Johns Hopkins University
You are visitor number: since July 1, 1999
Fred W. Atkinson, III
Student of Telecommunications
Johns Hopkins University
P.O. Box 2986
Gaithersburg, MD 20886-2986
Software engineer Phil Zimmerman has created a means by which the average end user can effectively protect the privacy of his or her own Internet mail. It is a powerful means of encryption that utilizes keys as large as one thousand and twenty-four bits.
An attempt is made to explain the significance, mechanics, and practical use of PGP (Pretty Good Privacy) encryption software. It investigates how powerful this encryption is and why it should be used for conventional email.
It discusses how PGP also provides a means of authentication which can become very valuable to the business community.
This paper provides a basic understanding of the proper and effective use of PGP and its implications.
There was a recent uprising on the Internet regarding rights to personal privacy. It pitted the federal government of the United States against the civil rights of its citizens. The right to privacy of messages over the Internet would be compromised if the government succeeded. Users of the Internet were gearing up for quite a fight to protect their privacy in cyberspace. Emotions were flaring and money for a legal defense fund was being pledged. Letters to politicians were flying left and right.
In the end, the government saw that pursuing this case would put them in extreme disfavor with its citizens. Finally, it decided to drop the matter altogether. The reality of the situation is that the government paid quite a complement to the creator of a tool that would give reasonable assurance of email privacy. It is regrettable that its author had to endure three years of government harassment to achieve that end.
`PGP' (Pretty Good Privacy) was an encryption tool created by Mr. Phil Zimmerman for the purpose of allowing the average citizen to have a means of protecting their communications from those whom it was not intended. Clearly, the government felt that PGP was a very effective means of keeping them out of private messages transmitted over bulletin board systems and the Internet. If they didn't, then why did they bother to go after him? Considering that he provided the encryption tool for free would suggest that he was not involved in export as the government claimed. Additionally, prosecuting him for `munitions' violations seemed to be inconsistent with the fact that PGP is a software program rather than guns or weapons as the term `munitions' suggests. The government's case was little more than economic harassment as they caused large amounts of money to be expended in Phil Zimmerman's defense.
There has only been one known successful attempt to decrypt a PGP encoded message. The message was only a few words in duration, but the amount of time involved in decrypting it was incredibly high. Clearly, the economics of `cracking' such a message would suggest that the cost involved to decrypt it severely outweighed the value of the information intercepted. Certainly this raised some major concerns for law enforcement. However, an old argument comes to mind: When guns are outlawed, only outlaws will have guns. The same will likely be true if we outlaw encryption by private citizens or corporations.
There is little doubt that illegal communications will be encrypted and transmitted over the Internet. Encrypted or not, criminals will always find a way to use any medium in manners inconsistent with the law or the intended use of the medium. Were PGP to be outlawed, criminal use of the Internet would continue. Only the poor schmoe who obeys the law would suffer as his personal notes, business proposals, and other confidential information would now be susceptible to law enforcement and others who would illegally intercept them. The recent raid of users of America Online® came about because employees of America Online® were intercepting messages and (after determining whether or not the content was of interest to the FBI) forwarding them to the Federal Bureau of Investigation. These users were involved in trafficking of child pornography. While participants in the circulation of child pornography should certainly be prosecuted, what about the messages sent by persons who did not engage in this type of activity? Clearly, their privacy had been severely compromised.
Now that I've explained the issues and events that have made PGP so controversial, it is time to move on to the idea and mechanics of the program. A million questions are probably racing through your mind. What is PGP? What can it do for ME? How does it protect my privacy? How does it work? Why should I use PGP? Do I have to be a techno-dweeb to use PGP? Do we really know if PGP is truly secure? What is the future of PGP? These are all issues I will attempt to explore.
PGP is a public-key encryption program. It uses three known algorithms to encrypt, sign, decrypt, and authenticate messages. It converts the digitally encoded message or signature into a format suitable for text transmission by use of `Radix-64' (which will be explained shortly). Because PGP operates with the use of asymmetric encryption `keys', only the intended recipient of the message may decrypt it. As the source code is available over the Internet, the algorithms used are easily had by all. The real strength of PGP is that the number of possible `keys' are so enormous that it relatively safe against `brute-force' attacks (attempting to read the message by using all possible keys one by one until the message is decrypted) to invade the privacy of the sender and the intended recipient. The author of this paper used a scientific calculator to compute the number of possible keys only to find that the unit could not handle numbers this big.
To use PGP, you must generate a pair of keys. One key is the public key, the other is the private key. The private key allows you to decrypt a message sent to you by some other user. To allow other users to encrypt a message intended only for you, you must provide them with a copy of your public key. A public key will not allow decryption of an encoded message. A special command issued to the PGP program begins a process of creating your own personalized pair of keys. You respond to the requests of PGP (to questions it asks) to generate those special keys for you. It will ask you for a pass phrase to allow the newly created private key to remain unusable by anyone but you.
Additionally, PGP can be used to authenticate that a message was sent by the key holder of the message. By generating an electronic signature, the sender cannot deny that he sent the message. An example of this would be someone sending an email request for work to be performed and then later denying that he made the request. Certainly this could be a troubling situation for anyone who is in the business world. Most persons and companies like to get paid for their work. Upon receipt of the request, the sender's identity can be verified by using the sender's public key to confirm that the message was indeed sent by the party it appears to have come from. This feature certainly has some major benefits for the business world.
Having examined these features, it is clear that PGP has some benefits to offer to the business world.
PGP generates encrypted files by use of the freeware UNIX® `ZIP' compression utility and two encoding schemes know as `IDEA' (International Data Encryption Algorithm, an algorithm for generating shared, `secret keys') and `RSA' (an algorithm for `public-key' encryption). Compressing the text increases the security of the message because it places further demands on the cryptanalyst. This compression deprives him or her of the repetitions offered by the user of alphabetic text. Sometimes, the message is too short to be able to effectively compress it or its structure may be such that it is not a good candidate for encryption. When this is true, PGP foregoes the compression and proceeds directly to the IDEA encryption. Another advantage to compressing the message is that it will take less modem time when it is actually transmitted.
It is necessary to draw a distinction between `public-key' (also known as `asymmetric' encryption) and `secret-key' (also known as `symmetric' encryption) to understand what is unique about `RSA'. As previously explained, `public-key' encryption is a means by which only the holder of a corresponding `private-key' could decrypt the message. `Secret-key' is a means of encryption involving only one key. This same key may encrypt or decrypt the message. Since a `public key' does not compromise the security of a message, it may be freely distributed. The `private key' does not have to be freely circulated thus the chances of unauthorized decryption are very small. The security in `secret-key' is entirely dependent upon how well guarded the key is. Since the key will decrypt the messages and since it must be circulated in order to work, it would be reasonable to conclude that it is not as secure as `public-key' encryption (This is the author's opinion).
PGP's approach utilizes both types of encryption. First, PGP generates a `secret key' for `IDEA' by using a random number that it generates either from a file in the root directory, or from the pattern of keystrokes by the end user. It then encrypts the text and places the `secret key' at the end of the message. Once this task has been completed, PGP utilizes the `RSA' algorithm to encrypt the secret key into yet another round of encryption. Since the `secret key' can only be decrypted by the holder of the intended private key, only the recipient can decrypt.
`IDEA' was developed by James L. Massey and Huejia Lai in 1990. As of 1995, IDEA has resisted cryptanalysis better than most other ciphers. A block length of sixty-four bits makes it very strong against brute-force attacks. `IDEA' also uses a one hundred and twenty-eight bit key. It utilizes means to confuse the cryptanalyst by making repetition of characters meaningless. Since each bit from both the block and the key influences every ciphertext bit, it can be very confusing to whomever might attempt to decrypt it. It is a `secret-key' means of encryption thus the key must be carefully guarded. The biggest weakness of IDEA is in secure circulation of the secret key. It is incredibly strong in all other respects.
`RSA' was developed at MIT by Rivest, Shamir, and Adleman (hence the name `RSA'). It is an `asymmetric' encryption process. This means that a different key is needed to decrypt than to encrypt the message. At present, it is the only accepted algorithm for public-key encryption.
`Radix-64' is a method of converting binary files into text format. First, it breaks the bit stream of the binary file into bit groups of six. Next, it looks at each group of six as an individual character. It then converts each group of six bits into a text character. For example, `010111' would correspond to a decimal 23 which becomes (by Radix-64 definition) an upper case `X'. Other bit groups would be converted by this chart as well. Once we have converted all six bit characters into a text format, it is ready for transmission via conventional text modes (email).
Digital signatures are achieved by providing a message digest not unlike checksum. Essentially, a digital one hundred and twenty-eight bit representation of the message is used to authenticate. Once this `hash code' has been created, PGP encrypts the `hash code' with a nonce (time stamp) and a digital signature. Should the message itself be altered in any way, the signature will not match when an authentication attempt is made. The message is then sent.
When the message is received, the user can use PGP to authenticate and prove that this message was indeed sent by whom it appears to be if the user has the sender's `public key'. The process begins by determining the `hash code' for the message. Next, the digital signature is decrypted by means of the sender's public key. Now that this is complete, the two hash codes are compared. If they match exactly, it is reasonable to conclude the message is from whom it appears to be.
`MD5' is the algorithm used by PGP to create the message digest. It was created by Ronald Rivest and placed in public domain. Once the digital signature is generated, the `Radix-64' format is used to convert the signature into a text ready format.
Many people argue that their messages do not carry material that require privacy or authentication. Why, then, do they put their mail in envelopes rather than on post cards? Because it makes your message less apt to be read by someone you don't want it to be. Why should you require a signature before conducting certain business transactions? Because a good businessman will require proof of contract before entering into one. These are basic common sense reasons that should also apply to the users of email. Most persons would not want some system administrator reading an email note to his or her spouse or steady as the contents would be too personal. Are these not sufficient reasons to protect the contents of your messages?
The real strength of PGP is to protect the contents of your message. Unfortunately, it cannot protect your identity or the identity of your recipient. If someone claimed to have no business dealings with a certain other party, it would be reasonable to assume that little or no business communications should be taking place. However, if a thousand encrypted messages are monitored being sent from this person to the other party, then there is substantial reason to assume that the claim of `no association' is untrue. The fact that no one knows what the message content is becomes a totally separate issue.
Considering that the largest PGP key is 1024 bits in length, raise 2 to the 1024 power to determine how many possible keys might be had. I tried to run this calculation on a calculator that was capable of handling incredibly large numbers. The calculator could not handle it and overflowed.
Your key is one key of out that number. A brute force attack would involve incredible amounts of time to decrypt your messages if the cryptanalyst attempted to use every key. Would it really be worth all the effort to them? In most cases, probably not. The old saying, `There's strength in numbers' is also true of decryption keys.
PGP requires some knowledge of its hierarchy to allow an end user to utilize it. For the users of the personal computer, the freeware version is only available in a DOS® character user interface format at the present time. This does make for a little less than user friendliness. As the demand for a Windows® version rises, it is this author's hope that a freeware Windows® version will be released. There are also versions of it available for the MacIntosh® and for UNIX® operating systems.
During my research, a Windows®/DOS interface utility was discovered. It is a shareware program known as `WPGP®'. You must use it in conjunction with the DOS version of PGP. It provides graphical interface for the end user and executes the PGP software in batch mode.
This utility has greatly simplified the task of encryption from a Windows® environment for me. I need highlight the message text, click on the encrypt button, enter my pass phrase, and WPGP executes the rest. From that point, I need only send the message. WPGP® also provides for decryption, signature, signature authentication, and key management.
As I have not seen either the MacIntosh®, UNIX®, or Amiga® versions, I cannot say how user friendly they are.
No encryption algorithm is one hundred per cent secure. The best we can hope for is to make it so expensive to decrypt that the effort just isn't worth the money or is so time consuming that the information is worthless by the time it is decrypted. This is where the end user can help by keeping his pass phrase and private key completely secure.
Most successful attacks are due to poor end user security. Not using a pass phrase or leaving a private key where anyone can get it greatly increases the possibility that your messages will be compromised. Allowing your key and pass phrase to fall into the hands of some unknown person greatly simplifies the job of cracking your encryption. Additionally, it is necessary to be skeptical of public keys that you receive until you are sure of the identity of the public key's owner. It is not outside of the realm of possibility that someone could represent himself/herself to you as someone who they are not and provide you with their public key. If you assume their identity is correct, you may be channeling information directly into the hands of someone who shouldn't be getting it. This could be your competitor or some industrial spy. PGP won't do the job without proper end user key management. It is up to the user to exercise skepticism and common sense. An ad for a commercial version of PGP (Viacrypt®) claimed that email is regularly scanned for keywords that would indicate illegal activity. Most people would not want their email violated like this.
There are ways to accurately verify ownership of a key. The best, though often impractical, means of getting the actual public key of an end user is to get it directly from that person. Let them put it on a diskette and place it in your hand. When that other end user is in China and you are in New York, this isn't cost effective or practical.
The next best way is to verify a public key is by calling that end user. PGP has a means of displaying a numeric `fingerprint' of the key. The fingerprint consists of a string of numbers unique to that key. Display that fingerprint, call the end user, and read the fingerprint over the phone. Once that user confirms that you indeed have his or her public key, you may consider that the key is authentic. Of course, don't rely on a phone number provided on the message that the key was attached to. Look up and verify the phone number of that particular user by reliable means.
Failing that, keys can be authenticated by persons whom you know you can trust. This isn't as reliable as the previous means, but provides a much better level of security than accepting a key blindly and on faith. If someone you have valid reason to trust (your corporate CEO, your immediate superior, a close and trusted friend or professional associate, etc.) provides the key to you and confirms it belongs to a particular individual, then it is reasonable to assume that it does belong to that individual. You can then use the key with reasonable confidence.
Other means exist, but beware. There is someone out there who would like to get your corporate information. Be wary of unexpected keys arriving for no apparent reason.
There is no way to know if the government (or anyone else) has an effective means of decrypting `IDEA' or `RSA'. Having a secret and effective means of cryptanalysis available is always a possibility. This is true of virtually any encryption scheme we would want to name. It is part of the risk. You have to decide if you are willing to take that risk if you are to use any encryption scheme.
The real test of whether or not PGP will become of strategic use via Internet services will rely on several factors. The first will be its acceptance by the casual Internet end user. This will probably be the single most important factor. Next, businesses will have to follow suit by adopting the commercial versions for doing business with the public.
Largely, I believe that the need is there. The fallacy may be in the public's mis-perception of secure communication over the Internet. With the Clinton administration's support of the `clipper chip', the government may take some steps to impede the acceptance of PGP as a privacy tool. If we value our individual rights, we may have to take a stand on this issue. Also, criminal use of PGP may further motivate the government or groups such as the Christian Coalition to oppose it. Only time will tell for sure. Since PGP has no back doors (as has been proven through the distribution of the original source code), it will be far better privacy than the clipper chip could ever offer.
Most security agencies take the position that if you are regularly using PGP, you are probably doing something wrong. Perhaps this is the fault of the end-user who thinks he need not protect his messages because he or she `isn't doing anything wrong'. When those who do it for a legitimate reason (such as protecting a credit card) carry out such a transaction, they may become suspect. One author claimed that regular use of PGP can make you the subject of surveillance. This will increase your susceptibility to having your bank records monitored or your telephone tapped. If encryption were the norm instead of the exception, this misperception would disappear.
Some are arguing that it will be necessary to place private keys in `escrow', meaning that some private or government agency will hold a copy of each key. They would remain unused until a court order is issued to allow law enforcement to monitor your transmissions. While there would be clear benefits to the community for deterring criminal use of the Internet, it would violate the rights of the innocent.
It appears that the forces of public opinion and the market place are moving ahead. A coalition has been formed to support the relaxation of export controls of commercial encryption software. It is being supported by Senator Conrad Burns (Republican, Montana) in the form of a bill now know as the `Senator Burns' bill. Phil Zimmerman and a number of Internet rights organizations are supporting the efforts of this bill. At this time, no draft copies have been released. The results of this effort will have a great impact upon the future of PGP on the Internet.
PGP is a very powerful privacy tool. It is this author's hope that it will gain wider acceptance. As more attention and public awareness is heightened, concerns about the security of Internet email will likely bring greater acceptance among end users.
We have covered what PGP is and what it can do. We've also discussed how it works and why you should use it. It protects your privacy and is practical for a non-technical end user. The issue of its effectiveness (security) has also been discussed. Its future is likely going to be dictated by the demands of the public and the reaction of the political arena in the near future due to the efforts of Senator Burns.
The infrastructure that has been provided by Phil Zimmerman may well be the means by which we protect our rights. Only time will tell. This author is already implementing its use. My public key and its fingerprint are provided as an attachment to this paper.
The next time you send a personal message from your Internet account, think about how you would react if you knew someone was reading your mail. As an ounce of prevention is worth a pound of cure, you may want to take the time to generate a pair of PGP keys and circulate your own public key on the Internet. Your mail is no one's business but your own. You would be well advised to take the necessary steps to protect it. Civil rights can be easily lost due to apathy. It may well be that this right may be next if we do not adopt its use.
-----BEGIN PGP PUBLIC KEY BLOCK-----
-----END PGP PUBLIC KEY BLOCK-----
My public key may be obtained via the World Wide Web. Go to URL address: `http://bs.mit.edu:8001/pks-commands.html#extract' and search on `Fred Atkinson'.
Or it can be had via email by sending the following message:
Subject: get Fred Atkinson
Bagnall, Phil, How Safe is PGP?, Internet Resource, `http://www.hyperlinke.com/E0020/.../thesis/95/23_10/netwk/pgp1.htm, pgp2.htm, pgp3.htm'
Denning, Dorothy E., The Future of Cryptography, Internet Resource, `http://www.cosc.georgetown.edu/%7Edenning/crypto/Future.html'
`mathew', Pretty Good Privacy - Legal Issues', Internet Resource, `http://www.mantis.co.uk/pgp/pgp-legal.html'
Mayo, Sherry, How PGP Works, Internet Resource, `http://rschp2.anu.edu.au:8080/hopgp.html'
Schiller, Jeffrey I., MIT distribution site for PGP, Internet Resource, `http://bs.mit.edu:8001/pgp-form.html'.
Sobel, David, Internet Privacy Coalition Formed, Cu Digest, email@example.com, April 21, 1996
Stallings, William, Network and Internetwork Security Principles and Practice, Prentice-Hall, Inc., Englewood Cliffs, New Jersey, 1995
ViaCrypt, Introduction to Message Privacy and ViaCrypt PGP, ViaCrypt, Phoenix, AZ, Feburary 10, 1995
Why Do You Need PGP?, Internet Resource, `http://rschp2.anu.edu.au:8080/pgp.html' (author's name not available)
Zimmerman, Phil R., The Official PGP Users Guide, The MIT Press, Cambridge, Massachusetts, 1995