Decrypting and Verifying a Message

When a PGP message is received, it must be decrypted and verified before another user can read it. To decrypt a message that you received, you must possess at least one of the secret keys for which the public key was used to encrypt the message. To verify a message, you must have the public key of the signatory on the public key ring.

For example, assume that Ruth Thomas received the following message in the mail. She saved it to the file message.asc.

-----BEGIN PGP MESSAGE-----
Version: 2.6.2

hIwDSP9c/tDGMm0BBADB9Yp9oHlgSyt2LM5EcMd6ZWF3MX+qyHX3eQEr3fhAcc2M
PoN+98nldVnmpF5pthU1u/Rj00+t8BaSrho0Qa6in1pyV+2nDR32WUU3wgjmmKCe
Mg1fi+4uD/6bv3TiKEKGJDhtg5YY3NFsirDJ0g6eP+qcX0dApxnbHAYBcAuuIqYA
AAFIm9tP8K9xRqVPeMJfMGpDwhUlZRlFea4906Os24+f7K90YNLwMRs/Kz/QNhYr
8i5LL7ZGs+SjxmqI4FZ8gZkUj7EbuIif4xc8HNbrKXO094TUvvCwBkRXZ4Lv0ukf
5n5032vTgZssTDezRncq2w4OvqcqlmUpMolDWhCFR4zJ7TnC7dpGPIW7/MmxZI+k
Yx4Ov06515Zngj3MgEVEdwu3ATrzkiz/jmP6q+MoSJEP7a4/G87MLHLGgki/hf60
yoLdcG6AQAuIJd4QR3jFpM0wixuUuprJdPM9A2elsLdzZZBqhmNaSACRKPe2y8O1
1GE6pwz+GOE9varZBbehWSXrjj771xMhNOqGUAlXcK938+wX0Cpxu88vFPAeLNyS
7O+GaKpxjg6H2pJ57xeBd+Ozkcyi2YgQiewUtiS0ki6rjA7CwopCyFMoJA==
=TPGz
-----END PGP MESSAGE-----

Ruth can try to decrypt this message and print it on-screen:

~> pgp -m message.asc
Pretty Good Privacy(tm) 2.6.2 - Public-key encryption for the masses.
(c) 1990-1994 Philip Zimmermann, Phil’s Pretty Good Software. 11 Oct 94
Uses the RSAREF(tm) Toolkit, which is copyright RSA Data Security, Inc.
Distributed by the Massachusetts Institute of Technology.
Export of this software may be restricted by the U.S. government.
Current time: 1995/11/19 05:47 GMT

File is encrypted. Secret key is required to read it.
Key for user ID: Ruth Thomas <tara@mail.Free.NET>
1024-bit key, Key ID D0C6326D, created 1995/11/14

You need a pass phrase to unlock your RSA secret key.
Enter pass phrase: Pass phrase is good. Just a moment.
File has signature. Public key is required to check signature.
Good signature from user “Derek Atkins <warlord@MIT.EDU>”.
Signature made 1995/11/19 05:45 GMT

WARNING:  Because this public key is not certified with a trusted
signature, it is not known with high confidence that this public key
actually belongs to: “Derek Atkins <warlord@MIT.EDU>”.
But you previously approved using this public key anyway.

Plaintext message follows...
------------------------------

This message has been signed by Derek Atkins, and is encrypted to the
user Ruth Thomas. If you are reading this message, then you must have
decrypted it using Ruth’s Secret Key. You can verify this message using
Derek’s Public Key.

Done...hit any key
Save this file permanently (y/N)? no

If Ruth does not plan to read the message right away, but instead wants to decrypt the message onto the disk, she does not have to use the option shown earlier. Instead, the command to decrypt it to disk is as follows:

pgp message.asc

This command decrypts the contents of the file message.asc and places the output into a file called message. Ruth can read the file later; it has the contents of the original text file.

PGP Keys

Keys are probably the most important concept in PGP. A PGP key is a public keypair that is created by a user for a specific purpose. In general, a user creates a keypair for use as a general contact with the rest of the world. All outgoing messages are signed using this key, and all incoming messages are encrypted using this key. Key management can be a little confusing at first. The following sections will clarify the use and purpose of keys.

What’s in a Name?

The previous examples show how easy it is to generate a key. It also shows how easy it is to put any name on a key. The example shows a key being generated in the name of “Ruth Thomas <tara@mail.Free.NET>.” It would be just as easy to generate a key in the name of “William Clinton <President@Whitehouse.GOV>.” This is not a joke; a key was actually created with this name on it. Of course, it does not belong to the President, but others may not know this if they just see the key on the network.

PGP provides you with a number of ways to name a key. You need to understand how each of the different names can and should be used. You can generate a key with any name on it; this name is called the userid on the key.

A key can have many userids on it. In general, a userid has the form Real Name <email@mail.site>, combining the user’s real name and e-mail address in a single, compact string. For example, Ruth Thomas created a keypair for herself for use with her Internet address at free.net. As shown earlier, she created a 1,024-bit key on November 14, 1995.

Because the same key can be used with multiple addresses, you might want to have multiple names on the same key to denote its use at multiple sites. You can add userids to your own key by using PGP to edit the key ring. If Ruth wants to use the same key at her other e-mail address, <rthomas@school.edu>, she can add it as a secondary userid on her key.

PGP keys each have another name that you cannot control: the keyid. The keyid of a key is a numerical string that is obtained from the key parameters and is used internally by PGP to access the key in question. By design, the keyid is supposed to slightly resemble the actual key, but in reality the keyid differs for each key.

The keyid is a 64-bit quantity, although only 32 bits are printed to the user in hex format. Whenever a userid is required by PGP, the keyid can be used in its place. To specify to PGP that a string is a keyid, it should be prepended with the string “0x,” to denote a hex string. Ruth’s key can also be called 0xD0C6326D.

The problem with the keyid is that it is currently the lowest 64 bits of the public key modulus. There is a known attack in which someone could generate another keypair of a different size, but with identical keyid and userid. By cursory examination it is difficult to tell which key you are using, and it becomes impossible to tell PGP which key you want because PGP can only index off of the userid and keyid.