————The perfect combination of cryptographic technologies

?PGP is a cryptographic software written by Philip Zimmermann around 1990. It is still used in the world is widely used. The name PGP is the abbreviation of Pretty Good Privacy.

?PGP can run on many platforms such as Windows, Mac OS X, Linux, etc. The versions include commercial version and free version. In addition, there is a GNU free software called GnuPG (GNU privacy Guard) written in accordance with the OpenGPG (RFC4880) specification.

?The introduction here is mainly based on the contents of PGP Command Line User's Guide 10.3 and GnuPG2.1.4. In terms of detailed functions and supported algorithms, PGP and GunPG are different, and there will be differences between different versions. The unified PGP introduced here shall prevail.

?OpenPGP is a standard specification that defines ciphertext and digital signature formats (RFC1991, RFC2440, RFC4880, RFC5581, RFC6637).

The message format of PGP was defined in RFC1991 in 1996. RFC4880 in 2007 added support for RSA and DSA. RFC6637 in 2012 added support for elliptic curve cryptography (ECC), and also supports elliptic curve DSA and elliptic curve Diffie-Hellman keys based on Curve P-256, P-384 and P-521. exchange.

A new balanced comparison table for comparing cryptographic strengths has been added to RFC6637. It can be seen from this table that, for example, when we choose a 256-bit elliptic curve cryptographic algorithm, we should choose a 256-bit hash distribution and a symmetric cryptographic algorithm with a key length of 128 bits.

?GNU Privacy Guard (GnuPG, GPG) is a cryptography software developed based on the OpenPGP standard. It supports encryption, digital signatures, key management, S/MIME, ssh and other functions. GnuPG is a free software released under the GNU GPL license, so anyone can use it freely. GnuPG itself is a command line attack, but it is often integrated into other applications.

?GnuPG is divided into three series: stable, modern and classic.

?Omitted

?PGP encryption process, as shown in the figure, the message is encrypted by the mixed cryptosystem and then converted into message data (text data).

?The content here is basically the same as the structure of the hybrid cryptosystem mentioned above. The difference is that it also includes message compression and binary->text conversion (conversion to ASCII radix- 64) These two steps.

In the above figure, the message is combined with the corresponding signature and finally converted into message data (text data). By the way, you can choose whether to convert message data into text data in PGP.

?The above figure shows the two processes of generating a digital signature for a message and compressing and encrypting the message, and the results of the two are put together to form message data (text data). It is optional in PGP whether to convert message data into text data.

When using PGP, it is very important to confirm whether the public key you receive really belongs to the correct person, because the public key may be replaced through a man-in-the-middle attack.

?A certificate is a digital signature imposed on a public key by a certification authority. By verifying this digital signature, the legitimacy of the public key can be confirmed.

?However, PGP does not use a certification authority, and Twenty adopts a method called web of trust. In this method, PGP users digitally sign each other's public keys.

The main point of the Trust Network is to "not rely on certification authorities", but to establish a trust relationship between everyone. In other words, being able to decide for yourself which public keys you want to trust.

The main content of this series comes from "Illustrated Cryptographic Technology, Third Edition"

I am just a porter of knowledge

The illustrations in the article come from the original book

p>