PGP encryption Essay
In order to guarantee confidentiality, PGP combines the ideas of public key encryption and conventional encryption. PGP algorithm creates a one-time session key, based on the random combination of user’s keystrokes and mouse movements. The text is encrypted by this session key, and the session key, in its turn, is encoded by the recipient’s public key. The pair of private and public key is used in public key cryptography in the following way. Every user has a pair of keys, private and public; public key is distributed to everyone, while private key should be known only to the owner.
PGP encrypts session key with public key of the recipient, and the ciphertext with the encrypted session key is sent to the recipient. Confidentiality is protected in two ways: first of all, the pair of private and public key enable protection against unauthorized access, and the session key creates additional forward secrecy. Even if private key eventually becomes known to the intruder, he wouldn’t be able to access previous conversations or forward these messages. This is the advantage of additional secret key encryption compared to public key encryption.
2. Although PGP does not explicitly provide such service as message integrity, there is a mechanism of digital signatures, These signatures are used to secure message identity and for authentication purposes. For this purpose, PGP uses hash functions to produce a message digest – a fixed-length string, which is then encoded by the private key of the sender. In this way, the recipient can verify authentication – by decrypting the digest with the recipient’s public key, and check message integrity – by performing a hash operation on the message and comparing the result with the decoded message digest.
3. If the user needs both confidentiality and authentication, then the plaintext goes through the following transformations:
a) digital signature is created
b) digital signature is added to the message
c) the message is compressed
d) one-time session key is generated
e) the message is encrypted using the one-time secret key
f) session key is encrypted using the recipient’s public key
g) encrypted message and encrypted session key form PGP message