In fact, the functions of PGP include: you can encrypt files with PGP, or you can use PGP instead of UUencode to generate coded files in RADIX 64 format (that is, BASE 64 format of MIME).
The founder of PGP is Phil Zimmerman of America. His creativity lies in his ingenious design of digital signature and key authentication management mechanism, which combines the convenience of RSA public key system with the high speed of traditional encryption system. Therefore, PGP has almost become the most popular public key encryption software package.
1. Firstly, the flow of PGP encryption system is briefly introduced.
PGP encryption system is a combination of public key encryption and traditional key encryption. It uses a pair of mathematically related keys, one of which (public key) is used to encrypt information and the other (private key) is used to decrypt information.
The key used in the traditional encryption technology adopted by PGP is called "session key" (sek). Every time it is used, PGP randomly generates an IDEA session key of 128 bits, which is used to encrypt messages. The public key and private key in public key encryption technology are used to encrypt the session key and indirectly protect the message content through it.
Each public key and private key in PGP is accompanied by a key certificate. It generally includes the following contents:
Key content (the key is represented by a large number within 100).
Key type (indicates whether the key is public or private)
Key length (the length of the key, expressed in binary bits)
Key number (used to uniquely identify the key)
creation time
User identification (information of the key creator, such as name, email, etc.). )
Key fingerprint (128 digits, which is the only feature of the key in the key content summary)
Intermediary signature (digital signature of the intermediary, indicating the authenticity of the key and its owner, including the key number and identity information of the intermediary)
PGP stores public and private keys in a key ring (KERR) file. PGP provides an effective algorithm to find the key that users need.
PGP requires passwords in many places, mainly to protect private keys. Because the private key is too long and irregular, it is difficult to remember. PGP encrypts it with a password and stores it in the key ring, so that users can indirectly use the private key with an easy-to-remember password.
Each private key of PGP is encrypted by the corresponding password. PGP mainly requires users to enter passwords in three places:
When the encrypted information needs to be decrypted, PGP needs the user to enter the password and take out the private key to decrypt the information.
When a user needs to sign a file or information, the user enters a password and takes out the private key for encryption.
Traditional disk file encryption requires users to enter a password.
2. The workflow of PGP is introduced above, and the encryption and decryption methods related to PGP and the key management mechanism of PGP are briefly introduced below.
PGP is a public-oriented encryption software. E-mail is transmitted through an open network, and other people on the network can monitor or intercept the e-mail and get the content of the e-mail, so the security problem of e-mail is more prominent. In order to prevent the third party from obtaining information, encryption technology is needed. Another problem is information authentication. How to convince the recipient that the email has not been tampered with by a third party requires digital signature technology. The characteristics of RSA public key system make it very suitable to meet the above two requirements: confidentiality and authentication.
RSA(Rivest-Shamir-Adleman) algorithm is a public key system based on the assumption that large numbers cannot be decomposed by prime factors. Simply put, it is to find two big prime numbers, one is the public key and the other is the private key, and don't tell anyone. These two keys are complementary, that is, ciphertext encrypted with public key can be decrypted with private key, and vice versa.
Suppose A wants to send a letter to B, and they know each other's public key. A sends an email encrypted with B's public key, and B can decrypt the original with its own private key after receiving it. Because no one else knows B's private key, even A can't decrypt the letter, which solves the problem of confidentiality of the letter. On the other hand, because everyone knows B's public key, they can send a letter to B, so B can't be sure whether it is a letter from A ... At this time, digital signature is needed for authentication.
Before explaining the digital signature, explain what a "message digest" is. E-mail digest is a number that can best reflect the characteristics of an e-mail through an algorithm. Once there is any change in the email, this number will change, so this number can be used as a signature together with the author's name (actually in the author's key) and date. PGP uses the binary number of 128 bits as the "mail digest", and the algorithm used to generate it is called MD5 (Message Digest 5). MD5 is a one-way hash algorithm. Unlike CRC, it is difficult to find a replacement email with the same MD5 feature value as the original email.
Back to digital signature, A encrypts the above-mentioned characteristic value of 128 bits with its own private key and attaches it to the email, and then encrypts the whole email with B's public key. In this way, after receiving the ciphertext, Party B decrypts the mail with its own private key to obtain the original text and signature of Party A, and Party B's PGP also calculates a feature value of 128 bits from the original text, and compares it with the number obtained by decrypting the signature with Party A's public key. If it matches, it means that the email was indeed sent by Party A. In this way, both security requirements have been met.
PGP can also be signed without encryption, which is suitable for public statement. In order to prove his identity, the declarer can sign with his own private key. This will enable the receiver to confirm the identity of the sender and prevent the sender from denying his statement. This has a great application prospect in the commercial field, which can prevent the sender from denying and the letter from being tampered with on the way.
PGP actually uses a mixed algorithm of RSA and traditional encryption. Because the calculation of RSA algorithm is too large to encrypt a large amount of data in speed, PGP actually uses a traditional encryption algorithm called IDEA, not RSA itself. Traditional encryption, generally speaking, is to encrypt plaintext with a key and then decrypt it with the same key. The representative of this method is DES, that is, multiplicative encryption. Its main disadvantage is that the key transmission channel can not solve the security problem and is not suitable for email encryption in the network environment. The encryption (decryption) speed of IDEA is much faster than RSA, so in fact, PGP encrypts plaintext with an IDEA algorithm with a randomly generated key (each encryption is different), and then encrypts the key with RSA algorithm. In this way, the recipient also decrypts the random key with RSA, and then decrypts the message itself with IDEA. This chain encryption not only realizes the confidentiality of RSA system, but also realizes the rapidity of IDEA algorithm. PGP adopts this chain encryption, which not only ensures confidentiality, but also ensures the encryption speed.
The core functions of PGP are file encryption, communication encryption and digital signature. The following will briefly introduce some PGP auxiliary functions, which are not the core of the whole encryption system, but only play the role of coordinating various parts and facilitating users. This paper mainly introduces the key management mechanism of PGP.
A mature encryption system must be supported by a mature key management mechanism. The public key system is put forward to solve the problem that the key distribution process of traditional encryption system is difficult to keep secret. If the key is transmitted through the network, others on the network can get it by listening. For example, in the old version of Novell Netware, the user's password was transmitted in clear text on the line, so the listener could easily get someone else's password. Of course, the user password of the header in Netware 4. 1 is encrypted now. For PGP, the public key is public, so there is no anti-interception problem. However, there are still security problems in public key publishing, such as public key tampering, which may be the biggest loophole in public key cryptosystem. There must be a mechanism to ensure that the public key obtained by users is correct and not forged by others. Let's give an example to illustrate this problem and how to plug this loophole correctly with PGP.
Suppose Mike wants to send a letter to Alice, he must have Alice's public key. Users download Alice's public key from BBS, encrypt letters with it, and send them to Alice with the email function of BBS. However, another user named Charlie sneaked into the BBS and replaced Alice's public key with the public key of the key pair with Alice's name generated by himself, but neither of the two people involved in the communication knew it. So the public key that Mike used to send letters is not Alice's, but Charlie's. Everything seems normal. So Charlie can decrypt Mike's letter to Alice with his private key, and even he can forward Mike's letter to Alice with Alice's real public key, so that no one will be suspicious. If he wants, he can replace Mike's letter to Alice. He can even forge Alice's signature to send a letter to Mike or others, because the public keys in these users' hands are forged, and they will think it is really Alice's letter.
The best way to prevent this is to avoid giving anyone else the opportunity to tamper with the public key, such as directly obtaining Alice's public key, which is very difficult in many cases. PGP developed a public key introduction mechanism to solve this problem. For example, if Mike and Alice have a friend David, David knows that Alice's public key is correct (PGP has another method on how to authenticate the public key, which will be discussed later, assuming that David and Alice have authenticated her public key). So David can sign Alice's public key with his private key, which shows that he guarantees that the public key belongs to Alice. Of course, Mike needs David's public key to verify Alice's public key, and David can also authenticate Mike's public key to Alice, so David becomes an "introducer" between Mike and Alice. In this way, Alice or David can safely upload Alice's public key signed by David to the BBS for Mike to obtain, and no one can tamper with it without being discovered, even the administrator of the BBS. This is a secure way to transmit public keys from public channels.
So how can we get David's public key safely? It is indeed possible that Mike's public key is also fake, but this requires the participation of the person who forged the key. He must be familiar with all three people and plan for a long time, which is generally impossible. Of course, PGP also has suggestions to prevent this possibility, that is, a person or organization that everyone generally trusts will play this role, that is, the so-called "key attendant" or "certification authority" (certification center), and every public key he signs is regarded as authentic, so that everyone only needs to have a copy of his public key, and he can easily authenticate this person's public key, because he provides this service widely, and it is very difficult to forge his public key. This kind of "authority" applies to organizations or government agencies that are not controlled by individuals, and now some institutions have a grade certification system.
For those who are very scattered, PGP prefers to use private key to introduce, because this organic unofficial way can better reflect people's natural socialization, and people can freely choose people they trust to introduce. In short, communication with people you don't know is the same. Each public key has at least one "user ID", and it is better to add my email address to avoid confusion.
3. Next, we will introduce how to authenticate the key by phone.
Each key has its own keyID, which is an eight-bit hexadecimal number. The probability that two keys have the same keyID is one in a billion, and PGP also provides a more reliable way to identify the key: the fingerprint of the key. Each key corresponds to a string of numbers (sixteen two-digit hexadecimal numbers), and this fingerprint may not be repeated. In addition, no one can specify to generate a key with a specific fingerprint. The key is generated randomly, so it cannot be deduced from the fingerprint. So when you get someone's public key, you can check this fingerprint with him on the phone to authenticate his public key. If you can't communicate with the other party directly, you can authenticate the introducer's public key with the intermediary introducer by phone in the public key introduction mechanism, so as to authenticate the other party's public key through the introducer, which is a combination of direct authentication and indirect introduction.
This leads to another method, which is to collect your own public keys with different signatures and send them to public places so that most people can know at least one of them, thus indirectly authenticating your public keys. Similarly, after you sign your friend's public key, you should send it back to him so that he can be authenticated by your other friends through you. Just like people's communication in real society. PGP will automatically find out for you which public keys you got were introduced by your friend, which were introduced by your friend's friend and which were introduced by your friend's friend's friend ... It will help you divide them into different trust levels, so you can refer to them and decide the degree of trust. You can specify that someone has several levels of ability to refer to public keys, and this ability diminishes with the transmission of authentication.
The recommendation authentication mechanism is transitive, which is an interesting problem. Phil Zimmermann, the author of PGP, once said: "Trust is not transferable; I have a friend who I believe will never lie. But he is a fool who believes that the president will never lie, but obviously I don't think the president will never lie. "
The above is about the security of public key, which is the core of PGP security. In addition, like the traditional single-key system, the confidentiality of the private key is also decisive. Compared with the public key, the private key does not have the problem of tampering, but it has the problem of leakage. RSA's private key is a long number, which is impossible for users to remember. PGP's method is to let users specify a passing phase for randomly generated RSA private keys. Only by giving the password can the private key be released for use. The method of encrypting the private key with a password is as secret as PGP itself. Therefore, the security problem of private key is actually the confidentiality of user password first. Of course, it is also very dangerous that the private key file itself is leaked, because all the decoder needs is to test the export order by exhaustive method (storm), which is difficult, but after all, it lacks a layer of security. It should be noted that it is best not to write the private key on paper or file, because others can easily get it here.
PGP's careful consideration of security issues is reflected in all aspects of PGP. For example, the actual key of each encryption is a random number, and everyone knows that computers cannot generate real random numbers. PGP programs are very cautious about the generation of random numbers. The generation of key random numbers, such as RSA keys, is to obtain random number seeds from the time interval when users hit the keyboard. The randseed.bin file on disk is encrypted with the same strength as e-mail. This effectively prevents others from separating the rule of encrypting the actual key from the randseed.bin file.
4. Finally, the pre-compression of PGP before encryption is mentioned. PGP kernel uses PKZIP algorithm to compress plaintext before encryption.
On the one hand, for e-mail, the encrypted ciphertext after compression and 7-bit coding may be shorter than the plaintext, saving the time of network transmission. On the other hand, plaintext is compressed, which is actually equivalent to a transformation, making information more chaotic and more resistant to plaintext attacks. PKZIP algorithm is a recognized compression algorithm with good compression rate and compression speed. An algorithm compatible with PKZIP version is used in PGP.
5. Bibliography:
Philip Zimmermann:“PGP User's Guide Volume I: Basic Topics "
barber