NETWORKS

When "Pretty Good" Encryption Is Good Enough: Cryptography for the Masses

by Tim O'Connor

[Ed: Links to web pages and/or e-mail addresses which have become inactive since the publication of this article have been enclosed in curly brackets { }. Replacement links have been provided where possible.]

At its heart, cryptography is the science of scrambling information so that it is meaningless to a random observer but useful to the legitimate recipient, who must possess a secret key that allows the information to be unscrambled.

Once the specialty of spymasters, strong cryptographic tools are now available for personal use, so even modest desktop computers can be used to protect information from snoopers. Perhaps the most prominent encryption software today is PGP (Pretty Good Privacy), which is available for DOS, Mac, OS/2, Amiga, VMS, and Unix platforms. PGP was written by Phil Zimmermann, a programmer who has always been fascinated by cryptography and its practical applications, and who has a keen interest maintaining personal privacy.

The Key to Cryptography

A traditional weak point of cryptography has been in getting the secret key that unlocks an encoded message into the hands of the intended recipient. For example, if your communications were monitored by an enemy, and you transmitted the secret key that could unlock your documents, the key itself might be intercepted. This would allow the enemy to decode your later messages, or in some cases to impersonate you by encoding messages with the key.

In 1976, Whitfield Diffie and Martin Hellman invented a new technique known as public-key encryption (reported in IEEE Transactions on Information Theory, Nov. 1976). The Diffie-Hellman algorithm involves the concept of a pair of secret keys. Information generated by the secret keys can be exchanged between two parties to create a "session key," which is then used to encrypt subsequent messages.

In 1978, mathematicians Ron Rivest, Adi Shamir, and Leonard Adleman invented a public-key algorithm known as RSA, which can be used to encrypt a message and to create a digital signature of it. So, a message can be scrambled, requiring the private key to unlock it. In addition, the message might be transmitted without scrambling, but with a digital signature (a kind of electronic certificate) attached, or it can be both encrypted and signed. The signature allows the recipient to verify that the message has not been changed in any way in transit, and that it was truly created by the person who signed it, thereby preventing the distribution of forged messages.

PGP is built around several algorithms, including RSA.

For most people, it is not necessary to contend with the mathematical principles behind PGP. However, having a basic knowledge of how the software works will help you make the most efficient use of encryption and digital signatures. Consider investing in one of the standard PGP books, Protect Your Privacy: A Guide for PGP Users, by William Stallings (Prentice-Hall, 1995) or PGP: Pretty Good Privacy, by Simson Garfinkel (O'Reilly & Associates, 1995). Each provides background details and plenty of helpful hints.

The Key to PGP

At the most basic level, you will need to perform the following steps after you install PGP on your system:

Generate your own pair of private and public keys. You will keep the private key for your own use only, protected by a secret passphrase you select. You will eventually release the public key to the world. You will need to supply the secret passphrase to your computer each time you use one of your keys to encrypt, decrypt, or create a signature for mail or files.
Sign your own public key, certifying to the world that you yourself are the owner of the key. (Think of what you do when you get a new credit card in the mail: the first step is to call the credit card company to identify yourself and activate the card.)
Get a handful of friends who use PGP, and have them sign your public key, which indicates that each of them certifies that you are who you claim to be. Each of you should sign each other's public keys.
If you can get several widely known PGP users to vouch for your identity, add their signatures to your key as well. This activity is known in the PGP world as establishing a "web of trust." For example, you may receive my key and may not know who I am, but if my key has been signed by several people you know and trust, you may be willing to add me to your keyring with reasonable confidence that I am who I say I am.
After you have accumulated several signatures on your public key, extract the key to a text file. You can then make the key available, as a block of text, for anyone in the world to take. Some people distribute their keys through the World-Wide Web. (For a copy of my public key, see the URL {http://www.nyu.edu/acf/staff/oconnort/oconnort.pgp.html}.) Others put them in their accounts, so that when the account is fingered (e.g., "finger oconnort@acf2.nyu.edu"), the key will be displayed. There are also "key servers" on which you can post your key.

You will also want to extract your key's "fingerprint," so that people who retrieve your key from somewhere on the Internet can verify that the key's fingerprint matches the fingerprint you have made separately available. (Again, as an example, my PGP fingerprint appears at the beginning of this article, in the small biographical paragraph; it is also in the PGP section of my home page and on my printed stationery.)

Other individuals can add your key to their keyrings. You can add their keys to your ring. Once you have a key on your public ring, you can send encrypted messages to the owner of the key. Only the recipient's secret key will be able to unscramble the message. You can also verify that a digital signature attached to a file or a message matches the key on your public ring. If not, there is the chance that the message in question is a forgery, or has been altered in transmission.

It is considered good practice to create what is known as a key revocation certificate immediately, so that if your secret key is compromised, or you forget your secret passphrase, you can send out a PGP-authenticated message telling the world to invalidate the old key. These techniques, and many others, are detailed in the standard PGP literature.

The most secure use of PGP is considered to be on one's own desktop computer, even though PGP is available for multi-user systems. In theory, if either the multi-user system or the network it is connected to is compromised, or if the system is operated by untrustworthy personnel, your secret key might be captured.

PGP in Action

These are the steps involved in encrypting a message using PGP. Tim O'Connor writes a message to be sent to the writer L. Manning Vines. He sends it to Vines, encrypting it with the Vines public key and signing it with the O'Connor secret key, producing a message that has the normal lines for address and subject, a pair of lines indicating the beginning and end of a PGP message, and several lines of gibberish in between. Vines unscrambles the message using his private key and secret passphrase, revealing that the information between the "BEGIN" and "END" lines really says: "Hello, world!" In decrypting the message, PGP will also attempt to check the O'Connor signature against the public O'Connor key stored on the Vines ring. If the signature is present on the ring and it matches the signature embedded in the message, Vines knows that O'Connor must be the author of the message. (If Vines does not have a copy of the O'Connor public key, PGP will still be able to unscramble the message, but will be unable to validate the O'Connor signature. So, Vines would be able to read the message, but he could not be certain that O'Connor is genuinely its author.)

O'Connor, meanwhile, knows that only Vines, using his secret "L. Manning Vines" key, can decode the message.

PGP is considered to be a very secure means of scrambling a file. Experts in the field, however, admit that they can never predict what new technique may be developed to break an encryption scheme, or what loopholes may eventually be discovered in cryptographic software. This is why Phil Zimmermann modestly christened his creation "Pretty Good," acknowledging that only a fool would contend that a public-key technique is completely bulletproof. For the majority of PGP users today, "pretty good" is considered strong enough to provide a healthy level of security for sensitive mail and files.

Meanwhile, privacy activists eagerly await future PGP releases that may make the notoriously complicated program easier to operate. They also hope that developers of electronic mail programs will build in some ability to encrypt and digitally sign mail simply and transparently, so that computer users can focus on getting their messages out, rather than on the mechanics of running PGP. [ C ]

Tim O'Connor was the ACF's System and Network Security Manager at the time of this article's publication.
{tim.oconnor@nyu.edu}
Posted 21 February 1996. Last Revised 20 May 2004.