In fact, the role of PGP is not limited to the above: PGP can be used to encrypt files or replace UUencode. Generate; Cardinal number; 64; Format (that is, MIME has; Base; 64 format).
The founder of PGP is an American; Phil; Zimmermann. His creativity lies in his ingenious design of digital signature and key authentication management mechanism, which combines the convenience of RSA public key system with the high speed of traditional encryption system. Therefore, PGP has almost become the most popular public key encryption software package.
PGP is a public-oriented encryption software. Encryption is for security, and privacy is a basic human right. In modern society, e-mail and file transmission on the network have become a part of life. The security problem of e-mail is increasingly prominent. Everyone knows that the data transmitted on the Internet is not encrypted. If you don't protect your information, it will be easy for a third party to get your secret. ; Another problem is information authentication. How to convince the recipient that the email has not been tampered with by a third party requires digital signature technology. The characteristics of RSA public key system make it very suitable to meet the above two requirements:
Privacy and authentication.
RSA(Rivest-Shamir-Adleman) algorithm is a public key system based on the assumption that large numbers cannot be decomposed by prime factors. Simply put, it is to find two big prime numbers, one is open to the world and the other is not to tell anyone. One is called "public key" and the other is called "private key" (public key; Key; & amp; Secretkey or; Private; The two keys are complementary, that is, the ciphertext encrypted with the public key can be decrypted with the private key, and vice versa. Suppose A wants to send a letter to B, and they know each other's public key. A sends an email encrypted with B's public key, and B can decrypt the original with its own private key after receiving it. Because no one else knows B's private key, even A can't decrypt the letter, which solves the problem of confidentiality of the letter. On the other hand, because everyone knows B's public key, they can send a letter to B, so B can't be sure whether it is a letter from A. The problem of authentication arises, and digital signature is useful at this time.
Before explaining the digital signature, please explain what is a "message digest" (message; Digest), simply put, is to use an algorithm to calculate a number that can reflect the "essence" of email. Once there is any change in the email, this number will change, so this number plus the author's name (actually in the author's key) and date can be used as a signature. Specifically, PGP uses the binary number of 128 as the "mail digest", and the algorithm used to generate it is called MD5(message;; Digestion; 5) The originator of MD5 is RonRivest, and the code used in PGP is made by Colin; Written by Plumb, MD5 itself is public software. So it is not mentioned in the legal provisions of PGP. MD5 is a one-way hash algorithm. Different from CRC, it is difficult to find a substitute email with the same "essence" as the original.
Back to digital signature, A encrypts the "essence" of the above 128 bits with its own private key, attaches it to the email, and encrypts the whole email with B's public key. In this way, after the ciphertext is received by Party B, Party B decrypts the mail with its own private key to obtain the original text and signature of Party A, and Party B's PGP also calculates a 128-bit "essence" from the original text to compare the number obtained by decrypting the signature with Party A's public key. If it meets the requirements, it means that the email was indeed sent by Party A. In this way, both requirements have been met.
PGP can also be signed without encryption, which is suitable for public statement. In order to prove their identity (this can only be done online), the declarer can sign with his own private key. This will enable the receiver to confirm the identity of the sender and prevent the sender from denying his statement. This has a great application prospect in the commercial field, which can prevent the sender from denying and the letter from being tampered with on the way.
So why does PGP use the mixed algorithm of RSA and traditional encryption? Because the calculation of RSA algorithm is too large to encrypt a large amount of data in speed, PGP actually uses a traditional encryption algorithm called IDEA, not RSA itself. Let me explain what traditional encryption means first. Simply put, plaintext is encrypted with a key, and then decrypted with the same key. The representative of this method is DES(US;; Federal reserve; Data encryption; Standard), that is, multiplication encryption, its main disadvantage is that the key transmission channel can not solve the security problem and is not suitable for the needs of mail encryption in the network environment.
answer
Italy
Lv Chenyang _
24 fans
second floor
Ideas; It is a patented algorithm, and the patent holder is ETH and a Swiss company: Ascom-Tech;; AG .
They don't need to pay for the non-commercial use of IDEA. The encryption (decryption) speed of IDEA is much faster than RSA, so in fact PGP encrypts plaintext with IDEA algorithm with randomly generated keys (each encryption is different), and then encrypts keys with RSA algorithm. In this way, the recipient also decrypts the random key with RSA, and then decrypts the message itself with IDEA. This chain encryption not only realizes the confidentiality of RSA system, but also realizes the rapidity of IDEA algorithm. This is half of PGP's creativity. Why RSA system was put forward in 1970s, but it has not been popularized? Too slow! So where is the other half of PGP creativity? Next, I will talk about the key management of PGP.
A mature encryption system must be supported by a mature key management mechanism. Public key system is put forward to solve the problem that the key distribution of traditional encryption system is difficult to keep secret. For example, one of the common means used by network hackers is "listening", and it is too dangerous to transmit keys through the network. For example, in the old version of NovellNetware, the user's password is transmitted in clear text on the line, so the listener can easily obtain other people's passwords. Of course; Netware4. 1; The user password of the data header is now encrypted. For PGP, the public key is public, so there is no problem of anti-interception. However, there are still security problems in the issuance of public keys, such as tampering with public keys. Key; Tamper), which may be the biggest loophole in public key cryptosystem, because most novices can't find it quickly. You must make sure that the public key you get belongs to the person it seems to belong to. In order to make this problem clear, I will give an example, and then I will talk about how to plug this loophole with PGP correctly.
Take your correspondence with Alice as an example. Suppose you want to send a letter to Alice, you must have Alice's public key. You downloaded Alice's public key from BBS, encrypted the letter with it, and sent it to Alice through the email function of BBS. It's a pity that you and Alice don't know that another user named Charlie sneaked into the BBS and replaced Alice's public key with the public key in the key pair generated by Alice's name. Then the public key you used to send the letter is not Alice's, but Charlie's. Everything seems normal, because the user name of the public key you got is "Alice". So Charlie can decrypt your letter to Alice with his private key, and even he can forward your letter to Alice with Alice's real public key, so that no one will be suspicious, and he can change your letter to Alice if he wants. What's more, he can forge Alice's signature for you or
When someone sends a letter, because the public key in your hand is forged, you will think it is really Alice's letter.
The best way to prevent this is to avoid giving anyone else a chance to tamper with the public key, such as getting her public key directly from Alice, but it is very difficult when she is thousands of miles away or can't see it. PGP developed a public key introduction mechanism to solve this problem. For example, if you and Alice have a friend David, David knows that Alice's public key is correct (PGP also has a method on how to authenticate public key, which will be discussed later, assuming that David and Alice have authenticated her public key). In this way, David can sign Alice's public key with his private key (that is, by the signing method mentioned above), indicating that he guarantees that the public key belongs to Alice. Of course, you need to use David's public key to verify the public key of Alice that he gave you. David can also authenticate your public key to Alice, so that David can be an "introducer" between you and Alice. In this way, Alice or David can safely upload the Alice public key signed by David to the BBS for you to obtain, and no one can tamper with it without being discovered by you, even the administrator of the BBS. This is a secure way to transmit public keys from public channels.
Some people may ask: Then how do you get David's public key safely? Isn't it a question of chicken or egg first? It is indeed possible that David's public key you got is also fake, but it requires the troublemaker to participate in the whole process. He must be familiar with all three of you, and it takes a long time to plan, which is generally impossible. Of course, PGP also has suggestions to prevent this possibility, that is, a person or institution that everyone generally trusts should play this role. He is called "key attendant" or "certification authority", and every public key he signs is considered to be true, so everyone only needs to have one copy of his public key. Because this person provides this service widely, it is convenient to authenticate this person's public key, and because his public key is widely circulated, it is extremely difficult to forge his public key. This kind of "authority" applies to organizations or government agencies that are not controlled by individuals, and now some institutions have a grade certification system.
answer
Italy
Lv Chenyang _
24 fans
second floor[British English]; third floor[American English]
For those who are very scattered, PGP prefers to use private key to introduce, because this kind of organic unofficial can better reflect people's natural socialization, and people can freely choose people they trust to introduce. Anyway, it's like meeting someone you don't know Every public key has at least one user name (user; ID), please use your full name as much as possible, and it is best to add my email address to avoid confusion.
Attention! One rule you must follow is that you must authenticate any public key before using it! ! ! No matter what kind of temptation you are, there will be such a temptation. You shouldn't, absolutely shouldn't, directly trust a public key obtained from an open source (seemingly confidential), remember to use the public key introduced by an acquaintance, or personally authenticate yourself to the other party. Similarly, you should not sign other people's public keys casually, just as you do in real life, you will only give your home keys to people you trust.
Next, I'll talk about how to authenticate the key by phone. Each key has its own keyID, which is an eight-bit hexadecimal number. The probability that two keys have the same keyID is one in a billion.
In addition, PGP also provides a more reliable way to identify key”s;: "key" s; Fingerprint). Each key corresponds to a string of numbers (sixteen octal hexadecimal numbers), which may be less repeated. In addition, no one can specify to generate a key with a specific fingerprint. The key is generated randomly, so it cannot be deduced from the fingerprint. In this way, after you get someone's public key, you can check this fingerprint with him on your mobile phone to authenticate his public key. If you can't talk to Alice on the phone, you can talk to David and authenticate David's public key, so that David can authenticate Alice's public key. This is a combination of direct authentication and indirect introduction.
This leads to another method, which is to collect your own public keys with different signatures and send them to public places so that most people can know at least one of them, thus indirectly authenticating your public keys. Similarly, you should sign your friend's public key before sending it back, so that he can be authenticated by your other friends through you. It's interesting, just like the communication between people in real society. PGP will automatically find out for you which public keys you got were introduced by your friend, which were introduced by your friend's friend and which were introduced by your friend's friend's friend ... It will help you divide them into different trust levels, so you can refer to them and decide the degree of trust. You can specify that someone has several levels of ability to refer to public keys, and this ability diminishes with the transmission of authentication.
The recommendation authentication mechanism is transitive, which is an interesting problem. Phil, author of PGP; Zimmermann.
There is a saying: "; Trust is not transferable; I have a friend who I believe will never lie. But he is a fool who thinks the president will never lie, but obviously I don't think the president will never lie. "
The security of public key is the core of PGP security, so I won't elaborate here. Like the traditional single-key system, the confidentiality of the private key is also decisive. Compared with the public key, the private key does not have the problem of tampering, but it has the problem of leakage. RSA's private key is a long number that users can't remember. The method of PGP is to let the user specify a password (pass stage). Only when the password is given can the private key be released for use. The method of encrypting the private key with a password is as secret as PGP itself. Therefore, the security problem of private key is actually the confidentiality of user password first. Of course, it is also dangerous that the private key file itself is leaked, because all the decoder needs is to explore your password in an exhaustive way. Although it is difficult, it lacks a layer of protection after all. Just remember one thing here, keep your private key like any privacy, and don't let anyone touch it.
PGP's careful consideration of security issues is reflected in all aspects of PGP. For example, the actual key of each encryption is a random number, and everyone knows that computers cannot generate real random numbers. PGP program is very cautious about the generation of random numbers, and the generation of key random numbers, such as RSA keys, obtains random number seeds from the time interval when users look at the keyboard. Formed on a magnetic disk; The encryption strength of randseed.bin file is the same as that of e-mail. This effectively prevents others from analyzing the laws of your actual encryption key from your randseed.bin file.
Here I mention the pre-compression processing before PGP encryption. PGP kernel uses PKZIP algorithm to compress plaintext before encryption. On the one hand, for e-mail, the encrypted ciphertext after compression and 7-bit coding may be shorter than the plaintext, saving the time of network transmission. On the other hand, plaintext is compressed, which is actually equivalent to a transformation, making information more chaotic and more resistant to plaintext attacks. The PKZIP algorithm used in PGP is approved by the original author. PKZIP algorithm is recognized that the compression rate is equivalent to the compression speed.
Good compression algorithm. Pkpzip version 2.0 compatible algorithm is used in PGP.
Ok, I will introduce the security of PGP in detail in the article "Security of PGP". Having said so much, I just want to let everyone know that PGP will be very safe, as long as you use it correctly. Please refer to PGP for the installation and use of PGP; Installation and use. If you don't understand some words when reading English documents, please try to find clues from the explanation of PGP nouns in the article. PGP2.6.3i is the version of PGP that I recommend you to use. Please refer to the PGPi Q&A set.
In today's Internet, articles signed by PGP can be seen everywhere, and the version of PGP is also updated rapidly. It is said to be PGP3.0; It will be launched in a few months. More and more people in the world are using PGP, and we in China should also pay attention to protecting our legal privacy. I translated these articles to promote the use of PGP in China. Although it is still a new thing, we must see that it will grow rapidly in cyberspace. Although China started late, it is not much worse than the United States, so we should catch up.