1.

Overview

With the explosively growing reliance on electronic mail for every conceivable purpose, there grows a demand for authentication and confidentiality services.
One of the schemes that stands out as an approach that are likely to enjoy wide spread use in the next few years is : Pretty Good Privacy (PGP).

1.1- Pretty Good Privacy

PGP is a remarkable phenomena. Largely the effort of a single person, Phil Zimermann. In essence, Zimermann did the following:
1. Select the best available cryptography algorithms as building blocks. Integrated these algorithms into a general-purpose scheme that is independent of operating system and processor. Made the package and its documentation, including source code freely available via the internet. Entered into an agreement with a company ( network associates) to provide a fully compatible, low cost commercial version of PGP.

2.
3.

4.

PGP Cont .
PGP has grown explosively and is now widely used, a number of reasons can be cited for this grows:
1. It is available free worldwide in versions that run on a variety of platforms, including DOS, Windows, and UNIX. 2. It is based on algorithms that have survived extensive public review and considered extremely secure (RSA, DSS and Diffie-Hellman) 3. It was not developed by or is it controlled by, any government or standard organization.

1.2-Notations
Ks = Session key used in conventional encryption. KRa = Private key of user A. KUa = Public key of user A. EP = Public key encryption. DP = Public key decryption. EC = Conventional encryption. DC = Conventional decryption. H = Hash function. || = Concatenation. Z = Compression using ZIP algorithm. R64 = Conversion to radix64 ASCII format.

2 - Operational Description
The actual operation of PGP consists of five services: 1- Authentication 2- Confidentiality 3- Compression 4- Compatibility 5- Segmentation.

Operational Description Cont.

2.1 - Authentication

The figure illustrates the digital signature service provided by PGP, the sequence is as follows: 1. The sender creates a message. 2. SHA-1 is used to generate the hash code of the message. 3. The hash code is encrypted with RSA using the senders private key, and the result is appended to the message, which is compressed with ZIP 4. The receiver decompresses the message then uses RSA with the senders public key to decrypt and recover the hash code. 5. The receiver generates a new hash code for the message and compares it with the decrypted hash code. If the two matches, the message is considered authentic

Authentication Cont.
Alternatives The combination of SHA-1 and RSA provides an effective digital signature scheme. As an alternative signatures can be generated using SHA-1/DSS .
Detached Signatures : They are supported ,which useful in several contexts :- A detached signature of an executable program can detect subsequent virus infection. - A detached signatures can be used when more than one party must sign a document.

2.2 - Confidentiality
Another basic service provided by PGP is confidentiality , which is provided by encrypting messages to be transmitted or to be stored locally as files. In both cases the conventional encryption algorithm CAST-128 may be used. Alternatively IDEA or 3DES may be used. In PGP, the conventional key is used only once.

It is called the Session key and it is bounded to the message and transmitted with it.
To protect the key ,it is encrypted with the receivers public key.

Confidentiality Cont.

The sequence can be described as follows:

1.

2. 3.
4. 5.

The sender compresses the message then generates a random 128-bit number to be used as a session key for this message only. The message is encrypted using CAST-128 or IDEA with the session key. The session key is encrypted with RSA, using the recipients public key and is appended. The receiver uses RSA with its private key to decrypt and recover the session key. The session key is used to decrypt the message then the message is decompressed.

Confidentiality Cont.
As an alternative to the use of RSA for key encryption, PGP provides an option refered to as Diffie-Hellman. Diffie-Hellman is key exchange algorithm. In fact PGP uses a variant of Diffie-Hellman
Several observations may be made, First to reduce the encryption time the combination of conventional and public key encryption is used, Second the use of the public key algorithm solves the session key distribution problem because only the recipient is able to recover the session key that is bounded to the message.

Confidentiality and Authentication

Both services may be used for the same message. First, a signature is generated for the plain text message and appended to the message. Then the plain text message plus signature is encrypted using CAST-128 and the session key is encrypted using RSA.

Confidentiality and Authentication Cont.

2.3 - Compression
PGP makes use of a compression package called ZIP, written by Jean-Lup Gailly and Mark Adler.
ZIP is a freeware package written in C that runs as a utility on UNIX and some other systems. This algorithm is generally referred to as LZ77. A version of this algorithm is used in the zip compression scheme.

2.4 - E-Mail Compatibility

After encryption, part or all of the resulting blocks consist of a stream of 8-bit octets
Problem Many email systems only permit use of blocks consisting of ASCII text Solution Radix 64 conversion is used Radix 64 algorithm blindly converts input stream to Radix 64 format and hence provides some security

Printable Encoding of Binary Data

The following figure illustrates the mapping scheme, where the characters are encoded as 8-bit quantities, in typical case each 24-bit raw is expanded to 32 bits of output

Radix-64 Encoding

Transmission and Reception of PGP Messages

Transmission and Reception of PGP Messages Cont.

The signature is generated before compression as it is preferable to sign an uncompressed message so that one can store only the uncompressed message together with the signature for future verification If one signed a compressed message ,then either to store a compressed version ,or to recompress when verify. Message encryption is applied after compression to strengthen cryptographic security. Because the compressed message has less redundancy than the original plain text.

2.5 - Segmentation and Reassembly

E-Mail facilities are restricted to a maximum message length. For example, some of the facilities accessible through the internet impose a maximum length of 50,000 octets. PGP divides any message longer than that into smaller segments each of which is mailed separately. The segmentation is done after all of the other processing, including the radix-64 conversion.

3 PGP and Cryptographic keys

Key points :

1- Types of keys in PGP 2- Session Key Generation 3- Key Identifiers 4- Key Rings

3.1- Types of keys in PGP

PGP makes use of four types of keys:

1- One-time session key 2- Public keys 3- Private keys 4- Passphrase conventional keys.

3.2- Session Key Generation

Each session key is associated with a single message and is used for encrypting and decrypting that message. A means of generating unpredictable session keys (128bit length) is needed PGP uses a powerful and complex scheme for generating random numbers

PGP is based on an algorithm named : ANSI X9.17

3.3- Key Identifiers

A given user may have multiple public/private key pairs. In order to do this PGP assign an identifier with each public key. The key ID associated with each public key consists of its least significant 64 bits.

3.4- Key Rings

PGP provides a pair of data structures at each node : - one to store the public/private key pairs owned by that node - and one to store the public keys of other users known at this node.

These data structures are referred to Private-key ring and public-key ring respectively

3.4.1- Private Key Ring

Time stamp: the time when the key pairs was generated. Key ID: The least significant 64 bits of the public key of this entry. Public key Private key: this part is encrypted to ensure the security. User ID: typically this is the users e-mail address.

Private Key Ring cont.

Encrypting the Private Key

RSA

Passphrase Key

Hashing
SHA -1

Private Key

Public Key

Encryption
CAST 128

Encrypted Private Key

3.4.2- Public Key Ring

Time stamp: the time when the key pairs was generated. Key ID: The least significant 64 bits of the public key of this entry. Public key User ID: Identify the owner of this key

Public Key Ring cont.

4- Message Generation and Reception

Here we will discuss three key points :

1- Transmitted Message Format 2- Message Generation 3- Message Reception

4.1 -Transmitted Message Format

Transmitted Message Format Cont.

The Message Component includes the actual data to be transmitted , file name and a time stamp of creation . The Signature Component includes: 1. Timestamp: the time at which the signature is generated 2. Message digest: the digest is calculated over the signature message timestamp (to overcome the replay attack) this digest is encrypted with the senders private key. 3. Leading two octets of message digest: to determine if the correct public key was used to decrypt the message digest. 4. Key ID of senders public key: identify the public key that should used to decrypt the message digest. The Session Key Component includes the encrypted session key and the identifier of the recipient's public key that was used by the sender to encrypt the session key

4.2- PGP Message Generation

PGP retrieve the senders private key from the private key ring using the user id as an index PGP prompts the user for passphrase to recover the unencrypted private key The signature component of the message is constructed. PGP generates a session key and encrypt the message. PGP retrieves the recipients public key from the ring using the user id. The session component of the message is constructed

PGP Message Generation cont..

4.3- PGP Message Reception

PGP retrieves the receivers private key from the ring using the key ID as index. PGP prompts the user for passphrase to recover the unencrypted private key. PGP recover the session key and decrypts the message. PGP retrieve the senders public key from the ring using the key ID . PGP recovers the transmitted message digest. PGP computes the message digest for the received message and compares it with the transmitted message digest to authenticate.

PGP Message Reception cont..

5- Public Key Management

The essence of the problem is : If A got the key from the Bulletin Board System (BBS) that was used by B to post the public key but that has been compromised by C. SO As key ring contains a public key attributed to B but ,in fact , it is owned by C This result in two threats: - First: C can send messages to A and forge Bs signature, so that A will accept the message as coming from B. - Second : any encrypted message from A to B can be read by C.

5.1- Approaches to Public-Key Management

Physically get the key from B. B could store her public key (KUb) on a floppy disk and hand it to A.
Verify a key by phone. If A recognize B on the phone. A could ask B to dedicate the key in radix-64 format, over the phone. Obtain Bs public key from a mutually trusted individual D. D, creates a signed certificate includes Bs public key, time of creation, and a validity period for the key. Obtain Bs public key from a trusted certifying authority. Again, a public key certificate is created and signed by the authority.

5.2- The Use of Trust

The basic structure is as follows. Each entry in the public-key ring is a public key certificate. Associate with each such entry : 1- key legitimacy field : that indicates the extent to which PGP will trust that this is a valid public key for this user 2- Signatures field : Zero or more Signatures that the key ring owner collected 3- Signature Trust Field : Associated with the Signatures Field 4- Owner Trust Field : The level of trust assigned to the owner of the public key

5.3- Revoking Public Keys

A user may wish to revoke his or her current public key either because compromise is suspected or simply to avoid the use of the same key for an extended period. The convention for revoking a public key is for the owner to issue a key revocation certificate , signed by the owner. The corresponding private key must be used to sign a certificate that revokes a public key.