PGP stands for Pretty Good Privacy. is encryption software designed to provide privacy, security, and authentication protection for online communication systems. Phil Zimmerman, the developer behind the first PGP program, said the software was made available for free as demand for privacy grew.
Since its creation in 1991, many versions of PGP software have appeared on the market. In 1997, Phil Zimmerman presented a proposal to the Internet Engineering Task Force (IETF) for the creation of an open source PGP standard. The proposal was immediately accepted, and the OpenPGP protocol was created, which defines a standard format for encryption keys and messages.
Although PGP was originally used only to protect emails and related attachments, it has now been used in various major fields, including digital signatures, disk encryption integrity verification and network protection.
The PGP software copyright was originally owned by PGP Company, which was later acquired by Network Associates. In 2010, Symantec acquired PGP for US$300 million, and the trademark has been used for its OpenPGP-compatible products.
PGP is the first large-scale application software to implement public key cryptography one. It uses a hybrid cryptosystem architecture that uses symmetric and asymmetric encryption to achieve a high level of security.
In the basic process of encrypting content, plaintext (data that can be clearly understood) is converted into ciphertext (data that cannot be read). But before encryption, most PGP systems perform data compression. PGP software compresses plain text files before transmitting them, saving disk space and transmission time while also improving security.
After the file is compressed, the actual encryption begins. At this stage, the compressed plaintext file is encrypted using a one-time key, called the session key. The key is randomly generated using symmetric encryption, and each PGP communication session has a unique session key.
Next, the session key (1) itself is encrypted using asymmetric encryption: the receiver (Bob) gives his public key (2) to the sender of the message (Alice) ) so that she can encrypt the session key. This step allows Alice to securely share the session key with Bob over the Internet, regardless of the security conditions they are in.
Asymmetric encryption of session keys is usually done using the RSA algorithm. Many other encryption systems use RSA for encryption, including the Transport Layer Security (TLS) protocol used to protect most Internet applications.
After Bob receives the ciphertext of the message and the encrypted session key, he can use his private key (3) to decrypt the session key, and then use the decrypted session key Decrypt the ciphertext to obtain the plaintext.
In addition to the basic functions of encryption and decryption, PGP also supports digital signatures, which has at least the following three functions:
Authentication: Bob can verify whether the sender of the email is indeed Alice.
Integrity: Bob can be sure that the message has not been changed.
Non-repudiation: After digitally signing the email, Alice cannot deny that she did not send the email.
One of the most common uses of PGP One is to protect email. A PGP-protected email will become an unreadable string of characters (ciphertext) and can only be decrypted using the corresponding decryption key. The working mechanism is the same as encrypting text messages, and there are also software applications that support the implementation of PGP functions on top of other applications, effectively adding encryption capabilities to unreliable secure communications.
Although PGP is mainly used to protect Internet communications, it can also be used to encrypt various types of devices. In this article, PGP can be used to encrypt disk partitions of computers or mobile devices. By encrypting the hard drive, users are asked to provide their password every time the system starts.
Due to the combination of symmetric and asymmetric encryption, PGP enables users to communicate over the Internet Share information and encryption keys securely. As a hybrid system, PGP benefits from the security of asymmetric encryption and the timeliness of symmetric encryption. In addition to security and timeliness, PGP is also able to provide digital signature capabilities to ensure data integrity and sender authenticity.
The OpenPGP protocol can be used in a standardized environment, and PGP solutions are now available with technical support from multiple companies and organizations. However, all PGP programs that conform to the OpenPGP standard are compatible with each other. This means that files and keys generated in one program can be used in another program.
In terms of disadvantages, it is not easy to use and understand the PGP system, especially for users with little technical knowledge. Furthermore, the length of the public key is considered very user-inconvenient.
In 2018, the Electronic Frontier Foundation (EFF) released a critical vulnerability called EFAIL. EFAIL allows an attacker to exploit HTML connections in encrypted emails to access plain text messages.
However, since the late 1990s, the PFA community has been aware of a series of problems described by EFAIL. In fact, these vulnerabilities are related to the way the email client is implemented. , and has nothing to do with PGP itself. Therefore, despite the shocking and misleading breaking news, PGP encryption has not been broken and it remains highly secure.
Since its development in 1991, PGP has been used for data protection An important tool, it is now widely used in various fields to provide privacy, security and authentication protection for most communication systems and digital service providers.
While the discovery of the EFAIL vulnerability in 2018 raised significant concerns about the security of the protocol, its core technology remains robust and encrypted. It is worth noting that different PGP implementations can also provide different levels of security.