Cryptography Reference
In-Depth Information
And thirdly, which is often overlooked, PGP is released only for private use
due to the IDEA patent. We discussed this extensively in Section 5.3.1.
Even if all of this is not breaking news to you, help rebut such misleading
allegations, because they can be damaging (partly also for OpenPGP). So, what
does PGP really do? It offers all functions required for you to cryptologically
secure your email traffic.
•
PGP creates pairs of private and public keys for the RSA method.
•
PGP creates random session keys, uses them to encrypt files by the IDEA
method, and adds the session key encrypted with the receiver's public
key.
•
Upon request, the program also creates ASCII text to prevent the mailer
from having problems, and converts the text formats of different oper-
ating systems (UNIX, Mac, DOS/Windows) into a uniform intermediate
format, and vice versa.
•
PGP makes incoming encrypted mail readable again: it removes the ses-
sion key, decrypts it using your private key, and opens the file you
received.
•
You can use PGP to digitally sign a file and check signatures. PGP offers
all functions required for key management:
- It keeps the public and private keys separate, where the private keys
can be kept in encrypted form, of course.
- You can use PGP to sign third-party public keys, add them to existing
keys, or delete or revoke keys.
- You can use PGP to check the trustworthiness of a public key.
•
And finally, PGP can encrypt and decrypt regular files.
That's a whole lot of functions. Nevertheless, PGP has 'only' 30 000 lines of
code. The complexity of a program does not always have to show in its length.
The Web of Trust
The interesting and typical part of PGP is how public keys are managed. If no
super algorithm is found for factoring large numbers (or quantum computers
