PGP-Pretty Good Privacy

29.10.1999
Satu Laukkanen, Raija Seppälä
Tik, Kon
Helsinki University of Technology
solaukka@cc.hut.fi
                                                                   Abstract

Pretty Good Privacy (PGP) is a very elegant public encryption program that enables people to securely exchange encryption keys over the internet and then transfer sensitive data,such as credit card details etc, over the Internet in a secure manner.  PGP is considered by most encryption analysts to be 'uncrackable'and because of this it is the most widely used and respected public encryption program available.

PGP combines the convenience of the Rivest-Shamir-Adleman (RSA) public key cryptosystem with the speed of conventional cryptography, message digests for digital signatures, data compression before encryption, good ergonomic design, and sophisticated key management. PGP performs the public-key functions faster than most other software implementations.

Contents

1. Introduction

2. Why PGP

2.1 Why to use PGP

2.2  Why PGP is so popular

How PGP works

3.1 general

3.2 The most important PGP Commands

4. PGP and email

5. Possible security problems

6. Future

References

Further Information

1. Introduction

PGP  is a public key encryption program originally written by Phil Zimmermann in 1991. Over the past few years, PGP has got thousands of adherent supporters all over the globe and has become a de-facto standard for encryption of email on the Internet. PGP is available for many different platforms, including Windows, Unix, MS-DOS, OS/2, Macintosh, Amiga and Atari. PGP combines some of the best features of both conventional and public key cryptography. PGP is a hybrid cryptosystem. When a user encrypts plaintext with PGP, PGP first compresses the plaintext. Data compression saves modem transmission time and disk space and, more importantly, strengthens cryptographic security. Compression reduces these patterns in the plaintext, thereby greatly enhancing resistance to cryptanalysis.[1]

2. Why PGP

2.1 Why to use PGP

Some people may wonder why PGP is necessary. Some people probably don't care. However, many people work in a remote in a distributed environment - with modems as a connection to the office, and anytime sensitive data is sent through any kind of network, there's a risk of somebody else grabbing a copy. With PGP, that's no longer an issue.  Additionally, it is always possible to verify that documents come from where they were supposed to, since it's impossible to forge the digital signatures that PGP creates. For example, using an anonymous relamiler, you can hide your real name and address from people to whom you send mail. However, once you've got the public key of the person from whom you're reveived the mail , you'll know that anything verified by that key came from the person who sent the message - without ever meeting anyone or knowing who they really are. Thus, by coupling the anonymity of the Internet and the authentication of PGP, we can be anonymous, yet readily - and reliably .  The only potential problems with public-key systems is verifying the public keys you have.

2.2 Why PGP is so popular

The PGP software is available - for personal use - for free worldwide, in versions that run on a variety of platforms, including DOS, Windows, Unix, and Macintosh. The commercial versions must be purchased, but they include vendor support and greater capabilities.PGP is based on algorithms that have survived extensive public review and are considered extremely secure (RSA, IDEA, MD5, and Diffie-Hellman, for example). It has a wide range of applicability. It can be used by corporations that want to enforce a standardized scheme for encrypting files and messages, by individuals who wish to communicate securely over the Internet and other networks, by political groups actively resisting the government in totalitarian countries, and so on.
It was not developed by, nor is it controlled by, any governmental or standards organization.
 

3. How PGP works

3.1  General

When you install PGP, you will generate a pair of keys for yourself; a "public key" and a "secret key". The easiest way to think of these is to think of the private key as a regular key and the public key as a set of keyed-alike locks. You distribute copies of the lock (or public key) to people who may wish to send you secure messages. You keep the (secret) key to yourself, so that only you can open and read these messages. You may post your public key to a public keyserver on the Internet so that anyone can retrieve it and send you secure email and files.[3] PGP supports three RSA key lenghts.It is up to the user to select the one that is most appropiate. The lenghts are:

1. Casual (384 bits) can be broken but it is extrimely difficult.
2. Commercial (512bits) can be broken by CIA etc.
3. Military ( 1024 bits) unbreakable.

Public keys are kept in individual key certificates that include the key owner's user ID (which is that person's name), a timestamp of when the key pair was generated, and the actual key material. Public key certificates contain the public key material, while secret key certificates contain the secret key material. Each secret key is also encrypted with its own password, in case it gets stolen. A key file, or key ring contains one or more of these key certificates. Public key rings contain public key certificates, and secret key rings contain secret key certificates. [2]

PGP  allows you to sign a message or a file, with or without sealing (encrypting) it. Each digital signature is uniquely generated by PGP based on the contents of the message and the signer's private key. The signature can be checked by anyone using the signer's public key. Since the signature is based partly on the contents of the message, if even one character of the message has been changed, PGP will report that the signature is invalid. The signature is also based on the signer's private key, and the private key is held only by the signer, so recipients can be sure that no one else sent the message.[3] PGP uses message digests to form signatures. A message digest is a 128-bit cryptographically strong one-way hash function of the message. It is somewhat analogous to a checksum or CRC error checking code, in that it compactly represents the message and is used to detect changes in the message. Unlike a CRC, however, it is computationally infeasible for an attacker to devise a substitute message that would produce an identical message digest. The message digest gets encrypted by the secret key to form a signature.[2]  The important thing to remember is that while written signatures are supposedly unique per person, digital signatures are unique per document. Written signatures can be copied from document to document and still appear valid. Digital signatures fail verification when applied to another document.[3]
 

3.2 Most important PGP  commands

To generate your own unique public/secret key pair:

      pgp -kg

To add a public or secret key file's contents to your public or secret key ring:

     pgp -ka keyfile [keyring]

This command produces a ciphertext file called textfile.pgp. A specific example is:

    pgp -e letter.txt Raija

The example searches your public key ring file pubring.pgp for any public key certificates that contain the string Raija anywhere in the user ID field.[3]

This command produces a signed file called letter.pgp

    pgp -s letter.txt -u Bob

This searches your secret key ring file secring.pgp for any secret key certificates that contain the string Bob anywhere in the user ID field. Your name is Bob, isn't it? The search is not case-sensitive. If it finds a matching secret key, it uses it to sign the plaintext file letter.txt, producing a signature file called letter.pgp [3]
 

4. PGP and email

In practice PGP is beeing used more often for crypting of emails than cryption of files. However, many emailprograms don't support PGP. Nevertheless, there are tools for using PGP with emailprograms available. [4]
 

5. Possible security problems

The simplest way to make signatures in your name and read your messages is if you have written down your pass phase for your secret key and you leave
it somewhere (to be found). If someone gets so your pass phase and also gets your secret key file, the has been a successfull attack. Also you
shouldn't use simple pass phases, meaning words etc. passwords that can be easily quessed or cracced.

A big vulnerability exists also if public keys are tampered with. When you use someone else's public keye, you should always make surtain that it has
no been tamped with and to make sure that no one else can tamper with your own public key.

Another potential security problem is caused by how most operating systems delete files: files that are deleted are just mark deleted and can be
overwriten later. If an attacker reads these deleted disk blocks soon after they have been deallocated, he could recover your plaintext. The
only way to prevent the plaintext from reappearing is to somehow cause the deleted plaintext files to be overwritten.  You can overwrite the original
plaintext file after encryption by using the PGP -w (wipe) option.

Also it is possible to make a viruses or worm etc. that for example could capture your pass phase or secret key or deciphered messages, write the
captured information to a file and send it to the viruses owner. Like always it's important be worried about viruses etc. The can do all kind of
damages.

You should also remember, that cryptographic techniques protect data only while it's encrypted : direct physical security violations can still
compromise plaintext data etc. information.

PGP was originaly designed for single-user systems. Howeverit is now beeing used for example in Unix and other multi-user systems. There are
much greater risks of your plaintext or keys or passwords being exposed in multi-user systems. In Unix, others can have information conserning you,
especially so can do the adminisrator and intruders.
 

6. Future


PGP has for years now caused problems for crackers: even NSA has problems cracking messages crypted by PGP. That is why PGP's use has rapidly
increased since 1991 all around the world. One thing that also makes it popular is that you can get it for free from the Internet. [5]

There are countless fans of PGP, and many of them are software engineers who want to improve PGP and promote it. The future of PGP looks bright. Security will be very important matter in the future. People are just now finding out how crucial e-security is in their personal and business lives.

References

[1] Anon., The International PGP Home Page, [viitattu 20.9.1999]
<http://www.pgpi.org>

[2] Anon., PGP User's Guide, Volume I: Essential Topics, 9.11.1994
<ftp://nic.funet.fi/pub/crypt/cryptography/pgp/doc/HTML/pgpdoc1/pgpdoc1.html>

[3] Greene, A., A Newcomer's Introduction to Pretty Good Privacy (PGP), 10.6.1998
<http://www.mindspring.com/~aegreene/pgp/>

[4] Mäkilä, N. & Sadeniemi, M., PGP - Pretty Good Privacy, 2.4.1996,
<http://www.csc.fi/lehdet/atcsc/atcsc2-96/pgp.html>

[5] Soininen, S., Verkon valvojat: Internetissä kannattaa säilyttää itsesuojeluvaisto, Helsingin Sanomat (Nyt-liite), 1997, Nro.2
<http://www.helsinginsanomat.fi/nyt/9702/>
 

Further information

 [1]Anon, International PGP-Homepage, [viitattu 20.9.1999]
 <http://www.pgpinternational.com/>
 
  Commercial PGP page. Tells about the future of PGP and gives legal ionformation.

 [2] Anon, PGP - Pretty Good Privacy, 17.3.1999
 <http://www.uta.fi/laitokset/tkk/ohjeetoppaat/pgp/index.html>
 
  Lot of practical information about PGP. Very usefull site!

 [3] Bauriedel, B., Pretty Good Privacy, 4.11.1998
 <http://www.stanford.edu/group/tdr-security/PGP-Demo/index.htm>

  Large scale information about PGP. The writer seems to be professional and the text reliable. Slides are clear and new things are easy to learn.
 
 [4] Chadwick, D.W.& Young, A.J.& Cicovic, N.K., Merging and extending the PGP and PEM trust models-the ICE-TEL
      trust model, IEEE Network, 1997, Vol.11, May/June 1997
 <http://iel.ihs.com:80/cgi-bin/iel_cgi?sess=225647188&prod=IEL&page=%2fiel3%2f65%2f12756%2f00587045%2epdf>
 Gives information about ICE_TEL ( security) model, including PGP.Gives examples of using this model in different scenaarios.

[5]El Capron, Linux PGP HOWTO, 28.8.1999
<http://members.aa.net/~rubino/pgp.html>

How to use PGP:n in Linux.

[6] Garfinkel, S., PGP : Pretty Good Privacy, 1st Ed., O'Reilly&Assosiates, Sebastopol (CA), 1994, 430s. 
 
Book only about PGP.  

[7] Hoffman, P. Zimmermann, P., Interview with author of PGP (Pretty Good Privacy), 2.2.1996 
<http://www.animatedsoftware.com/hightech/philspgp.htm

Interview with P. Zimmermann, where he tells about encrypting. Interesting.

[8] Parkins, K., PGP - Pretty Good Privacy, 30.6.1999 
<http://www.heureka.clara.net/sunrise/pgp.htm

A lot information about PGP and links for different purposes. Sunrise
Promotions's information about PGP. Nevertheless, seems to be a reliable
source.

[9] Rinne, I., Julkisivu, 14.3.1997 
<http://www.physics.helsinki.fi/~iorinne/pgp/>

Very usefull and thorough page about PGP. PGP and email is a good extra.
Good outline.

[10] Schneier, B., Cryptography: the importance of not being different, Computer, 1999, Vol.32, March 1999 
<http://iel.ihs.com:80/cgi-bin/iel_cgi?sess=225647188&prod=IEL&page=%2fiel4%2f2%2f16230%2f00751335%2epdf

Gives information about GPG in general. Good wide-scale approach. Does not
give specific information about the use of PGP, but is an interesting
article and gives things to think about.

[11]Tanenbaum, A., S., Computer Networks, 3rd Ed., Prentice-Hall, Inc, New
Jersey, 1996, 811s.

PGP shortly.

[12] Zimmerman, P., PGP(tm) Users Guide, 11.10.1994 
<http://www.tcm.hut.fi/Opinnot/Tik-110.350/Tehtavat/pgp/

Exellent presentation about PGP, that also is uers guide written by the
inventor of PGP