What is PGP encryption?

Enterprise 2023-05-07 21:10:54 views: null

foreword

PGP (Pretty Good Privacy) is a set of application programs for message encryption and verification. The main developer of PGP is Phil Zimmerman. Zimmerman released PGP for free on the Internet in 1991. PGP itself is a commercial application; an open-source equivalent is called GnuPG (GPG). PGP and its ilk follow the OpenPGP data encryption and decryption standard.

How PGP encryption works

PGP encryption consists of a series of algorithms for hashing, data compression, symmetric key encryption, and public key encryption. Each step supports several algorithms, and the user can choose one to use. Each public key is bound to a username and/or e-mail address. The initial version of this system is often referred to as the Web of Trust or the X.509 system; the X.509 system used a hierarchical scheme based on digital certificate certification authorities, which was later added to the implementation of PGP. The current version of PGP encryption uses an automatic key management server for reliable storage of keys.

compatibility

As PGP evolved, versions supporting newer functions and algorithms were able to create encrypted messages that older PGP systems could not decipher, even with valid private keys. Therefore, partners in a PGP communication must know each other's capabilities or at least agree on the PGP settings.

confidentiality

PGP can be used to send confidential messages. To do this, PGP combines symmetric-key and public-key encryption. PGP encrypts messages using a symmetric encryption algorithm that requires a symmetric key. Each symmetric key, also known as a session key, is used only once. The message and its session key are sent to the receiver. The session key has to be sent to the recipient to decrypt the message, but to protect it in transit it is encrypted with the recipient's public key. Only the private key belonging to the recipient can decrypt the session key.

digital signature

PGP supports message authentication and integrity checking. The latter is used to check whether a message has been modified in transit (i.e. verify message integrity), while message authentication is used to determine whether a message was sent by the person or entity claiming to be the sender (i.e. digital signature verification ). Since the content of the message is encrypted, changing the content in any message will cause the key decryption to fail. In PGP, these features are enabled by default together with message encryption, and can also be applied to plaintext authentication. The sender simply uses PGP to create a digital signature for the message (the signature algorithm is RSA or DSA). The specific steps are: PGP creates a hash (see message digest) from the data or information, and then uses the sender's private key to generate a digital signature from the hash.

trust network

Whether encrypting a message or verifying a signature, care needs to be taken that the public key used to send the message actually belongs to the intended recipient. Simply downloading a public key from a location is not guaranteed, and deliberate (or accidental) impersonation is possible. From its first version, PGP publishes the user's public key in the 'identity certificate', which is also constructed in an encrypted manner, so any tampering or accidental changes can be detected quickly. But it is not enough to have a mechanism that any modification to the certificate will be detected. Such a detection mechanism can only be used to prevent tampering after the certificate is created, not before.

The user must also have some form of assurance that the public key in the certificate really belongs to a specific person/entity. Since its first release, the PGP product has included an internal 'censorship scheme' to assist it, a trust model called the Web of Trust (GOOGLE). For a given public key (specifically, the binding information of a username to its corresponding key) can be digitally signed by a third-party user to prove the association between a person (actually referring to the username) and a key, Instead, the signature includes varying degrees of trust in the association. While many programs read and write this information, only a few use the trust level to decide whether to trust a key.

The trust network mechanism has advantages over the centrally managed public key infrastructure of the S/MIME scheme, but it has not been widely adopted by the general public of the network, generally only among Unix-like enthusiasts, open source software circles, and those who pay special attention to privacy and have Used among computer literate crowd. How to make general users easy and willing to use, receive certificates and then manually verify their validity, these potential promotion obstacles have not yet satisfied solutions.

Certificate

In the recent OpenPGP specification, trust signatures can be used to support trusted certificate authorities. A trust signature indicates that the public key belongs to the owner of its statement, and the next-level public key signed by the owner of the public key is also trusted. of. Zero-level signatures are comparable to trust-web signatures because only the validity of their public key is verified. A first-level signature is similar to a certificate authority in that a person with a first-level public key can issue an unlimited number of zero-level signatures. A secondary signature is very similar to the trust assumptions that users must rely on when using the default list of certificate authorities (like those included in web browsers); it allows the owner of the key to craft additional public-key certificate authorities.

All versions of PGP include a method to cancel ("revoke") a certificate. If the user's private key is lost or cracked, he must adopt this method of canceling the certificate to continue to ensure the security of communication. This approach is basically equivalent to the certificate revocation list of the centralized PKI scheme. The latest PGP versions also support setting automatic expiration dates for certificates.

It's not just a matter of how PGP correctly determines that a particular public key belongs to a particular user. All encryption systems using public/private key encryption suffer from this problem, and currently there is no satisfactory solution. The original PGP scheme at least allowed users to choose whether to use their endorsement/approval system, while for other PKI schemes, they required users to trust all certificates certified by a central certificate authority.

https://baijiahao.baidu.com/s?id=1738308154057002398&wfr=spider&for=pc

Guess you like

Origin blog.csdn.net/weixin_45264425/article/details/130536054
Recommended
Ranking
[Clear the game] Choose those things that can produce compound interest, and improve yourself
GitHub Getting Started Tutorial-GitHub remote warehouse creation and submission pull
[People Archive] [AI] [girls] Characteristic Appreciation pinched face data 2
Nearly three most popular invitation code to fill 35,003,700
(1) Kirin system (arm64/aarch64) install docker and docker-compose offline
Study Notes: oracle study three: to retrieve the data base of the SQL language: simple query, filter query
IDEA Tool Pit Avoidance Guide (11): After git imports SpringBoot | does not recognize dependencies | a large number of popular | cannot start
Working with Java - Print four iterations per 9 character wide line
Forgot password
linux file mount
Daily
More
2024-08-02(0)
2024-08-01(0)
2024-07-31(0)
2024-07-30(0)
2024-07-29(0)
2024-07-28(0)
2024-07-27(0)
2024-07-26(0)
2024-07-25(0)
2024-07-24(0)

Code World

© 2018 codetd.com