Internet Security Professional Reference:PGP

-->

Conventional Encryption

Sometimes you need to encrypt a message in a pass phrase using conventional encryption. This approach does not provide any key management because PGP converts the pass phrase into an IDEA key and uses that key to encrypt the message. IDEA is a secret key cipher that uses a 128-bit key and encrypts in 8-byte blocks. In general, this mode of operation is not used because it requires manual, out-of-band key distribution. It is useful, however, as a more secure version of crypt, a Unix encryption tool, at times when you want to encrypt messages to yourself using some chosen pass phrase independent of your private key.

Warning: Do not use the same pass phrase that is used on the secret key. The new pass phrase should be chosen especially for this file, and a different pass phrase should be used for each file encrypted using conventional encryption. The following sample command lines show the setup and use of a new pass phrase:
~> pgp -c message Pretty Good Privacy(tm) 2.6.2 - Public-key encryption for the masses. (c) 1990-1994 Philip Zimmermann, Phil’s Pretty Good Software. 11 Oct 94 Uses the RSAREF(tm) Toolkit, which is copyright RSA Data Security, Inc. Distributed by the Massachusetts Institute of Technology. Export of this software may be restricted by the U.S. government. Current time: 1995/11/27 18:58 GMT You need a pass phrase to encrypt the file. Enter pass phrase: Enter same pass phrase again: Just a moment.... Ciphertext file: message.pgp

When you use conventional encryption, PGP asks for a pass phrase twice. The second query is to ensure that the pass phrase has been typed properly by the user. The pass phrase is then used to encrypt the message.

In the sample file used throughout the chapter, the output file, message.pgp, contains the encrypted file. It is in binary format, so it cannot be sent to someone else. To send the file to someone else, it should have been wrapped in ASCII armor, using the -a option:

pgp -ca filename

Signing a Message

To sign a message, you use your secret key to encrypt a digital hash of the message. The signature is attached to the message, and other users can later verify the signature. Using the Web of Trust, a recipient can be assured that the message originated from the appropriate user by using the trust of validity on a key/userid pair.

In general, a message is signed to protect it from tampering when it is transmitted to someone else. For this reason, signatures are usually created with ASCII armor for protection during transmission. The following commands show the process:

~> pgp -sa message
Pretty Good Privacy(tm) 2.6.2 - Public-key encryption for the masses.
(c) 1990-1994 Philip Zimmermann, Phil’s Pretty Good Software. 11 Oct 94
Uses the RSAREF(tm) Toolkit, which is copyright RSA Data Security, Inc.
Distributed by the Massachusetts Institute of Technology.
Export of this software may be restricted by the U.S. government.
Current time: 1995/11/27 19:05 GMT

A secret key is required to make a signature.
You need a pass phrase to unlock your RSA secret key.
Key for user ID “Ruth Thomas <tara@mail.Free.NET>”

Enter pass phrase: Pass phrase is good.
Key for user ID: Ruth Thomas <tara@mail.Free.NET>
1024-bit key, Key ID D0C6326D, created 1995/11/14
Just a moment....
Transport armor file: message.asc

The file message.asc now contains the signed message encoded in ASCII armor. This file can then be transmitted to recipients who can verify that the message originated with the appropriate user and that the message was not changed in any way during transmission. The following output is the message that was just signed:

Table of Contents