Pretty Good Privacy (PGP) - PowerPoint PPT Presentation

1 / 10
About This Presentation
Title:

Pretty Good Privacy (PGP)

Description:

The first version of this system is generally known as a web of trust as opposed ... Many PGP users' public keys are available to all from the many PGP key servers ... – PowerPoint PPT presentation

Number of Views:148
Avg rating:3.0/5.0
Slides: 11
Provided by: ravimuk
Category:
Tags: pgp | good | keys | pretty | privacy

less

Transcript and Presenter's Notes

Title: Pretty Good Privacy (PGP)


1
Pretty Good Privacy (PGP)
2
How PGP works
  • PGP uses both public-key cryptography and
    symmetric key cryptography, and includes a system
    which binds the public keys to user identities.
  • The first version of this system is generally
    known as a web of trust as opposed to developed
    later X.509 system with top-down approach based
    on certificate authority. Later versions of PGP
    have included something more akin to a public key
    infrastructure (PKI) that includes certificate
    authority.

3
PGP Contd.
  • PGP uses asymmetric key encryption algorithms. In
    these, the recipient must have previously
    generated a linked key pair, a public key, and a
    private key. The sender uses the recipient's
    public key to encrypt a shared key (aka a secret
    key or conventional key) for a symmetric cipher
    algorithm. That key is used, finally, to encrypt
    the plaintext of a message. Many PGP users'
    public keys are available to all from the many
    PGP key servers around the world which act as
    mirror sites for each other.

4
PGP Cont.
  • The recipient of a PGP-protected message decrypts
    it using the session key for a symmetric
    algorithm. That session key was, of course,
    included in the message in encrypted form and was
    itself decrypted using the recipient's private
    key. Use of two ciphers in this way is sensible
    because of the very considerable difference in
    operating speed between asymmetric key and
    symmetric key ciphers (the differences are often
    1000 times).

5
PGP Cont.
  • A similar strategy is (by default) used to detect
    whether a message has been altered since it was
    completed, or (also by default) whether it was
    actually sent by the person/entity claimed to be
    the sender.

6
PGP Cont.
  • To do both at once, the sender uses PGP to 'sign'
    the message with either the RSA or DSA signature
    algorithms.
  • To do so, PGP computes a hash (also called a
    message digest) from the plaintext, and then
    creates the digital signature from that hash
    using the sender's private key.
  • The message recipient computes a message digest
    over the recovered plaintext, and then uses the
    sender's public key and the signed message digest
    value with the signature algorithm.
  • If the signature matches the received plaintext's
    message digest, it must be presumed (to a very
    high degree of confidence) that the message
    received has not been tampered with, either
    deliberately or accidentally, since it was
    properly signed.
  • http//en.wikipedia.org/wiki/OpenPGP

7
PGP Cont.
  • It is critical that the public key one uses to
    send messages to some person or entity actually
    does 'belong' to the intended recipient.
  • Users must also verify by some means that the
    public key in a certificate actually does belong
    to the person/entity claiming it. From its first
    release, PGP has used a web of trust. A given
    public key (or more specifically, information
    binding a person to a key) may be digitally
    signed by a third party to attest the association
    between the person and the key. There are several
    levels of confidence that can be expressed in
    this signature.

8
PGP Cont.
  • In the (more recent) OpenPGP specification, trust
    signatures can be used to support creation of
    certificate authorities. A trust signature
    indicates both that the key belongs to its
    claimed owner and that the owner of the key is
    trustworthy to sign other keys at one level below
    their own.
  • A level 0 signature is comparable to a web of
    trust signature, since only the validity of the
    key is certified.
  • A level 1 signature is similar to the trust one
    has in a certificate authority because a key
    signed to level 1 is able to issue an unlimited
    number of level 0 signatures.
  • A level 2 signature is highly analogous to the
    trust assumption users must rely on whenever they
    use the default certificate authority list in
    Internet Explorer it allows the owner of the key
    to make other keys certificate authorities.

9
PGP Cont.
  • PGP has also included a way to 'revoke' identity
    certificates which may have become invalid. More
    recent PGP versions have also supported
    certificate expiration dates.
  • The problem of correctly identifying a public key
    as belonging to some other user is not unique to
    PGP. All public key and private key cryptosystems
    have the same problem.

10
Downloading PGP etc.
  • PGP 6.5.8 Tutorial
  • http//www.pitt.edu/poole/PGP.htmwaiting
  • E-mail privacy and PGP Tutorial
  • http//www.emailprivacy.info/privacy_pgp
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Pretty Good Privacy (PGP)" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!