Pretty Good Privacy Historical Overview PGP Overview PGP

Historical Overview

• Invented by Zimmermann as guerrilla freeware Pretty Good Privacy • Commercially restricted by RSA patent and US Government export restrictions General Principles • PGP Classic (V2.6) uses RSA and IDEA • Patent free version uses DSS, Diffie- Hellman and 3DES • IETF designed its own “Open PGP”

PGP Overview PGP PKI

• PGP works for mail and data files • PGP users may certify others • Based on public key cryptography • PGP fingerprint is cryptographic hash of • Trust in a chain is at discretion of user public key • PGP allows an informal PKI on the • PGP asks for a rating on anarchy model – legitimacy of a particular key • Certificates are an option in PGP PKI – degree of trust in owner when acting as an issuer of key certificates Coding Efficiency PEM v PGP Certificates and Key Revocation

• PEM encodes non text to prevent • Certificates may have expiry date but alteration by mail infrastructure – 33% current practice in PGP is to omit expiry expansion date • Further encoding (e.g. following • Keys may be revoked as well as encryption) adds another 33% (78% in certificates total) • All revocations distributed informally • PGP allows user to specify text or data • PGP uses ZIP utility for compression

Private Keys in PGP Key Rings

• Required for generating signatures or for • Key ring is a data structure containing receiving encrypted mail public keys, information on holders and certificates • PGP generates private keys on request • PGP allows 3 levels of trust • Private key supplied encrypted under – complete, partial and none IDEA key also generated in registration • A “completely trusted” individual signs a process “completely trusted” certificate • PGP computes level of trust in keys from information supplied