Beruflich Dokumente
Kultur Dokumente
Seminar Report
Certificate
This is to certify that the seminar entitled PRETTY GOOD ENCRYPTION TECHNOLOGY (PGP) is a report of the seminar
presented by VIBHUTI BHUSHAN (S7,CSE) under our supervision and guidance. The seminar report has been submitted to the Department of Computer Science and Engineering of National Institute of Technology, Calicut in partial fulfillment of the award of the Degree of Bachelor of Technology in Computer Science and Engineering.
CONTENTS
0.Abstract. 4 1.Introduction .. 5 2. BASICS OF e-Mail Security... 6 2.1 Cryptographic Algorithms..... 6 2.2Cryptographic Security. 6 2.2Certificates.......... 6 3. PGP encryption Components .. 7 3.1 Scenarios 7 3.2 PGP Algorithms . 8 3.3 Key Rings . 10 3.4 PGP Certificates . ...... 10 3.5 Key Ring tables . 10 4. How PGP work... 11 4.1Encrypton .. 12 4.2Decryption . 13 5. Trust Model in PGP... 15 6. Recent Developments ........ 15 7.Current PGP Products .......16 8. Conclusion ....... 17 9.Bibliography .... 17
0.ABSTRACT
The IT organizations are trying to secure systems and communications to protect brand equity and the obligations for compliance. The PGP encryption platform allows them to manage multiple encryption applications cost-effectively thereby saving the precious human resources and capital which can be channelized for additional projects. In large organizations, the business-critical data can be moved easily and with little impact on existing systems by using the PGP .The sensitive information stored on servers and backup media can also be protected using the PGP.
1.INTRODUCTION
Pretty Good Privacy (PGP) is a computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting and decrypting e-mails to increase the security of e-mail communications. PGP can be used to create a secure e-mail message or to store a file securely for future retrieval. It was originally created by Philip Zimmermann in 1991. PGP and other similar products follow the OpenPGP standard (RFC 4880) for encrypting and decrypting data a public key encryption program originally written by Phil Zimmermann in 1991. Over the past few years, PGP has got thousands of adherent supporters all over the globe and has become a de-facto standard for encryption of email on the Internet.
Most e-mail security protocols today require that encryption/decryption be done using a symmetric-key algorithm and a one-time secret key sent with the message.
Certificates
How to be assured of the the recievers or senders public key?
This is problem could be solved using PGP which eventually makes a web of trust between a group of people.
The first version of Pretty Good Privacy (PGP) protocol is invented by Phil Zimmerman to provide email with privacy, integrity, and authentication. It is more widely used in electronic mail security than any other area. PGP is a hybrid cryptosystem; it is a combination of some of the best known encryption algorithms in existence. While PGP has the speediness of a symmetric-key encryption algorithm, it maintains the high level of security of a public-key encryption algorithm. 1. Scenarios 1.a) Plaintext
1.e) Code Conversion Another service provided by PGP is code conversion. PGP uses Radix-64 conversion. 1.f) Segmentation PGP allows segmentation of the message 2.
PGP Algorithms
10
3. Key Rings
4. PGP Certificates
`4.1) X.509 Certificates: Protocols that use X.509 certificates depend on the hierarchical structure of the trust. 4.2) PGP Certificates: In PGP, there is no need for CAs; anyone in the ring can sign a certificate for anyone else in the ring.
11
11
12
The following algorithms are employed by PGP: 1. IDEA Cipher International Data Encryption Algorithm, developed by James Massey & Xuejia Lai in 1990 1. RSA Public Key Encryption - developed by Rivest, Shamir, and Adelman in 1977 1. GZIP - A combination of Lempel-Ziv and Huffman Encoding
Original text is encrypted into IDEA cipher text with a 128-bit random key via IDEA encryption.
12
13
The IDEA session key is encrypted with a large public key via RSA encryption. The encrypted IDEA session key is appended to the IDEA cipher text. GZIP is used to compress the data into a PGP package.
How PGP Decrypts: 1. PGP package is decompressed and is separated into the encrypted IDEA session key and the encrypted IDEA cipher text. 2. IDEA session key is decrypted with RSA private key. 3. IDEA session key decrypts the IDEA cipher text into the original plain text.
13
14
14
15
15
16
Guard(abbreviated GnuPG or GPG) PGP Desktop 9.x family includes PGP Desktop Email, PGP Whole Disk Encryption, and PGP NetShare. Command Line, which enables command line-based encryption and signing of information for storage, transfer, and backup,
16
17
8 .CONCLUSION
PGP found its way onto the Internet, and it very rapidly acquired a considerable following around the world. It is the most widely accepted standard to encrypt/decrypt and send e-mail over internet. Continuous efforts are made to make it more secure and fullproof so that organizations and individuals can rely on its privacy and integrity and authentication.
BIBLIOGRAPHY
PGP International Homepage. http://www.pgpi.org, 2001. PGP Security BIND vulnerability COVERT CyberCop Gauntlet. www.pgp.com, 2001. Back, Adam, PGP Timeline. http://www.cypherspace.org/~adam/timeline/, 1998. Brown, Lawrie, Cryptography and Computer Security. http://www.cs.adfa.oz.au/teaching/studinfo/csc/lectures/, 2001. Davie and Peterson, Larry L., Computer Networks. 2nd ed. Boston: Morgan Kaufmann, 2000. Page 599-601. Gimon, Charles A., The Phil Zimmerman Case. http://www.skypoint.com/members/gimonca/philzima.html, 1996.
17