Pretty Good Privacy
If you wish another to keep your secret, ﬁrst keep it yourself.
- Seneca in Hippolytus, c. 60 A.D.
• What is PGP?
• Why use PGP?
• How to use PGP
• Can PGP be cracked
• Is PGP legal?
What is PGP?
PGP (Pretty Good Privacy) is a free encryption program written by Phil
Zimmerman. It allows you to
• Encrypt ﬁles so only the person that encrypted it can decrypt it
• Encrypt a message or ﬁle so only the recipient can decrypt and read it
• Create digital signatures on your ﬁles and e-mail that guarantees that it can
only have come from you
Why would you want to do this?
Why use PGP to exchange messages?
by Phil Zimmermann
It’s personal. It’s private. And it’s no one’s business but yours. You may be
planning a political campaign, discussing your taxes, or having an illicit affair. Or
you may be doing something that you feel shouldn’t be illegal, but is. Whatever it
is, you don’t want your private electronic mail (E-mail) or conﬁdential documents
read by anyone else. There’s nothing wrong with asserting your privacy. Privacy
is as apple-pie as the Constitution.
Perhaps you think your E-mail is legitimate enough that encryption is
unwarranted. If you really are a law-abiding citizen with nothing to hide, then
why don’t you always send your paper mail on postcards? Why not submit to
drug testing on demand? Why require a warrant for police searches of your
house? Are you trying to hide something? You must be a subversive or a drug
dealer if you hide your mail inside envelopes. Or maybe a paranoid nut. Do
law-abiding citizens have any need to encrypt their E-mail?
Please see http://www.dcs.ex.ac.uk/˜aba/timeline/ and other sources
• 1976 Whitﬁeld Difﬁe and Martin Hellman disover public key cryptography
• 1977 Ron Rivest, Adi Shamir, and Len Adleman discover another more
general public key system called RSA
• 1991 Phil Zimmerman writes PGP1.0 and gives it away
• 1990s PGP has copyright problems
• 1990s PGP has export restriction problems
• 1990s Everyone in the world gets it anyway
How to use PGP
If I want to send you a message that no one else (but you) can read I encrypt
or encipher the message: I scramble the message in a complicated way using
a key that can unscramble it.
You can decrypt the message by using this key.
Since a single key is used for both encryption and decryption I have to send the
key (via a secure method) to the recipient of the message.
In public key cryptosystems there are two parts to the key:
• a publicly revealed key
• a private key.
Each key unlocks the code that the other makes. Knowing the public key doesn’t
give you any information about the private key so it can be published and widely
Now no secure communication channel is needed!
(actually that is not completely true because you have to verify that the your
friends public key is valid).
Sending an encrypted message
Anyone with my public key can encrypt a message that only I can decode. They
encrypt the message with my public key and I decrypt it with my private key.
Sending a signed message
I can use my private key to encrypt a message that only my public key can
decrypt. This authenticates that the message was from me.
Sending an encrypted and signed message
I can use my private key and the recipient’s public key to get both authentication
The public key encryption algorithm is slower then single-key encryption
methods. So what really happens is:
• the original (plaintext) ﬁle is encrypted by a random key (session key) using
single-key encryption method (PGP uses the IDEA single-key cipher)
• the recipient’s public key is used to encipher the session key
• the public-key encrypted session key is sent along with the enciphered text
to the recipient
• the recipient uses her private key to unencrypt the session key and then a
fast single-key algorithm to decipher the large message.
Keys are kept in key certiﬁcates which contain
• the key owner’s ID (a name)
• timestamp when key pair was made
• the actual key (public or private)
Each user keeps his own pair of key rings: a public key ring and a private key
ring. You must collect public keys from your friends who you want to exchange
encrypted e-mail with.
Integrating PGP with mail programs
Most mail programs are not PGP aware!
• Mutt uses the proposed Internet standard: PGP/MIME RFC 2015
• Emacs uses the mailcrypt package
• Elm has patches
• Pine has scripts
• Exmh has support but no menus
• Eudora has support
• You can do it yourself
Is it legal?
Not in all countries.
(France for example see http://cwis.kub.nl/˜frw/people/koops/lawsurvy.htm)
In the US and most of the world, yes.
PGP has had legal problems on two fronts: copyright violation and export
• In the US use PGP
Avoids copyright problems
• In the rest of the world use PGPi
http://www.pgpi.com/ Avoids export controls
This copy was exported as a book and scanned.
Can PGP be cracked?
If you have enough time and resources (and there are no holes found in the
algorithms - see http://axion.physics.ubc.ca/pgp-attack.html)
For PGP you can try to crack
• IDEA (the convential cipher)
• RSA (the public key encryption).
It is easier to try a factoring attack than searching keyspace.
How much time?
Brute force attacks
Asymmetric RSA keys
KeySize MIPS-years required to factor Avalon-years (theoretical peak)
512 30,000 0.2
768 200,000,000 1428
1024 300,000,000,000 2,142,857
2048 300,000,000,000,000,000,000 2,142,857,142,857,142
Symmetric key equivalences
It is probably easier to use a different method
• Stealing private key, guess passphrase or trick/force you to reveal
• Distributing fake public keys
• Electronic surveillance (Van Eck radiation).
If you don’t believe see http://www.cl.cam.ac.uk/˜mgk25/ih98-tempest.pdf.
• MIT distribution site for PGP:
• Slashdot discussion on Cryptography in Mail Software
• The International PGP Home Page
• The GNU Privacy Guard
• Neal Stephenson’s Cryptonomicon