Updated May 25, 2023
Introduction to Pretty Good Privacy
Pretty Good Privacy (PGP) is a cryptographic technique that provides cryptographic authentication and privacy for data communication, encryption and decryption of text, signing, e-mail, and files, and securing e-mail conversations. Phil Zimmerman is the father of Pretty Good Privacy. It is relatively easy to use and free, including its source code and documentation. A low-cost commercial version of PGP is also available for an organization that requires support.
How does Pretty Good Privacy work?
In PGP, the sender must include the identifier of the algorithm used in the message along with the values of the keys.
Pretty Good Privacy involves 5 basic steps, which are as follows:
- Digital Signature
- Compression
- Encryption
- Digital Enveloping
- Base-64 encoding
Let’s discuss these steps in detail.
Step #1 – Digital Signature
In this phase, the Sender encrypts email messages using the SHA-1 technique to generate the message digest, which is then encrypted with the Sender’s private key to create the digital signature. The result of this process is Sender’s digital signature.
Step #2 – Compression
The input message and digital signature are compressed together in this stage to lower the size of the final message that will be sent via mail. The dor compression process, the ZIP program, is based on the Lempel Ziv algorithm.
Lempel Ziv algorithm finds the repeated words or strings and stores them in a variable. Then it replaces the actual occurrence of a repeated word or line with a pointer to the corresponding variable. Since the pointer requires less memory than the original string, this method results in data compression.
Step #3 – Encryption
In this step, the compressed file generated in step 2 is encrypted with a symmetric key using the IDEA algorithm.
Step #4 – Digital Enveloping
In this phase, we encrypt the symmetric key using the receiver’s public key, which is the output of digital enveloping grades 3 (Encryption) and 4 (Digital Enveloping).
Step #5 – Base-64 Encoding
In this step, the final output of step 4 is used as Base-64 encoding.
Pretty Good Privacy Algorithms
Pretty Good Privacy supports various numbers of algorithms. The most common of them are as follows.
- Encryption: For the encryption process, it uses algorithms such as IDEA, AES, DES 3, etc.
- Message Digest: For message digest, it uses MD5, SHA1, RIPE-MD
- Asymmetric key: For asymmetric key, it uses RSA and DSS, where RSA is used for encryption and signing, and DSS is used for signing only.
- Keyrings: When a sender wants to send an email message to another single recipient, there is no problem, but when the user wants to send an email message to multiple recipients, the complexity increases. If A wants to send a message to 10 people, he needs all these ten people’s public keys. i.e., A need a keyring of 10 people. Pretty Good Privacy specifies a ring of public-private keys. This is because A may want to change his public-private key pair or use different key pairs for a diverse group of users. In other words, every Pretty Good Privacy user needs to have two sets of key rings, one is a ring of his public-private key pair, and another is a ring of public keys of other users.
Note: A maintains the set of key pairs in one of the keyrings, while in other keyrings, he maintains the public key of other users. A cannot have access to the private keys of other users. Similarly, other users will have two key rings.
These keyrings can be easy to understand. Let’s take an example to understand these prices in detail.
Case #1
A need to send a message to another user in the system
- A creates a message digest of the original message and encrypts it using his private key, and generates the digital signature.
- A create a one-time symmetric key.
- A encrypts the symmetric key with the public key of the receiver.
- A encrypts the original message with a one-time symmetric key
- A encrypts digital signature with one time symmetric key
- A sends an encrypted digital signature and original message to the receiver.
Case #2
A received message from one of the users in the system
- A uses his private key to get the one-time symmetric key created by the Sender.
- Using a one-time symmetric key, A decrypts the message
- A calculate the message digest (MD1) of the original message
- Using the one-time symmetric key, A tries to get the original digital signature
- To decrypt t digital signature, A uses the public key from the keyring and receives the original message digest (MD2)
- A compares MD1 and MD2. If it matches, it is sure about message integrity and authentication of a message sender
Pretty Good Privacy Certificate
We need to have the user’s digital certificate to trust the user’s public key. PGP can use a certificate that is issued by CA or can use its certificate. In the case of X.509, CA is the root of who gives credentials to others. In PGP, things work differently. There is no CA. Anyone can sign the certificate belonging to anyone else in the loop. There is no hierarchy or trust, or structure. Users can have certificates issued by different users.
For example, user A may have a certificate signed by user B and another by user C. So if user X wants to verify User A’s certificate, he has two options: User A and User B; another is User A and User C.
In Pretty Good Privacy, the user who issues a certificate is called an introducer, equivalent to CA in X.509.
Recommended Articles
We hope that this EDUCBA information on “Pretty Good Privacy” was beneficial to you. You can view EDUCBA’s recommended articles for more information.