|
|
| Previous | Table of Contents | Next |
People use PGP for a variety of reasons. Most people use PGP because they want to protect their electronic files and communications. These reasons might include:
PGP is also easier to use than any current alternative. The command-line interface and time it takes to start using the program is practically zero. The commercially available Privacy-Enhanced Mail (PEM), for example, requires a user to generate a key and then wait to get it signed by a Certification Authority before the key can be used in communications. PGP, however, needs to only generate a key and then the user can immediately start using PGP features.
PGP has a large and growing number of users worldwide. If you want to encrypt your communications, it is most useful if your intended correspondents are also using the same encryption programs. Because PGP has become the de facto standard in electronic privacy, you should use the same technology to ensure that files will be compatible.
Although the science of encryption is explained in Chapter 10, “Encryption Overview,” a few definitions in this chapter help you understand how PGP works.
Secret Key Encryption
Secret Key Encryption (SKE), also called Conventional Encryption, is defined as a cryptosystem in which the same key is used to encrypt and decrypt a message. In other words, a key turns a message into a seemingly random stream of bits. Later, some other user uses that same key to turn the random stream of bits back into the original message. SKE systems are fast and provide a high degree of security for the number of bits in the key.
Public Key Encryption
Public Key Encryption (PKE) defines a set of encryption schemes (cryptosystems) in which two keys are involved. When a user encrypts a message in one key to create an output ciphertext, decryption of that ciphertext requires the use of the second key to obtain the original message. The two keys are created to form a mathematical relationship; part of this relationship is that knowledge of one key, the secret key, is computationally infeasible to obtain by possession of the other key, the public key.
The term computationally infeasible means a process that is not time-invariant. In general, this means that it is difficult to perform the operation in question. However, what is difficult in the year 1996 may not be difficult in the year 2000. When an algorithm is computationally infeasible to break, it means that it is computationally infeasible today, and is expected to be easier to break in the future.
Current Public Key cryptosystems are based on difficult mathematical problems. The RSA cryptosystem, for example, is based on the difficulty of factoring a large number that is the product of two large prime numbers. In such a system as RSA, creating the private key from the public key is only known to be as difficult as factoring the public key modulus into the two prime numbers. An RSA public key is made of the following two parts:
The modulus is the product of two large primes and is the basis for a mathematical system called a group. The exponent is chosen at key creation time to fit a particular mathematical relationship with the secret key.
The public key can be safely given to anyone who wants it. It can be published, and knowledge of that key does not break the security of the system. PGP keeps two key rings, a public key ring and a secret key ring, to maintain a cache of known public and secret keys. More on this later in the section “PGP Key Rings.”
The biggest problems with PKE systems are that Public Key systems are slow, cumbersome, and require large keys to maintain decent levels of security. As of this writing, the time it would take to brute-force a 128-bit IDEA key is about as long as it would take to factor a 3,000-bit RSA key. To “brute-force” a key, every possible key is tried to find the correct one. Moreover, a single RSA encryption, which can only be performed over data as large as the keysize, can take many orders of magnitude more time than a conventional encryption system with a much smaller key.
| Previous | Table of Contents | Next |