Why pgp compresses messages

The receiver uses RSA with its private key to decrypt and recover the session key. The session key is used to decrypt the message. This has the benefit of saving space both for e-mail transmission and for file storage. Therefore cryptanalysis is more difficult. This format also appends a CRC to detect transmission errors.

Fortunately, the session key and signature portions of the message are relatively compact, and the plaintext message has been compressed. To accommodate this, PGP automatically subdivides a messsage that is too large into segments that are small enough to send via e-mail.

Summary of PGP Services One reason is that the user may wish to change his or her key pair from time to time. Using cipher feedback mode, the CAST encrypter produces two bit cipher text blocks.

An RSA public key may be hundreds of decimal digits in length. That is, the combination of user ID and key ID would be sufficient to identify a key uniquely however, it raises a management and overhead problem.

This seems unnecessarily burdensome. That is, the key ID of public key. Because a sender may use one of a number of private keys to encrypt the message digest, the recipient must know which public key is intended for use. The message component, 2. A signature component, optional , and 3. A session key component optional. Timestamp: The time at which the signature was made. The digest is calculated over the signature timestamp concatenated with the data portion of the message component.

The inclusion of the signature timestamp in the digest insures against replay types of attacks. The message component and optional signature component may be compressed using ZIP and may be encrypted using a session key.

The session key and 2. Private-key Ring This ring is used to store public keys of other users that are known to this user. Multiple user IDs may be associated with a single public key. The sending PGP entity performs the following steps. Signing the message: a. PGP prompts the user for the passphrase to recover the unencrypted private key. The signature component of the message is constructed.

Encrypting the message: a. PGP generates a session key and encrypts the message. The session key component of the message is constructed.

PGP Msg Generation Decrypting the message: a. PGP then recovers the session key and decrypts the message. Authenticating the message: a. PGP recovers the transmitted message digest. PGP computes the message digest for the received message and compares it to the transmitted message digest to authenticate.

PGP Msg Reception If too few pieces of the key are available, then the key is unusable. Some examples are to split a key into three pieces and require two of them to reconstitute the key, or split it into two pieces and require both pieces.

If a secure network connection is used during the reconstitution process, the key's shareholders need not be physically present in order to rejoin the key. The Basics of Cryptography Encryption and decryption What is cryptography?

Strong cryptography How does cryptography work? Conventional cryptography Caesar's Cipher Key management and conventional encryption Public key cryptography How PGP works Keys Digital signatures Hash functions Digital certificates Certificate distribution Certificate formats Validity and trust Checking validity Establishing trust Trust models Certificate Revocation Communicating that a certificate has been revoked What is a passphrase?

Key splitting The Basics of Cryptography When Julius Caesar sent messages to his generals, he didn't trust his messengers. And so we begin. Encryption and decryption Data that can be read and understood without any special measures is called plaintext or cleartext. The method of disguising plaintext in such a way as to hide its substance is called encryption. Encrypting plaintext results in unreadable gibberish called ciphertext. You use encryption to ensure that information is hidden from anyone for whom it is not intended, even those who can see the encrypted data.

The process of reverting ciphertext to its original plaintext is called decryption. Figure illustrates this process. Encryption and decryption What is cryptography? Cryptography is the science of using mathematics to encrypt and decrypt data. Cryptography enables you to store sensitive information or transmit it across insecure networks like the Internet so that it cannot be read by anyone except the intended recipient. Strong cryptography "There are two kinds of cryptography in this world: cryptography that will stop your kid sister from reading your files, and cryptography that will stop major governments from reading your files.

This book is about the latter. How does cryptography work? A cryptographic algorithm, or cipher, is a mathematical function used in the encryption and decryption process. A cryptographic algorithm works in combination with a key — a word, number, or phrase — to encrypt the plaintext. The same plaintext encrypts to different ciphertext with different keys.

The security of encrypted data is entirely dependent on two things: the strength of the cryptographic algorithm and the secrecy of the key. Conventional cryptography In conventional cryptography, also called secret-key or symmetric-key encryption, one key is used both for encryption and decryption. Figure is an illustration of the conventional encryption process. Conventional encryption Caesar's Cipher An extremely simple example of conventional cryptography is a substitution cipher.

A substitution cipher substitutes one piece of information for another. This is most frequently done by offsetting letters of the alphabet.

In both cases, the algorithm is to offset the alphabet and the key is the number of characters to offset it. Key management and conventional encryption Conventional encryption has benefits. It is very fast. It is especially useful for encrypting data that is not going anywhere. However, conventional encryption alone as a means for transmitting secure data can be quite expensive simply due to the difficulty of secure key distribution.

Public key cryptography The problems of key distribution are solved by public key cryptography, the concept of which was introduced by Whitfield Diffie and Martin Hellman in There is now evidence that the British Secret Service invented it a few years before Diffie and Hellman, but kept it a military secret — and did nothing with it. Public key encryption The primary benefit of public key cryptography is that it allows people who have no preexisting security arrangement to exchange messages securely.

PGP is a hybrid cryptosystem. Data compression saves modem transmission time and disk space and, more importantly, strengthens cryptographic security. Most cryptanalysis techniques exploit patterns found in the plaintext to crack the cipher. Compression reduces these patterns in the plaintext, thereby greatly enhancing resistance to cryptanalysis.

Files that are too short to compress or which don't compress well aren't compressed. How PGP encryption works Decryption works in the reverse. How PGP decryption works The combination of the two encryption methods combines the convenience of public key encryption with the speed of conventional encryption.

Keys A key is a value that works with a cryptographic algorithm to produce a specific ciphertext. Keys are basically really, really, really big numbers. Key size is measured in bits; the number representing a bit key is darn huge. In public key cryptography, the bigger the key, the more secure the ciphertext. Digital signatures Amajor benefit of public key cryptography is that it provides a method for employing digital signatures.

Digital signatures enable the recipient of information to verify the authenticity of the information's origin, and also verify that the information is intact. Thus, public key digital signatures provide authentication and data integrity. A digital signature also provides non-repudiation, which means that it prevents the sender from claiming that he or she did not actually send the information.

These features are every bit as fundamental to cryptography as privacy, if not more. Simple digital signatures Hash functions The system described above has some problems. It is slow, and it produces an enormous volume of data — at least double the size of the original information. An improvement on the above scheme is the addition of a one-way hash function in the process. A one-way hash function takes variable-length input — in this case, a message of any length, even thousands or millions of bits — and produces a fixed-length output; say, bits.

The hash function ensures that, if the information is changed in any way — even by just one bit — an entirely different output value is produced. Secure digital signatures Digital signatures play a major role in authenticating and validating other PGP users' keys. Digital certificates One issue with public key cryptosystems is that users must be constantly vigilant to ensure that they are encrypting to the correct person's key.

In an environment where it is safe to freely exchange keys via public servers, man-in-the-middle attacks are a potential threat. In this type of attack, someone posts a phony key with the name and user ID of the user's intended recipient. Data encrypted to — and intercepted by — the true owner of this bogus key is now in the wrong hands.

A digital certificate consists of three things: A public key. Certificate information. One or more digital signatures. The purpose of the digital signature on a certificate is to state that the certificate information has been attested to by some other person or entity. The digital signature does not attest to the authenticity of the certificate as a whole; it vouches only that the signed identity information goes along with, or is bound to, the public key.

Anatomy of a PGP certificate Certificate distribution Certificates are utilized when it's necessary to exchange public keys with someone else. For small groups of people who wish to communicate securely, it is easy to manually exchange diskettes or emails containing each owner's public key.

This is manual public key distribution, anditispracticalonlytoa certain point. Beyond that point, it is necessary to put systems into place that can provide the necessary security, storage, and exchange mechanisms so coworkers, business partners, or strangers could communicate if need be.

These can come in the form of storage-only repositories called Certificate Servers, or more structured systems that provide additional key management features and are called Public Key Infrastructures PKIs.

Certificate formats A digital certificate is basically a collection of identifying information bound together with a public key and signed by a trusted third party to prove its authenticity. A digital certificate can be one of a number of different formats. The certificate holder's information — this consists of "identity" information about the user, such as his or her name, user ID, photograph, and so on.

The digital signature of the certificate owner — also called a self-signature, this is the signature using the corresponding private key of the public key associated with the certificate. The preferred symmetric encryption algorithmfor the key — indicates the encryption algorithm to which the certificate owner prefers to have information encrypted.

You might think of a PGP certificate as a public key with one or more labels tied to it see Figure On these 'labels' you'll find information identifying the owner of the key and a signature of the key's owner, which states that the key and the identification go together. This particular signature is called a self-signature; every PGP certificate contains a self-signature.

A PGP certificate X. The most current is version 3. The certificate holder's public key — the public key of the certificate holder, together with an algorithm identifier which specifies which cryptosystem the key belongs to and any associated key parameters.

The serial number of the certificate — the entity application or person that created the certificate is responsible for assigning it a unique serial number to distinguish it from other certificates it issues. This information is used in numerous ways; for example when a certificate is revoked, its serial number is placed in a Certificate Revocation List or CRL.

The certificate holder's unique identifier — or DN — distinguished name. This name is intended to be unique across the Internet. The unique name of the certificate issuer — the unique name of the entity that signed the certificate. This is normally a CA. Using the certificate implies trusting the entity that signed this certificate. Note that in some cases, such as root or top-level CA certificates, the issuer signs its own certificate.

The digital signature of the issuer — the signature using the private key of the entity that issued the certificate. The signature algorithm identifier — identifies the algorithm used by the CA to sign the certificate. There are many differences between an X.

You provide your public key, proof that you possess the corresponding private key, and some specific information about yourself. You then digitally sign the information and send the whole package — the certificate request — to the CA. The CA then performs some due diligence in verifying that the information you provided is correct, and if so, generates the certificate and returns it.

Validity and trust Every user in a public key system is vulnerable to mistaking a phony key certificate for a real one. Validity is confidence that a public key certificate belongs to its purported owner.

Validity is essential in a public key environment where you must constantly establish whether or not a particular certificate is authentic. Checking validity One way to establish validity is to go through some manual process.

There are several ways to accomplish this. You could require your intended recipient to physically hand you a copy of his or her public key. But this is often inconvenient and inefficient. Establishing trust You validate certificates. You trust people. More specifically, you trust people to validate other people' certificates.

Typically, unless the owner hands you the certificate, you have to go by someone else's word that it is valid. Trust models In relatively closed systems, such as within a small company, it is easy to trace a certification path back to the root CA. However, users must often communicate with people outside of their corporate environment, including some whom they have never met, such as vendors, customers, clients, associates, and so on. Establishing a line of trust to those who have not been explicitly trusted by your CA is difficult.

In this model, a user trusts that a key is valid because he or she knows where it came from. All cryptosystems use this form of trust in some way. For example, in web browsers, the root Certification Authority keys are directly trusted because they were shipped by the manufacturer. If there is any form of hierarchy, it extends from these directly trusted certificates. Direct trust Hierarchical Trust In a hierarchical system, there are a number of "root" certificates from which trust extends.

Hierarchical trust Web of Trust A web of trust encompasses both of the other models, but also adds the notion that trust is in the eye of the beholder which is the real-world view and the idea that more information is better.

Stored on each user's public keyring are indicators of whether or not the user considers a particular key to be valid the level of trust the user places on the key that the key's owner can serve as certifier of others' keys You indicate, on your copy of my key, whether you think my judgement counts. It's really a reputation system: certain people are reputed to give good signatures, and people trust them to attest to other keys' validity. There are three levels of trust you can assign to someone else's public key: Complete trust Marginal trust Notrust or Untrusted To make things confusing, there are also three levels of validity: Valid Marginally valid Invalid To define another's key as a trusted introducer, you Start with a valid key, one that is either signed by you or signed by another trusted introducer and then Set the level of trust you feel the key's owner is entitled.

Certificate Revocation Certificates are only useful while they are valid. It is unsafe to simply assume that a certificate is valid forever. Recommended Articles. Article Contributed By :.

Easy Normal Medium Hard Expert. Writing code in comment? Please use ide. Load Comments. What's New. Most popular in Computer Networks.