Confidentiality in PGP
Sometimes we see some packages labelled as ‘Confidential’, which means that those packages are not meant for all the people and only selected persons can see them. The same applies to the email confidentiality as well. Here, in the email service, only the sender and the receiver should be able to read the message, that means the contents have to be kept secret from every other person, except for those two.
PGP provides that Confidentiality service in the following manner:
Then, the session key (Ks) itself gets encrypted through public key encryption (EP) using receiver’s public key(KUb) . Both the encrypted entities are now concatenated and sent to the receiver.
As you can see, the original message was compressed and then encrypted initially and hence even if any one could get hold of the traffic, he cannot read the contents as they are not in readable form and they can only read them if they had the session key (Ks). Even though session key is transmitted to the receiver and hence, is in the traffic, it is in encrypted form and only the receiver’s private key (KPb)can be used to decrypt that and thus our message would be completely safe.
At the receiver’s end, the encrypted key is decrypted using KPb and the message is decrypted with the obtained session key. Then, the message is decompressed to obtain the M.
RSA algorithm is used for the public-key encryption and for the symmetric key encryption, CAST-128(or IDEA or 3DES) is used.
Practically, both the Authentication and Confidentiality services are provided in parallel as follows :
Note:
M – Message
H – Hash Function
Ks – A random Session Key created for Symmetric Encryption purpose
DP – Public-Key Decryption Algorithm
EP – Public-Key Encryption Algorithm
DC – Asymmetric Decryption Algorithm
EC – Symmetric Encryption Algorithm
KPb – A private key of user B used in Public-key encryption process
KPa – A private key of user A used in Public-key encryption process
PUa – A public key of user A used in Public-key encryption process
PUb – A public key of user B used in Public-key encryption process
|| – Concatenation
Z – Compression Function
Z-1 – Decompression Function
PGP – Authentication and Confidentiality
During 2013, the NSA (United States National Security Agency) scandal was leaked to the public, people started to opt for services that could provide a strong privacy for their data. Among the services people opted for, most particularly for Emails, were different plug-ins and extensions for their browsers. Interestingly, among the various plug-ins and extensions that people started to use, two main programs were solely responsible for the complete email security that the people needed. One was S/MIME which we will see later and the other was PGP.
Contact Us