1

WWW.Prohackers.in

“E-mail Security Protocol-2

Pretty Good Privacy (PGP)”

By:

-Vishal Kumar

(CEH, CHFI, CISE, MCP)

info@prohackers.in

2

WWW.Prohackers.in

Table of Content

1. Introduction to PGP

2. The Working of PGP

a) Step 1: Digital Signature

b) Step 2: Compression

c) Step 3: Encryption

d) Step 4: Digital Enveloping

e) Step 1: Base-64 Encoding

3. PGP Algorithms

4. Key Rings

5. PGP Certificates

a) Introducer Trust

b) Certificate Trust

c) Key Legitimacy

6. Web of Trust

3

WWW.Prohackers.in

1. Digital Signature

2. Compression

3. Encryption

5. Base-64 Encoding

Fig: PGP operation

4. Enveloping

Introduction

Phil Zimmerman is the father of the Pretty Good Privacy (PGP) protocol. The most

significant aspects of PGP are that it supports the basic requirements of cryptography, is

quite simple to use, and is completely free. Including its source code and documentation.

Moreover, for those organizations that require support, a low-cost commercial version of

PGP is available from an organization called Viacrypt (now Network Associates). PGP has

become extremely popular and is far more widely used, as compare to PEM. The E-mail

cryptographic support offered by PGP is shown below:

1 The Working of PGP

In PGP, the sender of the message needs to include the

identifiers of the algorithm used in the message, along with the

value of the keys. The broad-level steps of PGP are illustrated in

the fig. as shown, PGP starts with a digital signature, which is

followed by compression, then by encryption, then by digital

enveloping and finally, by Base-64 encoding.

PGP allows for three security options when sending an email

message. These options are.

Signature (steps 1 and 2)

Pretty Good Privacy (PGP)

Encryption Non-repudiation Message Integrity

Fig: - Security Features offered by PGP

4

WWW.Prohackers.in Signature and Base-64 encoding (Steps 1, 2 and 3)

Signature, Encryption, Enveloping, and Base064 encoding (Steps 1 to 5)

Let us discuss these five steps in PGP,

Step 1: Digital Signature

We had earlier discussed about the digital signature in the Step 1 of Privacy Enhance Mail

protocol.

Step 2: Compression

This is additional step in PGP. Here, the input message as well as the digital signature are

compressed together to reduce the size of final message that will be transmitted. For

this, the famous ZIP program is used. ZIP is based on Lempel-Ziv-algorithm.

The Lempel-Ziv-algorithm looks for repeated strings or words, and stores them in a

variable. It then replaces the actual occurrence of the repeated word or string with a

pointer to the crossponding variable. Since a pointer requires only a few bits of memory as

compare to original string, this this method reduces in the data being compressed.

For instance, consider the following string:

What is your name? My name is vishal

Using the Lempel-Ziv-algorithm, we would create two variables, say A and B and replace

the word is and name by pointer to A and B, respectively. This is shown in below image.

What is your name? My name is vishal

1. A = is 2. B = name

What 1 your 2? My 2 1 Vishal

Original String

Variable creation and

assignment

Compressed String

Fig: - Lempel-Ziv-Algorithm, as used by the ZIP program

5

WWW.Prohackers.in As we can see, the resulting string What 1 your 2? My 2 1 vishal, is smaller then compare

to original string what is your name? My name is vishal.

Step 3: Encryption

In this step the compressed output of stem 2 (the compression from of the original email

and digital signature together) are encrypted with a symmetric key. For this, generally the

IDEA algorithm in CFB mode is used. We have already discussed this process in PEM

(Privacy Enhance Mail) protocol.

Step 4: Digital Enveloping

In this case symmetric key used for encryption in step 3 is now encrypted with receiver

public key. The output of stem 3 and step 4 together forms a digital envelope. This is

shown in below figure:

Step 5: Base-64 encoding

The output of step 4 is Base-64 encoded; we have already discussed the process of this

encoding in PEM (Privacy Enhance Mail) protocol.

Output of

Step 3

Sender

Symmetric key encrypted with the

receiver’s public key

Digital Envelope

Fig: - Formation of Digital Envelope

6

WWW.Prohackers.in 2.2 PGP Algorithms

PGP supports a number of algorithms. The most common of them are listed below:

Algorithm type Description

Asymmetric Key RSA (Encryption and signing, Encryption only, Signing only)

DSS (Signing only)

Message Digest MD5, SHA-1, RIPE-MD

Encryption IDEA, DES-3, AES

2.3 Key Rings

When a sender wants to send an email message to a single recipient, there is no too much

of problem. Complexities are introduced when a message has to be sent to multiple

recipients. If Alice needs to correspond with 10 people, Alice needs the public key of all

the 10 people. Hence, Alice is said to need a key ring of 10 public key. PGP specific a ring

of public-private keys. This is because Alice may want to change her public-private key

pair, or may want to use a different key pair for different groups or users. In other

words, every PGP user need to have two sets of key rings: (a) A ring of her own public-

private key pair, (b) A ring of public key of other users.

The concept of key rings is shown in the below figure. Note that in one of the key rings,

Alice maintain a set of key pair; while in other she just maintain the public keys of other

users. Obliviously, she cannot have the private key of other users.

Table: - PGP Algorithms

Alice’s key ring, where she holds

her own public-private key pairs

Alice’s key ring, where she holds

only the public key of PGP users

in the system

Fig: Key rings maintain by a user in PGP

7

WWW.Prohackers.in 2.4 PGP Certificates

In order to trust the public key of a user, we need to have that user’s digital certificate.

PGP can use certificate issued by a CA, or can use its own certificate system.

The originally, certificate issued by the root CA to the second-level CAs. The second level

CA can issue certificate to third-level CA and so on this can continue up-to the require

number of levels. At the lowest level, the last CA issues certificate to end user.

In PGP, there is no CA, anyone can sign a certificate to anyone else in the ring. Vishal can

sign the certificate to Deepak, Juhi, Harish and so on. There is no hierarchy of trust. This

creates a situation where a user can have certificates issued by different users. For

example; Juhi may have a certificate signed by Vishal and another one by Anita, this is

shown in the below figure. Hence, if Harish wants to verify Juhi’s certificate, he has two

paths: Juhi to Vishal and Juhi to Anita. Harish may fully trust Vishal, but not Anita, hence

there can be a multiple path in the line of trust from a fully or partially trusted authority

to a certificate.

The equivalent of CA (a user who issue certificate) in PGP is called introducer.

Vishal

Anita

Digital Certificate

User: Juhi

Issued by: Vishal

Digital Certificate

User: Juhi

Issued by: Anita

Juhi

Fig: Anyone can issue certificate to anyone else

8

WWW.Prohackers.in The whole concept can be understood better with the help of three ideas:

Introducer trust

Certificate trust

Key legitimacy

Let us discuss these three concepts now:

(a) Introducer trust

We know that there is no hierarchical CA structure in PGP. Hence it is natural that the

ring of trust in PGP cannot be very large, if every user has to trust every other user in

the system. Think about this, in real life, we do not fully trust everyone.

To resolve this issue PGP provides for multiple level of trust. The number of level depends

on the decision of implementing PGP. However, for simplicity, let us say that we have

decided to implement three level of trust to an introducer. These three levels are none,

partial, and complete. The introducer trust then specifies what level of trust the

introducer wants to allocate to other user in the system. For example, Vishal may now say

that he fully trust Juhi, where Anita says she only partial trust Juhi. Juhi says that she

does not trust Harish, Harish suggest that he partially trust Anita in turn, and so on. This

scenario is shown in the below figure.

Vishal

Anita

Digital Certificate

User: Juhi

Trust: Full

Digital Certificate

User: Juhi

Trust: Partial

Juhi

Fig: Introducer Trust

Digital Certificate

User: Anita

Trust: Partial

Digital

Certificate

User: Harish

Trust: None

Harish

9

WWW.Prohackers.in (b) Certificate trust

When a user A receives a certificate of another user B issued by this ruder C, depending

on the level of trust that A has in C, A assign a certificate trust level to that certificate

while storing it. It is normally the same as the introducer trust level that issued the

certificate this is shown in the below figure.

Background Information: Vishal and Anita have issued certificate to Juhi, Juhi send these certificates to Harish, so that

Harish can extract Juhi’s public key out of any of those certificates and use it in communication with Juhi. However,

Harish does not trust Vishal at all, but trust Anita fully.

Fig: certificate Trust

Result: when Juhi sends the two certificates (issued by Vishal and Anita) to Harish, Harish adds them to his database of

certificate. It is actually the ring of public key of other users. Apart from adding them there, Harish record the fact that it

does not want to trust Juhi’s certificate issued by Vishal (because he does not trust Vishal), but want to trust Juhi’s

certificate issued by Anita (because he trust Anita)

10

WWW.Prohackers.in This concept is explained in the diagram. Let us take another example to ensure that

there is no confusion. Imagine that there is a set of users in the system. Assume that

Mahesh fully trust Naren, partially trust Ravi and Anmol, and has no trust in Amit.

i. Naren issue two certificates: one to Amrita (with public key K1) and another to

Pallavi (with public key K2). Mahesh stores the public key and certificates or Amrita

and Pallavi in his key ring of public keys with certificate trust level equal to fully.

ii. Ravi issues a certificate to Uday (with public key K3). Mahesh stores the public key

and certificate of Uday in his ring of public key with certificate trust level equal to

partial.

iii. Anmol Issue Two Certificates: one to Uday (with public key K3), and another to

Parag (with public Key K4). Mahesh stores the public keys and certificates of Uday

and Parag in his ring of public key with certificate trust level equal to partial. Note

that Mahesh has now two certificates for Uday, one issued by Ravi, and the other

issued by Anmol, both with partial level of certificate trust.

iv. Amit issue a certificate to Parag (with public key K4). Mahesh stores the public key

and certificate of Parag in his ring or public keys with certificate trust level equal

to none. Mahesh can also discard this certificate.

(c) Key legitimacy

The objective behind the introducer trust and certificate trust is to decide whether to

trust the public key of a user. In PGP terms, this is called Key Legitimacy. Mahesh needs

to know how legitimate are the public keys of Amrita, Pallavi, Uday, and Parag and so on.

PGP define the following the simple rule to decide the key legitimacy: the level of key

legitimacy for a user is the weighted trust level for that user. For example, suppose we

have assigned certain weights to certificate trust level, as shown in the below figure:

Weight Meaning

0 No trust

½ Partial trust

1 Complete or Full trust

11

WWW.Prohackers.in In this situation in order to trust a public key (i.e. certificate) of any other user, Mahesh

needs one fully trusted certificate or two partial trusted certificates. Thus Mahesh can

fully trust Amrita and Pallavi based on the certificates they had received from Naren.

Mahesh can also trust Uday, based on tow partial trusted certificates that Uday had

received from Ravi and Anmol.

2.5 Web Trust

The earlier discussion leads to a potential problem. What happens if nobody creates

certificate for fully or partially trusted entity? In our example, on what basis would we

trust Naren’s public key, if no one has created a certificate for Naren? To resolve this

problem, several schemes are possible in PGP, as outlined below.

(a) Mahesh can physically obtain the public key of Naren by meeting in person and

getting the key on a piece of paper or as a disk file.

(b) This can be done telephonic as well.

(c) Naren can email his public key to Mahesh. Both Naren and Mahesh compute the

message digest of this key. If MD5 is used, the result is a 16-byte digest. If SHA-1

is used, the result is 20-byte digest. In hexadecimal, the digest become a 32-digit

value in MD5, and a 40-digit value in SHA-1. This is displayed as 8 groups of 4-digit

value in MD5, and 10 groups of 4-digit values in SHA-1, and is called fingerprint.

Before Mahesh adds this public key of Naren to his ring, he can call up Naren to tell

him what fingerprint value he has obtained to cross-check with the fingerprint

value that is separately obtained by Naren. This ensures that the public key value is

not changed in the email transit. To make matters better, PGP assign a unique

English word to a 4-digit hexadecimal number group, so that instead of speaking out

the hexadecimal string of numbers, users can speak out normal English words as

define by PGP. For example PGP may assign a word India to a hexadecimal pattern of

4AOB, etc.

(d) Mahesh can obtain Naren’s public key from CA.

Regardless of the mechanism, eventually this process of obtaining key of other users and

sending our own to others creates which is called web of trust between groups of people.

12

WWW.Prohackers.in This keeps the public key ring getting bigger and bigger, and helps secure the email

communication

Whenever a user needs to revoke his/her public key (because of loss of private key, etc)

he/she needs to send a key revocation certificate to the other users. This certificate is

self-signed by the user with his/her private key.

Thanks for reading this presentation

Please give us your feedback at

info@prohackers.in

Your feedback is most valuable for us for improving the presentation

You can also suggest the topic on which you want the presentation

Website: www.prohackers.in

FB page: www.facebook.com/theprohackers2017

Join FB Group: www.facebook.com/groups/group.prohackers/

Watch us on: www.youtube.com//channel/UCcyYSi1sh1SmyMlGfB-Vq6A

***Thanks***