plaintext.
When someone receives a digitally signed email, they can check its authenticity and integrity by using the public key of the sender. First, a hash function is used on the message that was received. This gives the message digest of the email in its current form. The next step is to calculate the original message digest from the digital signature that was sent. This gives the message digest exactly as it was when it was signed by the sender.
If the message had been altered by even one character or punctuation mark, then the message digests will be completely different. It may be an innocent mistake because the wrong public key has accidentally been used, but it could also be a fraudulent message or one that has been tampered with. How do you know that a public key actually belongs to the person who says it does?
0コメント