Secure Email :
- PGP : - (Pretty Good Privacy)
- It provide email with privacy, integrity &authentication.
- It can be used to create a secure e-mail message or to store a file securely for future retrieval.
PGP provides following services : a. Message integrity b. Message compression. c. Confidentiality with one time session key. d. Code conversion. e. Segmentation
Most email systems allow the message to consist of only ASCII characters. To translate other characters not in the ASCII set , PGP uses Radix 64 conversion. Each character to be sent (after encryption) is converted to Radix 64 code.
PGP allows segmentation of the message after it has been converted to Radix 64 to make each transmitted unit the uniform size as allowed by underlying e-mail protocol.
PGP uses following algorithms : a.Public Key Algorithms : RSA ( for signing, encryption ) , Elgamel for encryption only, DSS. b.Symmetric - Key ALgorithm : Blowfish, triple DES. c.Hash Algorithm : MD5, SHA -1. d.Compression Algorithm : ZIP
-A message in PGP consists of one or more packets -PGP has generic header that applies to every packets
a.Tag : - This field defines a tag as an 8-bit flag, the 1st bit that is the most sygnificant is always 1, 2nd bit is 1 if we are using the latest version. The remaining six bits can define upto 64 different packet types.
b.Length: The length field defines the length of the entire packet in bytes. The size of this field is variable, it can be 1,2,or 5 bytes. The receiver can determine the number of bytes of the length field by looking at the value of the byte immediately following tag field. Case 1: if the value of the byte after the tag field is <192, the length of the field is only byte. Case 2: If the value of the byte after tag field is between 192 to 223 (inclusive ) the length field is two bytes. Case 3: If the value of the byte after tag field is between 224 & 254 (inclusive) the length field is one byte. THis type of length field defines only the length of part of the body o .e partial body length. Case 4: If it is 255, then length field is of 5 bytes.
Types of data packets:
a. Literal : This type of data packet carries or holds the actual data that is being transmitted or stored. It is most elementary types of message, it cannot carry any other packet.
b.Compressed Data Packet : This packet carries compressed data packets.
- Here the data field can be single packet r two or more packets.
c.Data Packet Encrypted with Secret Key : - This packet carries data from one packet or a combination of packets that have been encrypted using convemtional symmetric key algorithm & before this packet is sent, a packet carrying one time session key is sent.
d.Signature packet : This packet protects the integrity of the data.
Working of PGP :
In PGP, the sender of the message needs to include. the identifiers of the algorithm used in the message, along with the value of the keys.The broad-level steps in PEM are illustrated in Fig. As shown, PGP starts with a digital signature. which is followed by compression, then by encryption, then by digital enveloping and finally. by Base-64 encoding.
PGP allows for four security options when sending an email message, These Options are : a.Signature only (Steps 1 and 2 ) b.Signature and Base 64 encoding (Steps 1,2 and 5 ) c.Signature, Encryption ,Enveloping and Base 64 encoding (Steps 1,2 and 5 )
Let us discuss the five steps in PGP now. Note that the receiver has to perform these four steps in the reverse direction to retrieve the original plain text email message.
Step 1: Digital Signature : This is a typical process of digital signature, which we have studied many times before. In PGP, it consists of the creation of a message digest of the email message using the SHA -1 algorithm. The resulting message digest is then encrypted with the sender's private key. The result is the sender's digital signature.
Step 2: Compression : This is an additional step in PGP, Here, the input message as well as the digital signature are compressed together to reduce the size of the final message that will be transmitted. For this , the famous ZIP program is used. ZIP is based on the Lempel Ziv algorithm.
The Lempel Ziv algorithm looks for repeated strings or words and stores them in variables. It then replaces the actual occurrence of the repeated words to string with a pointer to the corresponding variable . Since a pointer requires only a few bits of memory as compared to the original string, this method results in the data being compressed.
For instance , consider the following string :
What is your name ? My name is Atul.
Using the Lempel Ziv algorithm, we would create two variables, say A and B and replace the words is and name by pointers to A and B respectively. This is shown in the figure
As we can see, the resulting string What 1 your 2 ? My 2 1 Atul is smaller compared to the original string, What is your name ? My name is Atul. Of course , the bigger the original string, the better the compression gets The same process works for PGP.
Step 3 : Encryption : In this step, the compressed output of step 2 (i .e the compressed form of the original email and the digital signature together ) are encrypted with a symmetric key. For this, generally the IDEA algorithm in CFB mode is used.
Step 4 : Digital Enveloping : In this case, the symmetric key used for encryption with the receiver's public key. The output of step 3 and step 4 together form a digital envelope, as we had discussed earlier.
Step 5 : Base 64 encoding : The output of step 4 is Base-64 and is encoded now as we had discussed earlier.
PGP Messages :
-In PGP, a message is a combination of sequenced and/or nested packets. All the combinations of packets cant make a message, but still some examples are shown below to give some idea.
a. Encrypted Message: It can be a sequence of two packets, a session key packet & a symmetrically encrypted packet.
b. Signed Message : It can be the combination of a signature packet & a literal packet as shown below
c. Certificate Message: Certificate can take many forms, one simple example is the combination of user ID packet & a public - key packet as shown below.
Signature is calculated on the concatenation of the key & user ID.
Extensively used for personal e-mails.