Cryptography Reference
In-Depth Information
first designed by Phil Zimmermann, in the United States, in the nineties. At that time, this
country (and some others) looked like a dictatorship from the regulation of cryptography
viewpoint. It was basically illegal to prevent authorities from having access to any
cleartext by the means of strong cryptography. Several people, like Zimmermann,
fought against it by developing appropriate (illegal) software in order to provide access
to strong privacy for any individual. Today, rules are more liberal and we can use PGP
without betraying the US law. 2
PGP is available in a commercial and a freeware version. Since there are still strong
restrictions for export of cryptographic applications, there is one version to be used
within the United States, and another one called PGPi for international usage. 3
There is also a Gnu version of PGP called GPG as for GnuPGP which is available
as the RFC 2440 (Ref. [40]).
12.4.1
Security for Individuals
Due to its origins, PGP is easy to set up without any corporate help. For this reason,
certificates do not rely on any authority, we do not use any public parameter, and anyone
can freely generate his own key and choose his cryptographic algorithm.
PGP can be used in order to encrypt, decrypt, hash, sign, or verify digital files.
These can be archives or just e-mails. Popular algorithms in PGP are IDEA symmet-
ric encryption, RSA encryption or signature, and MD5 hash function. Many other
algorithms are available as well.
PGP has a nice feature which enables protecting unreadable files (like ciphertexts,
signatures, hashed values, or even cryptographic keys) by encoding them into a readable
form. This uses the Radix-64 code, which is also called base64 in the Multipurpose
Internet Mail Extensions (MIME) standard (see Ref. [70]). This feature is called the
ASCII armor in PGP. Files in the ASCII armor format have the .asc file extension.
When PGP is used for e-mails, human beings can usually see which version of
PGP, which algorithm, and which key length are used. 4 The PGP software recognizes it
by itself, so this is more for transparency and education of users than for making their
life complicated. As an example, here is a signed message.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
PGP makes cryptographic messages readable for human beings.
2
See, Ref. [116] for more information about historical details.
3
Ref. [73] is a reference topic for PGP. One can refer to it for more details about using PGP.
4
Human beings actually could see it, but this feature seems to have disappeared nowadays in versions of
PGP, so the user cannot see it by default unless he really asks for it.
Search WWH ::




Custom Search