PGP
Bernard K. Huang
March 15, 2005
Professor Richard Sinn
CMPE 297: Software Security Technologies
Tuesday 7:30 - 9:30
I. What is PGP?
PGP stands for Pretty Good Privacy. It is a program that allows users to encrypt electronic
mail and any file that is stored on the user's computer. A user can also use PGP to "sign"
documents with a digital signature that is tamper-proof to prevent someone from forging a
document and then claiming that the document is from someone else. The goal of PGP is to ensure
privacy and strong authentication.
Privacy means that the intended recipient of a message can read it. PGP provides protection
against any malicious hacker who attempts to decrypt the messages sent over a network. The
"snooper"1 will have a difficult time decrypting the message.
Authentication ensures that the information sent is from the original owner and that the
information has not bee altered. Authentication also provides a secure means to verify the identity
of an individual.
II. What PGP Can Do?
The latest version of PGP, v6.5.8, can be freely downloaded from
http://web.mit.edu/network/pgp.html . This software enables the user to do the following:
1.
Encrypt files using IDEA2, a powerful private key encryption algorithm. Once the file
encrypted, the intended recipient has the privilege to decrypt the file using a pass phrase.
2.
Create private and public keys. These keys are used to encrypt and sign data to be sent
over a network and also used to decrypt data sent from other uses.
3.
Manage keys. PGP can be used to create and maintain a database containing the public
keys of the people a user communicates with. This database would be similar to an
address book.
4.
Send and receive encrypted email.
1
is
A person who uses some software program to intercept messages on the network. It can be a curious user or a
malicious hacker.
2
International Data Encryption Algorithm invented by Xuejia Lai and James Massey at ETH in Zurich. Paten owned
by Ascom-Tech.
1
5.
Use digital signatures to sign documents. PGP can also be used to verify people's
signatures.
6.
Certify Keys. PGP can be used to sign other user's public keys.
7.
Revoke and disable keys. If a user's keys are stolen or lost, PGP can be used to disable
keys in order to render them useless.
8.
Customize PGP. PGP can be configured to the user's preferences on encryption needs.
9.
Use PGP Internet Key Servers. A user can add a public key to a key database and obtain
other people's keys from the servers if permitted.
III. History of PGP
Phil R. Zimmermann (PRZ) is the original author of PGP. Zimmermann did not start out as
a cryptographer. He became an anti-nuclear peace activist during the early 80's. Being a war
protester did not put food on the table for Zimmermann. As another means to make money,
Zimmermann decided to start his own company called Metamorphic Systems. Zimmermann
received a call from Charlie Merritt who was interested in using one of the computer systems built
by Zimmermann's company. Merritt wanted to run his encryption code on a faster machine. The
two computer scientists discussed everything from cryptography to assembly language to C
programming. Eventually, the two decided to meet in Colorado. Merritt wanted to meet with
Bidzos, president of RSA Data Security, whom happened to be in Colorado during Merritt's visit
with Zimmermann. The three of them met at a restaurant and did not get along too well. Merritt
and Zimmermann did not trust the U.S. government. Bidzos, on the other hand, volunteered for the
U.S. Marines and his company was doing contract work for the United States Navy. At the end of
that meeting, Bidzos left a copy of RSA Data Security's new MailSafe product program with
Zimmermann.
It is unclear whether or not Zimmermann "stole" the idea of mail encryption from the
MailSafe product and incorporated into PGP. Both programs share the same functionality, but they
differ in two important ways. "The first has to do with the user interface: MailSafe has a graphical
2
user interface, while PGP can be run only from the command line. The second is that MailSafe's
system for encoding binary data as ASCII has a simple error-correction system that can correct
some kinds of transmission errors..."3
In 1991, the U.S. government introduces the 1991 Senate Bill 266. This omnibus anti-crime
bill had a measure in it that all encryption software must have a back door in it. An excerpt is in
pgpdoc1.txt, distributed with PGP. This is what Zimmermann says in pgpguide.lst in pgp1.0:
The 17 Apr 1991 New York Times reports on an unsettling US Senate proposal that
is part of a counterterrorism bill. If this nonbinding resolution became real law, it
would force manufacturers of secure communications equipment to insert special
"trap doors" in their products, so that the Government can read anyone's encrypted
messages. It reads: "It is the sense of Congress that providers of electronic
communications services and manufacturers of electronic communications service
equipment shall insure that communications systems permit the Government to
obtain the plain text contents of voice, data, and other communications when
appropriately authorized by law."4
It was because of the proposal of this bill that motivated Zimmermann to create PGP.
However, he used RSA encryption combined with a symmetric key cipher of his own design called
Bass-O-Matic. Zimmerman passed the code to his friends. Many of his friends uploaded PGP 1.0
onto bulletin boards. One friend actually went around pay phones to upload the code using a
portable, acoustic coupler.
It was discovered later that Zimmermann's Bass-O-Matic encryption algorithm had severe
flaws. Zimmermann had shown his code to Eli Biham, a world famous cryptographer. Biham
found that the algorithm was susceptible to differential cryptanalysis. Also, there were conceptual
errors that prevented certain bits from being properly encrypted. Nevertheless, the source code for
PGP 1.0 spread world wide.
3
4
Garfinkel,Simpson. PGP: Pretty Good Privacy, pg. 91.
PGP Timeline, http://www.cypherspace.org/adam/timeline/
3
People began using and updating PGP 1.0. RSA Security complains to Zimmermann about
patent infringement. The U.S. government gets involved and begins an investigation on
Zimmermann. Version 2.5 comes out and MIT begins acting as the official U.S. distributor of PGP.
RSA continues to complain of patent infringement. As a compromise, MIT makes version 2.6 so
that it is not backwards compatible with previous versions of PGP. PGP eventually is distributed
within the U.S. without any objections from the RSA and the U.S. government.
IV. How PGP Works
PGP uses the features of conventional and public key cryptography. Some people refer PGP
as a hybrid cryptosystem. PGP first encrypts plaintext by compressing the data. The smaller the
data, the faster it is to transmit over a network. The benefit of fast transmission is that the data is
less likely to be intercepted by a snooper thereby increasing security. Another reason for
compressing the data is to reduce any pattern in the plaintext. The conventional technique for a
hacker to decrypt data is to search for patterns in the plaintext. Compressing data reduces the
number of patterns in the plaintext; hence, the encrypted data is harder to decipher.
After compressing the data, PGP creates a session key. This key is used once and is usually
randomly generated based on the random movements of the user's mouse and keystrokes. The
session key is computed along with a fast encryption algorithm to encrypt the plaintext. The result
of the encrypted plaintext is a ciphertext. After encrypting the plaintext, the session key is then
encrypted to the recipient's public key. This public key-encrypted session key is sent with the
ciphertext to the intended recipient.
4
Figure 1. How PGP Encryption Works
Decrypting the ciphertext works in the reverse process of encrypting the plaintext. The
receiver's copy of PGP uses his or her private key to recover the temporary session key, which PGP
then uses to decrypt the ciphertext.
Figure 2. How PGP Decryption Works
"The combination of the two encryption methods combines the convenience of public key
encryption with the speed of conventional public key encryption. Conventional encryption is about
1,000 times faster than public key encryption. Public key encryption in turn provides a solution to
key distribution and data transmission issues. Used together, performance and key distribution are
improved without any sacrifice in security."5
5
"How PGP Works", http://www.pgpi.org/doc/pgpintro/#p9, March 2005.
5
PGP also digitally signs each ciphertext sent over the network. PGP uses a
cryptographically strong hash function such as the RSA or DSA signature algorithms on the
plaintext the user is signing. This generates a message digest. PGP uses this digest and the private
key to create the digital signatures. The signature and the plaintext are sent together. The recipient
uses PGP to recompute the digest and then uses the sender's public key and the signed message
digest value with the signature algorithm to verify the signature. If the signature matches the
received plaintext's message digest, it can be presumed that the message received has not been
compromised since it was signed. The possibility of a malicious hacker intercepting the message
and recreating the message digest and public key to match the signature is very small.
This
method of signing data is what security experts refer to as non-repudiation.
Figure 3. Secure Digital Signatures
PGP also uses digital certificates to establish whether or not a public key belongs to the
stated owner. A digital certificate is information included with a person's public key that helps
others verify that a key is genuine or valid. This certificate is comprised of three components: a
public key, certificate information, and one or more digital signatures. The purpose of the digital
6
signature is to have another entity vouch for the authenticity of the certificate. The concept of
having certificates is to exchange public keys with someone else. PGP supports two different
certificate formats: PGP certificates and x.509 certificates.
PGP must have a means to validate the certificates. In order to do so, it adheres to a usercentric trust model called Web of Trust. PGP uses digital signatures as its form of introduction.
When any user signs another's key, he or she becomes an introducer of that key. As this process
continues, it establishes a web of trust.
In a PGP environment, any user can act as a certifying authority (CA). Any PGP user can
validate another PGP user's public key certificate. However, such a certificate is only valid to
another user if they relying party recognizes the validator as a trusted introducer. This system is
very similar to eBay's feedback system. The more positive feedback a seller receives, the more
trusted that seller becomes. Similarly, the more reputable signatures are associated with a public
key, the more people will trust the key's validity.
There are three levels of trust a user can assign to a public key: complete trust, marginal
trust, and no trust. Along with three levels of trust, there are also three levels of validity: valid,
marginally valid, and invalid. In order to define another's key as a trusted introducer, one starts
with a valid key that is either signed by the owner, him/herself or by another trusted introducer.
Then, the key is assigned a level of trust.
PGP requires one completed trusted signature or two marginally trusted signatures to
establish a key that is considered valid.
PGP also uses a passphrase to encrypt private keys on an owner's machine. The private key
is encrypted on the hard disk using a hash of the passphrase as the secret key. The private key is
useless without the passphrase. The passphrase should be easy for the owner to remember and hard
for other people to guess.
7
VI. Conclusion
PGP is believed to be one of the securest means to transfer data from one party to another.
In most cases, even government agencies such as the NSA is incapable of directly deciphering a
PGP-protected message. This assumes that the sender properly uses PGP. Improper use of PGP or
any security system can render data unprotected. Human error is the source of vulnerability in any
cryptosystem, no matter how secure the design is.
Also, the use of PGP with the MIME standard has become today's de facto standard in
encrypting email. Plug-ins are available for many popular email applications such as Outlook,
Outlook Express, Eudora, Evolution, Mutt, Mozilla Thunderbird, Apple Mail, etc. However, each
plug-in is independent of PGP and may have implementation errors. This means that not every
plug-in will have an optimal level of security. At the very worst, the security level may not exist at
all! The safest implementation is for the user to manually encrypt, sign, and email messages
directly using PGP.
Like all cryptosystems, PGP has limitations. PGP cannot protect the user from snoopers,
eavesdroppers, blackmailers, or dumpster divers. This means that if someone intercepts a message,
then the message is intercepted. If someone blackmails someone for their private key, then most
likely, the private key will be exposed to the blackmailer. If a user carelessly writes a passphrase on
a piece of paper and does not properly dispose that paper by shredding it, then a dumpster diver can
search the user's garbage to obtain the passphrase to decrypt the user's security key. Most
cryptosystem users give little thought to these social engineering attacks. But nonetheless, if a user
takes the basic necessary precautions to prevent such attacks, then PGP can be used effectively in
transferring data from one party to another.
8
VII. References
Books
Garfinkel, Simson. PGP: Pretty Good Privacy, O'Reilly & Associates, 1995, 393 pages.
Stallings, William. Protect your Privacy: A Guide for PGP Users, Prentice Hall, 1994, 287 pages.
Websites
"The comp.security.pgp FAQ", http://www.ch.pgp.net/pgpnet/pgp-faq/, March 2005.
"The International PGP Home Page", http://www.pgpi.org, March 2005.
"MIT distribution site for PGP", http://web.mit.edu/network/pgp.html, March 2005.
"Phil Zimmermann on PGP", http://www.philzimmermann.com/EN/essays/index.html, March
2005.
"PGP Timeline", http://www.cypherspace.org/adam/timeline/, March 2005.
"Pretty Good Privacy", http://en.wikipedia.org/wiki/Pretty_Good_Privacy, March 2005.
"Where to Get PGP and GPG", http://cryptography.org/getpgp.htm, March 2005.
9