PGP Encryption

From LUG Manipal Wiki

Jump to: navigation, search

PGP stands for Pretty Good Privacy, it was created long back to serve as a mechanism for securing transfers, authentication etc based on keys.

Contents

Problem Scenario

Suppose your name is Bob, your friends are Alice and Carol. You might encounter two such cases where you would want privacy and authentication. You, Bob want to transfer a file to Alice. You may password protect the file using a password or secret key which should be called private key. You then transfer this file to Alice and send this private key too via some safe method. Alice would de-encypt this file using the private key you gave her and get back the contents. You may again use the same private key to encrypt another file and send it to Carol. Your problem is solved temporarily. The above method is more properly called private-private key encryption.

Summarizing the Problem you just solved

  • The sender got sure that the file received was sent by you and no one else.
  • The contents of the file was encrypted and only the recipient was able to read it.

Shortcoming in the above method

You might have just ignored some very serious problems associated with private-private key method

  • Passing the private key to the recipient is not to easy, it can be leaked during transmission which is very much undesirable.
  • If you use the same private key to send files to every person, then your key is no longer a private key, everyone knows it.
  • If you encrypt your file using the same private key to two person say Alice and Carol, then Alice can use your private key to encrypt a file and send it to Carol. This might look to Carol that you sent the file though you didnt.
  • If you want to avoid the above two problems then you can create a new private key for each precipitant, managing which is too cumber stone and impractical.

The Solution

PGP is a method where you create a pair of public-private key using prescribed method. The public key is to be publicized as much as possible and can be even sent to Key Servers so that other people can download it. The private key is to be held with you and not by no way told to others.

  • If you want to send files to some person say Alice, then you should get her public key, encrypt the file with her public key before sending. Alice receives the encrypted file and decrypts it using the private key which was generated as a pair of that public key. In this way, no one else can see the contents since decrypting the file needs Alice's private key which is only in possession of Alice.
  • If you want to send files to everyone and want them to be sure that you sent it, then you should sign/encrypt the file using your own private key and send it to everyone. The recipient fetches your public key for decrypting. If the decryption was successful, then it implies that the file was really sent by you.
Retrieved from "http://wiki.lugmanipal.org/PGP_Encryption"