Overview
With the explosively growing reliance on electronic mail for every conceivable purpose, there grows a demand for authentication and confidentiality services.
One of the schemes that stands out as an approach that are likely to enjoy wide spread use in the next few years is : Pretty Good Privacy (PGP).
2.
3.
4.
PGP Cont .
PGP has grown explosively and is now widely used, a number of reasons can be cited for this grows:
1. It is available free worldwide in versions that run on a variety of platforms, including DOS, Windows, and UNIX. 2. It is based on algorithms that have survived extensive public review and considered extremely secure (RSA, DSS and Diffie-Hellman) 3. It was not developed by or is it controlled by, any government or standard organization.
1.2-Notations
Ks = Session key used in conventional encryption. KRa = Private key of user A. KUa = Public key of user A. EP = Public key encryption. DP = Public key decryption. EC = Conventional encryption. DC = Conventional decryption. H = Hash function. || = Concatenation. Z = Compression using ZIP algorithm. R64 = Conversion to radix64 ASCII format.
2 - Operational Description
The actual operation of PGP consists of five services: 1- Authentication 2- Confidentiality 3- Compression 4- Compatibility 5- Segmentation.
2.1 - Authentication
The figure illustrates the digital signature service provided by PGP, the sequence is as follows: 1. The sender creates a message. 2. SHA-1 is used to generate the hash code of the message. 3. The hash code is encrypted with RSA using the senders private key, and the result is appended to the message, which is compressed with ZIP 4. The receiver decompresses the message then uses RSA with the senders public key to decrypt and recover the hash code. 5. The receiver generates a new hash code for the message and compares it with the decrypted hash code. If the two matches, the message is considered authentic
Authentication Cont.
Alternatives The combination of SHA-1 and RSA provides an effective digital signature scheme. As an alternative signatures can be generated using SHA-1/DSS .
Detached Signatures : They are supported ,which useful in several contexts :- A detached signature of an executable program can detect subsequent virus infection. - A detached signatures can be used when more than one party must sign a document.
2.2 - Confidentiality
Another basic service provided by PGP is confidentiality , which is provided by encrypting messages to be transmitted or to be stored locally as files. In both cases the conventional encryption algorithm CAST-128 may be used. Alternatively IDEA or 3DES may be used. In PGP, the conventional key is used only once.
It is called the Session key and it is bounded to the message and transmitted with it.
To protect the key ,it is encrypted with the receivers public key.
Confidentiality Cont.
2. 3.
4. 5.
The sender compresses the message then generates a random 128-bit number to be used as a session key for this message only. The message is encrypted using CAST-128 or IDEA with the session key. The session key is encrypted with RSA, using the recipients public key and is appended. The receiver uses RSA with its private key to decrypt and recover the session key. The session key is used to decrypt the message then the message is decompressed.
Confidentiality Cont.
As an alternative to the use of RSA for key encryption, PGP provides an option refered to as Diffie-Hellman. Diffie-Hellman is key exchange algorithm. In fact PGP uses a variant of Diffie-Hellman
Several observations may be made, First to reduce the encryption time the combination of conventional and public key encryption is used, Second the use of the public key algorithm solves the session key distribution problem because only the recipient is able to recover the session key that is bounded to the message.
Both services may be used for the same message. First, a signature is generated for the plain text message and appended to the message. Then the plain text message plus signature is encrypted using CAST-128 and the session key is encrypted using RSA.
2.3 - Compression
PGP makes use of a compression package called ZIP, written by Jean-Lup Gailly and Mark Adler.
ZIP is a freeware package written in C that runs as a utility on UNIX and some other systems. This algorithm is generally referred to as LZ77. A version of this algorithm is used in the zip compression scheme.
Radix-64 Encoding
The signature is generated before compression as it is preferable to sign an uncompressed message so that one can store only the uncompressed message together with the signature for future verification If one signed a compressed message ,then either to store a compressed version ,or to recompress when verify. Message encryption is applied after compression to strengthen cryptographic security. Because the compressed message has less redundancy than the original plain text.
E-Mail facilities are restricted to a maximum message length. For example, some of the facilities accessible through the internet impose a maximum length of 50,000 octets. PGP divides any message longer than that into smaller segments each of which is mailed separately. The segmentation is done after all of the other processing, including the radix-64 conversion.
Key points :
1- Types of keys in PGP 2- Session Key Generation 3- Key Identifiers 4- Key Rings
A given user may have multiple public/private key pairs. In order to do this PGP assign an identifier with each public key. The key ID associated with each public key consists of its least significant 64 bits.
PGP provides a pair of data structures at each node : - one to store the public/private key pairs owned by that node - and one to store the public keys of other users known at this node.
These data structures are referred to Private-key ring and public-key ring respectively
Time stamp: the time when the key pairs was generated. Key ID: The least significant 64 bits of the public key of this entry. Public key Private key: this part is encrypted to ensure the security. User ID: typically this is the users e-mail address.
Passphrase Key
Hashing
SHA -1
Private Key
Public Key
Encryption
CAST 128
Time stamp: the time when the key pairs was generated. Key ID: The least significant 64 bits of the public key of this entry. Public key User ID: Identify the owner of this key
The Message Component includes the actual data to be transmitted , file name and a time stamp of creation . The Signature Component includes: 1. Timestamp: the time at which the signature is generated 2. Message digest: the digest is calculated over the signature message timestamp (to overcome the replay attack) this digest is encrypted with the senders private key. 3. Leading two octets of message digest: to determine if the correct public key was used to decrypt the message digest. 4. Key ID of senders public key: identify the public key that should used to decrypt the message digest. The Session Key Component includes the encrypted session key and the identifier of the recipient's public key that was used by the sender to encrypt the session key
PGP retrieve the senders private key from the private key ring using the user id as an index PGP prompts the user for passphrase to recover the unencrypted private key The signature component of the message is constructed. PGP generates a session key and encrypt the message. PGP retrieves the recipients public key from the ring using the user id. The session component of the message is constructed
PGP retrieves the receivers private key from the ring using the key ID as index. PGP prompts the user for passphrase to recover the unencrypted private key. PGP recover the session key and decrypts the message. PGP retrieve the senders public key from the ring using the key ID . PGP recovers the transmitted message digest. PGP computes the message digest for the received message and compares it with the transmitted message digest to authenticate.
Physically get the key from B. B could store her public key (KUb) on a floppy disk and hand it to A.
Verify a key by phone. If A recognize B on the phone. A could ask B to dedicate the key in radix-64 format, over the phone. Obtain Bs public key from a mutually trusted individual D. D, creates a signed certificate includes Bs public key, time of creation, and a validity period for the key. Obtain Bs public key from a trusted certifying authority. Again, a public key certificate is created and signed by the authority.
The basic structure is as follows. Each entry in the public-key ring is a public key certificate. Associate with each such entry : 1- key legitimacy field : that indicates the extent to which PGP will trust that this is a valid public key for this user 2- Signatures field : Zero or more Signatures that the key ring owner collected 3- Signature Trust Field : Associated with the Signatures Field 4- Owner Trust Field : The level of trust assigned to the owner of the public key
A user may wish to revoke his or her current public key either because compromise is suspected or simply to avoid the use of the same key for an extended period. The convention for revoking a public key is for the owner to issue a key revocation certificate , signed by the owner. The corresponding private key must be used to sign a certificate that revokes a public key.