PGP Primer
I recently saw a posting in which the blogger answers a question about "how PGP works." I have no real context for why the question was asked (there's a reference I didn't follow at the beginning) but I found the description of PGP (Pretty Good Privacy) a bit brief.
So I'll give something more lengthy. Anyone who knows me knows that being verbose is *not* one of my gifts. However, I'll shoot for something between a brief one-line definition and a Wikipedia article.
First, PGP's primary uses:
Encrypting messages and files
Digitally signing messages and files
Encryption - Many people are familiar with a basic way to encrypt something on a computer. You put a password on it, and anyone who knows that password can read it. PGP is novel in that it uses a different paradigm. Rather than give you the specifics on how it works, I'll give you an illustration on how it functions:
You have an unlimited number of safes (as in a safe you would put money or documents into). You give these safes to all of your friends. In fact, you may put your safes out on a street corner where anyone who knows where to find them can get them.
These friends can put anything in the safe they want. The catch? Once they lock the safe, only *you* have the combination.
That's effectively how PGP encrypts things. You have a public key (the safe you distribute to anyone) and a private key (the combination). Anyone can take a message an "put it in your safe" (encrypt it to the public key) but only you can unlock it (decrypt it, which is only possible with the private key...and the NSA). Make sense? Even when your friends can put stuff in the safe, they cannot then open up the safe! Once it's in, it's in until YOU pull it out.
Digital Signing - Now, we're going to change the example a bit. THIS time, you have all of the safes, and they are transparent. You still are the only one who has the combination. You wish to send a document to Cheryl, and Cheryl needs to know it came from you and no one else. You put your document in the clear safe and send it to Cheryl. She receives it and cannot "open" it, but she can do two critical things:
She can read the message (it is in a clear safe, after all)
She can verify that it is *your* safe an no one elses, because she knows only you have the key to this safe. Furthermore, she can "verify" the safe is yours, because she take take one of the non-clear safes (from the previous example) and verify that they have the same combination (though she can't tell what it *is*, only that they match).
This whole thing with "safes" and "combinations" is done with some killer mathematics. This math is what allows one person to encrypt a message (to the public key), but not to decrypt the message. The "decryptor" must have the rest of the mathematical formula, which is the private key.
There is a factor that makes or breakes PGP: the web of trust. Basically, when you receive your safe from Bob (a safe for you to put documents into to encrypt them so only Bob can read them), there needs to be a process by which you verify *beyond*a*shadow*of*a*doubt* that it did, in fact, come from Bob.
You look on the bottom of the safe, and it has some special numbers. You call Bob, and ask him to tell you what numbers *should* be on the bottom of the safe (kinda like a serial number). If they don't match, then someone *else* sent you a safe claiming it was Bob. This is bad, because it means that once you put your stuff in the safe, Bob can't read it! Only the person who *actually* sent you the safe can read it!
Since the numbers are an integral part of the math, someone else cannot "forge" a safe with the wrong numbers on it.
Lastly, and to dive into the web of trust further, it can become a pain to have to call or meet with *every*single*person* with whom you wish to exchange encrypted information. Thus, you can pick a person and "trust" them to a certain degree. Thus, Cheryl (who knows Bob is a security professional, for example) trusts him and tells *her* system that any key that Bob has verified, she should view as verified as well. Bob, knowing that Cheryl is a bit of a n00b, may not reciprocate and may decide that he trusts only Cheryl's key, but any other key he gets through her must be verified by him explicitly.
In this way, companies who use PGP widely can set up an "office of trust" (or, a Corporate Signing Key) and they can verify the keys of all employees for all other employees. It is, after all, HR's job to check IDs and stuff before people start work. Employees then can choose to trust the Corporate Signing Key, and then each employee does not need to verify every other employee.
There is one critical way in which I over-simplified the "trading safes" analogy. For those who care, The asymmetric encryption doesn't actually encrypt the message, rather it encrypts a very long key, and the message is encrypted to that key. Then, when you decrypt the message with your private key, you are actually decrypting the symmetric key, and then the symmetric key is used to decrypt the messge.
Why? So you can encrypt a file to multiple people (well, to their public keys) without having the message get significanly larger. If you had to encrypt the entire message to everyone's key, it would grow linearly. By only encrypting the symmetric key to the public keys, the message grows only a small amount for every person you add.
Make sense? No? Post!
So I'll give something more lengthy. Anyone who knows me knows that being verbose is *not* one of my gifts. However, I'll shoot for something between a brief one-line definition and a Wikipedia article.
First, PGP's primary uses:
Encrypting messages and files
Digitally signing messages and files
Encryption - Many people are familiar with a basic way to encrypt something on a computer. You put a password on it, and anyone who knows that password can read it. PGP is novel in that it uses a different paradigm. Rather than give you the specifics on how it works, I'll give you an illustration on how it functions:
You have an unlimited number of safes (as in a safe you would put money or documents into). You give these safes to all of your friends. In fact, you may put your safes out on a street corner where anyone who knows where to find them can get them.
These friends can put anything in the safe they want. The catch? Once they lock the safe, only *you* have the combination.
That's effectively how PGP encrypts things. You have a public key (the safe you distribute to anyone) and a private key (the combination). Anyone can take a message an "put it in your safe" (encrypt it to the public key) but only you can unlock it (decrypt it, which is only possible with the private key...and the NSA). Make sense? Even when your friends can put stuff in the safe, they cannot then open up the safe! Once it's in, it's in until YOU pull it out.
Digital Signing - Now, we're going to change the example a bit. THIS time, you have all of the safes, and they are transparent. You still are the only one who has the combination. You wish to send a document to Cheryl, and Cheryl needs to know it came from you and no one else. You put your document in the clear safe and send it to Cheryl. She receives it and cannot "open" it, but she can do two critical things:
She can read the message (it is in a clear safe, after all)
She can verify that it is *your* safe an no one elses, because she knows only you have the key to this safe. Furthermore, she can "verify" the safe is yours, because she take take one of the non-clear safes (from the previous example) and verify that they have the same combination (though she can't tell what it *is*, only that they match).
This whole thing with "safes" and "combinations" is done with some killer mathematics. This math is what allows one person to encrypt a message (to the public key), but not to decrypt the message. The "decryptor" must have the rest of the mathematical formula, which is the private key.
There is a factor that makes or breakes PGP: the web of trust. Basically, when you receive your safe from Bob (a safe for you to put documents into to encrypt them so only Bob can read them), there needs to be a process by which you verify *beyond*a*shadow*of*a*doubt* that it did, in fact, come from Bob.
You look on the bottom of the safe, and it has some special numbers. You call Bob, and ask him to tell you what numbers *should* be on the bottom of the safe (kinda like a serial number). If they don't match, then someone *else* sent you a safe claiming it was Bob. This is bad, because it means that once you put your stuff in the safe, Bob can't read it! Only the person who *actually* sent you the safe can read it!
Since the numbers are an integral part of the math, someone else cannot "forge" a safe with the wrong numbers on it.
Lastly, and to dive into the web of trust further, it can become a pain to have to call or meet with *every*single*person* with whom you wish to exchange encrypted information. Thus, you can pick a person and "trust" them to a certain degree. Thus, Cheryl (who knows Bob is a security professional, for example) trusts him and tells *her* system that any key that Bob has verified, she should view as verified as well. Bob, knowing that Cheryl is a bit of a n00b, may not reciprocate and may decide that he trusts only Cheryl's key, but any other key he gets through her must be verified by him explicitly.
In this way, companies who use PGP widely can set up an "office of trust" (or, a Corporate Signing Key) and they can verify the keys of all employees for all other employees. It is, after all, HR's job to check IDs and stuff before people start work. Employees then can choose to trust the Corporate Signing Key, and then each employee does not need to verify every other employee.
There is one critical way in which I over-simplified the "trading safes" analogy. For those who care, The asymmetric encryption doesn't actually encrypt the message, rather it encrypts a very long key, and the message is encrypted to that key. Then, when you decrypt the message with your private key, you are actually decrypting the symmetric key, and then the symmetric key is used to decrypt the messge.
Why? So you can encrypt a file to multiple people (well, to their public keys) without having the message get significanly larger. If you had to encrypt the entire message to everyone's key, it would grow linearly. By only encrypting the symmetric key to the public keys, the message grows only a small amount for every person you add.
Make sense? No? Post!
Comments