Professional Documents
Culture Documents
Cryptography
Cryptography is an often misunderstood and misused security tool. Today more than ever, privacy is a necessary part of business communications. The following is an overview of public key cryptography and one of its more widely-used implementations, Pretty Good Privacy (PGP).
PGP
PGP, or Pretty Good Privacy is a freely available encryption program written by Phil Zimmermann which provides individuals with the kind of strong cryptography that has, in the past been available only to the military, intelligence agencies, and large corporations. You can use PGP to encrypt your les and electronic mail. You can also use PGP to sign documents with a tamperproof digital signature, proving that you wrote these documents and they werent modied during transmission. We describe how PGP can be used on Linux machines, in the following paragraphs.
Encrypting les
The simplest thing you can use PGP for, is to keep your les out of reach of everyone except you. pgp -c encrypts a le, pgp -cw will delete the original le upon encryption, leaving just the encrypted le in the directory. This is different from using a command like rm because deleted les can be recovered. pgp will ask for passphrase when you invoke it with the -c option. It is this pass phrase that is used to generate the key for the encryption.
Decrypting an Encrypted le
Files encrypted using -c option can be decrypted, provided the user knows the pass phrase that was given while encrypting the le. Simply, typing pgp followed by the encrypted le name,
use. In particular, we need to create a key pair for us. In order to create your key pair, type on the command prompt $ pgp -kg This will ask for the following information. 1. Key size(1024 recommended). 2. User Id(Can be anything, ex: bnjagdale@mail.spce.ac.in>) Giving your full name and email id is recommended since it will appear along with your public key and it makes easier for others to identify you as the owner of your public key. 3. Pass phrase - This is used for encrypting your secret key. The user needs to enter this pass phrase each time he/she is trying to encrypt or decrypt messages. 4. Enter some random data. This is used to generate the random number required while generating your key pairs. If you have entered everything properly, it gives the Key generation completed message. On successful completion of the key generation process your public key will be store in the le $HOME/ .pgp/ pubring.pkr and your secret key(private key) will be stored in the le $HOME/ .pgp/ secring.skr . You cannot directly open the le and see your keys. Viewing the key will be discussed in the next subsection.
Distributing Keys
After you create your keys, you need to make them available to others so that they can send you encrypted information and verify your digital signature. You have three alternatives for distributing your public key: Make your public key available through a public key server Include your public key in an email message with every message that you are sending Export your public key or copy it to a text le and distribute the le, or put it on your web page.
Editing keys
The -ke (key edit) option edits a key ring. You can edit keys and change user the ID of your public keys, add alternative user IDs, or delete user IDs.
Encrypting Email
Sending encrypted email with PGP is a four step process, consisting of the following steps:
1. Create the message that you want to send which can be done using some word processor. 2. Get the public key of the person to whom you are sending the message. One can get public key of a person either from the person himself or from any key server. 3. Ecrypt the message using the persons public key. It is done using the ea option. For example, $ pgp -ea messagefile aldrin encrypts the message in messagefile using user aldrins key. The a is used to generate ASCII armored output. 4. Sending the encrypted message via your traditional electronic mail program.
Decrypting Email
To decrypt a message sent to you encrypted using your public key, Save the encryted message to some le, and decrypt it using $ pgp messagefile