CS65-COMPUTER NETWORKS Dept.

of EEE

• Pretty Good Privacy (PGP) is a data encryption and

decryption computer program that provides
cryptographic privacy and authentication for data
communication.
• PGP is often used for signing, encrypting and decrypting
PGP texts, E-mails, files, directories and whole partitions to
increase the security of e-mail communications. It was
created by Philip Zimmermann in 1991.

4/4/2011 49 4/4/2011 50

What does PGP do?

Features of PGP PGP offers 5 services:
– Documentation and source code is freely available.
1. Authentication
– The package is independent of operating system and processor.
– PGP does not rely on the “establishment” and it’s popularity and 2. Confidentiality
use have grown extensively since 1995. 3. Compression
– PGP combines the best available cryptographic algorithms to
achieve secure e-mail communication. 4. E-mail compatibility
– It is assumed that all users are using public key cryptography 5. Segmentation
and have generated a private/public key pair.

4/4/2011 51 4/4/2011 52

Prepared by S.Muralidharan 1
CS65-COMPUTER NETWORKS Dept. of EEE

PGP Operation Summary PGP Authentication

• Sender:
1. Creates a message
2. Hashes it to 160-bits using SHA1
3. Encrypts the hash code using her private key, forming a
signature
4. Attaches the signature to message
• Receiver:
1. Decrypts attached signature using sender’s public key and
recovers hash code
2. Recomputes hash code using message and compares with
the received hash code’
3. If they match, accepts the message

4/4/2011 53 4/4/2011 55

..contd.
Detailed logic for PGP Authentication 6. He computes the hash of m using SHA-1 and if this
This is a digital signature scheme with hashing. hash value is equal to s then the message is
1. Alice has (private/public) key pair (Ad/Ae) and she authenticated.
wants to send a digitally signed message m to Bob.
2. Alice hashes the message using SHA-1 to obtain Bob is sure that the message is correct and that is
SHA(m). does come from Alice. Furthermore Alice cannot
3. Alice encrypts the hash using her private key Ad to later deny sending the message since only Alice has
obtain ciphertext c given by access to her private key Ad which works in
conjunction with the public key Ae.
c=pk.encryptAd(SHA(m))
4. Alice sends Bob the pair (m,c)
5. Bob receives (m,c) and decrypts c using Alice's public
key Ae to obtain signature s
s=pk.decryptAe(c)

4/4/2011 56 4/4/2011 57

Prepared by S.Muralidharan 2
CS65-COMPUTER NETWORKS Dept. of EEE

PGP Confidentiality …contd

• Sender: Detailed logic for PGP Confidentiality
1. Generates message and a random number (session key)
only for this message
1. Alice wishes to send Bob a confidential message m.
2. Encrypts message with the session key using AES, 3DES, 2. Alice generates a random session key k for a
IDEA or CAST-128 symmetric cryptosystem.
3. Encrypts session key itself with recipient’s public key using
RSA 3. Alice encrypts k using Bob’s public key Be to get
4. Attaches it to message k’ = pk.encryptBe(k)
• Receiver: 4. Alice encrypts the message m with the session key k
1. Recovers session key by decrypting using his private key to get ciphertext c
2. Decrypts message using the session key.
c=sk.encryptk(m)
5. Alice sends Bob the values (k’,c)
6. Bob receives the values (k’,c) and decrypts k’ using
his private key Bd to obtain k
k=pk.decryptBd(k’)

4/4/2011 58 4/4/2011 59

Confidentiality pitfall
7. Bob uses the session key k to decrypt the • Note that confidentiality service provides no assurance
ciphertext c and recover the message m to the receiver as to the identity of sender (i.e. no
m=sk.decryptk(c) authentication)

Public and symmetric key cryptosystems are • Only provides confidentiality for sender that only the
combined in this way to provide security for key recipient can read the message (and no one else)
exchange and then efficiency for encryption. The
session key k is used only to encrypt message m
and is not stored for any length of time.

4/4/2011 60 4/4/2011 61

Prepared by S.Muralidharan 3
CS65-COMPUTER NETWORKS
PGP Authentication and Confidentiality
(at the same time)
• Authentication and confidentiality can be
combined
– A message can be both signed and encrypted
• That is called authenticated confidentiality
• Encryption/Decryption process is “nested” within
the process shown for authentication alone
4/4/2011
6. Bob recieves k’ and C and decrypts k’ using his
private key Bd to obtain the session key k
k=pk.decryptBd(k’)
7. Bob decrypts the ciphertext C using the session
key k to obtain m and c
(m,c) = sk.decryptk(C)
8. Bob now has the message m. In order to
authenticate it he uses Alice’s public key Ae to
decrypt the signature c and hashes the message m
using SHA-1.
If SHA(m) = pk.decryptAe(c)
Then the message is authenticated.
4/4/2011
Prepared by S.Muralidharan
Dept. of EEE
Detailed logic for PGP Authentication & confidentiality
The schemes for authentication and confidentiality
can be combined so that Alice can sign a
confidential message which is encrypted before
transmission. The steps required are as follows:
1. Alice generates a signature c for her message m as
in the Authentication scheme
c=pk.encryptAd(SHA(m))
2. Alice generates a random session key k and
encrypts the message m and the signature c using
a symmetric cryptosystem to obtain ciphertext C
C=sk.encryptk(m,c)
4. She encrypts the session key k using Bob’s public
key
k’ = pk.encryptBe(k)
5. Alice sends Bob the values (k’,C)
62 4/4/2011 63
PGP Compression
PGP can also compress the message if desired. The
compression algorithm is ZIP and the decompression
algorithm is UNZIP.
Detailed logic for PGP Compression
1. The original message m is signed as before to obtain
c=pk.encryptAd(SHA(m))
2. Now the original message m is compressed to obtain
M=ZIP(m)
3. Alice generates a session key k and encrypts the
compressed message and the signature using the
session key
C=sk.encryptk(M,c)
4. The session key is encrypted using Bob’s public key
64 4/4/2011 as before. 65
4
CS65-COMPUTER NETWORKS Dept. of EEE

5. Alice sends Bob the encrypted session key and • Compression is done after signing the hash
ciphertext C.
– Why?
6. Bob decrypts the session key using his private key and • Saves having to compress document every time you wish to
then uses the session key to decrypt the ciphertext C verify its signature
to obtain M and c
• It is also done before encryption
(M,c) = sk.decryptk(C)
– Why?
7. Bob decompresses the message M to obtain the • To speed up the process (less data to encrypt)
original message m
– Also improves security
m=UNZIP(M) • Compressed messages are more difficult to cryptanalyze as
8. Now Bob has the original message m and signature c. they have less redundancy
He verifies the signature using SHA-1 and Alice’s
public key as before.
Note that the compression is applied after signing
(due to implementation of ZIP) but before encryption
(this strengthens the security of the scheme since the
message has less redundancy after compression)
4/4/2011 66 4/4/2011 67

PGP Email compatibility PGP Segmentation/Reassembly

• PGP is designed to be compatible with all email • Email protocols have a maximum allowed size for
systems messages
• Makes no assumptions regarding ability to handle – Like 100 KB
attachments etc.
– Handles both the simplest system and the most complex system
• PGP divides messages that are too large into smaller
– Output of encryption and compression functions is divided into
6-bit blocks ones
• Each block is mapped onto an ASCII Character – Divide and conquer
• This is called RADIX-64 encoding
• Has the side-effect of increasing the size of the data by • Reassembly at the receiving end is required before
about 33%
verifying signature or decryption

4/4/2011 68 4/4/2011 69

Prepared by S.Muralidharan 5