PGP (Pretty Good Privacy)
PGP provides a mechanism for two people to
communication over an insecure channel.
Assumptions:
- The Sender and the Receiver each has the other person's
public key.
- The bad guy has both public keys as well and can intercept
all communications.
Here are the steps.
- The sender writes the message.
- The sender uses
MD5 to calculate a 128 bit digital
signature for the message.
- This is encrypted using the sender's private key and appended
to the message.
- The sender generates a one time session key and uses this
to encrypt the message and the encrypted digital signature using
IDEA, a symmetrical cipher.
- The sender encrypts the one time session key using the
Receiver's public key and appends this to the message.
- The sender sends the message, the Receiver gets it
- The Receiver decrypts the one time session key using his
private key.
- The Receiver decrypts the message with IDEA using the session
key
- The Receiver decrypts the digital signature using the Sender's
public key.
- The Receiver uses MD5 to calaculate the digital signature, and
compares the result to the decrypted signature sent with the message.
If they agree, the Receiver has confirmed that the message did in
fact come from the sender and that it was not altered in route.
Click here for more information