Pages

Monday, January 21, 2013

Pretty Good Privacy


From Wiki:

Pretty Good Privacy (PGP) is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting and decrypting texts, e-mails, files, directories and whole disk partitions to increase the security of e-mail communications. It was created by Phil Zimmermann in 1991.
PGP and similar products follow the OpenPGP standard (RFC 4880) for encrypting and decrypting data.

PGP encryption uses a serial combination of hashingdata compressionsymmetric-key cryptography and finally public-key cryptography; each step uses one of several supported algorithms. Each public key is bound to a user name and/or an e-mail address. The first version of this system was generally known as a web of trust to contrast with the X.509 system, which uses a hierarchical approach based on certificate authority and which was added to PGP implementations later. Current versions of PGP encryption include both options through an automated key management server.Compatibility
As PGP evolves, PGP that support newer features and algorithms are able to create encrypted messages that older PGP systems cannot decrypt, even with a valid private key. Therefore it is essential that partners in PGP communication understand each other's capabilities or at least agree on PGP settings.Confidentiality
PGP can be used to send messages confidentially. For this, PGP combines symmetric-key encryption and public-key encryption. The message is encrypted using a symmetric encryption algorithm, which requires a symmetric key. Each symmetric key is used only once and is also called a session key. The session key is protected by encrypting it with the receiver's public key, therefore ensuring that only the receiver can decrypt the session key. The encrypted message and encrypted session key are sent to the receiver.

GO READ THE WHOLE THING. 

[edit]

No comments:

Post a Comment