Applied Cryptography :
Protocols, Algorithms, and Source Code in C, by B. Schneier
NOTE: This information, as well as the information in the file What Is Pretty Good Privacy? relates to an outdated version of PGP, version 2.6.2. The information has been left here for archival purposes and so that you can get a more indepth feel for how PGP works. For the latest version of PGP, go to the official PGP Website. (The web site changes occasionally. If you don't see any info about PGP, just do a search of the web site for "PGP".)
WHAT IS PGP AND HOW DOES IT WORK?
First, PGP is the abbreviation of Pretty Good Privacy, a software security package written by Phil Zimmerman of Pretty Good Privacy, Inc. Second, the name 'Pretty Good' is a trademark of Phil Zimmerman so don't use it in the name of your own products. Also, even though the PGP software package is free, it is still copyrighted by Phil so you can't legally change it, rename it, or claim it as your own. Other parts of the software are copyrighted by Public Key Partners, AscomTech AG (Switzerland), and the Massachusetts Institute of Technology (MIT).
Now that we have the legal stuff out of the way, let's talk about what PGP is and how it works. Don't worry, I'll keep away from jargon and talk in plain English or at least define the jargon that I do use. If I use words you don't understand, feel free to send email to me at wepin@wepin.com. I'll send you an explanation in plainer English by return email. Since I have included my PGP public key at the end of this file, you can even encrypt your message to me if you want.
Pretty Good Privacy, Inc. has a new version of PGP out but it only works under Windows 95 or Windows NT. The new version supports significant improvements in user friendliness and functionality so if you have Windows 95 or Windows NT, I recommend that you purchase it directly (a freeware version is available for personal use only) from Pretty Good Privacy, Inc. If you are still using Windows 3.x or MS-DOS, then you will need to use PGP V2.6.2 which you can download from this site for free or you can download a free copy from Pretty Good Privacy, Inc.
PGP is a highly sophisticated high-security public key encryption system. Let's talk about each of the terms in the previous sentence one at a time starting at the end of the sentence and working our way back.
Encryption is the science of secret writing. The basic purpose of encryption is to hide the meaning of a message from all but the sender and the intended recipient. Many encryption methods have been developed over the centuries. Some are pretty good and some are easy to break. (Breaking an encryption system means that someone other than the sender or the intended recipient can determine the meaning of an encrypted message.) One very simple encryption system is called the simple substitution cipher. (Cipher is another word for encryption.)
You may have seen an example of a simple substitution cipher in your daily newspaper. It's usually called a cryptogram. In the simple substitution cipher, each letter of the alphabet is assigned another letter of the alphabet. When a message is to be encrypted, each letter in the plaintext message is replaced with the substitute letter. The resulting message is called the ciphertext. For example, we may decide to shift each letter one position so that 'A' becomes 'B', 'B' becomes 'C', 'C' becomes 'D', etc. The last letter in the alphabet, 'Z' then becomes 'A'. This method is usually referred to as a rotation and the number of letters shifted is the key that allows the recipient to decrypt the message. An example of this key, usually called rot1 may help to clarify this method. Let's say we would like to encrypt the message 'Hello' using the key 'rot1'. Here's how we would go about it:
plaintext: H E L L O (This method only uses capital letters)
| | | | | (Shift each letter one position to the right)
ciphertext: I F M M P
We could now send the ciphertext 'IFMMP' as a normal message thru unsecure channels and the recipient would decrypt the ciphertext as follows:
ciphertext: I F M M P
| | | | | (Shift each letter one position to the left)
plaintext: H E L L O
The simple substitution cipher can be used to illustrate many of the principles of encryption systems. A more detailed description of this cipher along with an analysis of some of its problems is included in Appendix A for those of you who really want to know. By the way, any method of encryption that requires the sender and recipient to use the same key is called conventional encryption. This term will come up again later in this report.
The second term in our definition of PGP is the term public key. You may have noticed a problem with conventional encryption when we were discussing the simple substitution cipher. How does the recipient know which key to use to decrypt the message? An obvious solution is to give the recipient the key before the message is sent. But how do you do that in a secure manner so that potential 'spies' don't also get it? This is a major problem with conventional encryption and is the primary reason why encryption has not been used more in business applications. Until now, that is. PGP allows you to have two keys. Either key can encrypt a message that the other key can decrypt but neither key can decrypt it's own messages. How's that again? Let's try another example to see if that helps.
(I will not use the actual algorithm in this example as it requires that you know some fairly sophisticated mathematics. I will just use 'magic' to get from one step to another. Those of you really interested in the math can read some of the books listed under 'Further Study'. The rest of us will just be satisfied with the 'magic' method.)
Let's say that you want to send the same message as above, 'Hello', to the same recipient, only this time we will use a public key system.
You will first obtain one of the recipient's keys. (We will discuss which key and how you get it in a moment.) You will then encrypt your message using the recipient's key. Let's say that the result of the encryption is as follows:
plaintext: H E L L O
| | | | | (This is where the 'magic' happens)
ciphertext: X D K S I
Just to check out our system, let's try to decrypt the message using the same key we just used to encrypt the message. We might get something like this:
ciphertext: X D K S I
| | | | | (More 'magic')
garbagetext: F C W I K
As you can see, the key does not yield the original message. Now we send the ciphertext (XDKSI) to the recipient who now uses his other key to decrypt the message. Here's what happens when he does that:
ciphertext: X D K S I
| | | | | (More 'magic')
plaintext: H E L L O
To summarize, there are two matching keys. Each key can encrypt a message that can be decrypted by the other matching key but no other key INCLUDING THE KEY USED TO ENCRYPT the message is able to decrypt it. What are the ramifications of this?
First, since the key used to encrypt messages cannot be used to decrypt the same message, that key can be freely distributed to anyone. It can even be made publicly available so that anyone who cares to can get it. This means that someone who has never met you and has had no previous contact with you can send you an encrypted message that only you, as the holder of the matching key, can read. And you can do the same by getting someone else's key. You can then send them an encrypted message that only that person can read. PGP implements the public key system and PGP keys are freely available on several key servers accessible over the internet.
Now you may have already figured out that it is CRITICAL that you keep the two keys straight. It doesn't matter which key is distributed publicly and which one you keep. However, once that decision is made, you must NEVER distribute the one you decided to keep. To make this easier, the keys are generated in key pairs and one is arbitrarily called the private or secret key and the other is called the public key. From now on, we will refer to the key you distribute as the public key and the key you keep as the secret key.
Another thing that the public key system makes possible is digital signatures. By encrypting a message with your secret key, anyone can decrypt it using your public key thereby proving that you were the only person who could have written the message, assuming of course that you have kept your secret key secret. Just in case you missed it, you must keep your secret key secret. You mustn't reveal your secret key to anyone. Have you got it or do I need to repeat it again? KEEP YOUR SECRET KEY SECRET!
High security is another term in our definition of PGP. What do we mean by high security? First, let's consider a low security system, the simple substitution cipher. Since there are only 26 letters in the alphabet, there are only 25 ways in which to encrypt a message (rot1, rot2, . . . , rot25). These 25 'keys' comprise the key space of the simple substitution cipher. It wouldn't take very long to try each possible key and thus break the system. So one way to increase the security of our encryption system is to increase the key space. To illustrate, we could increase the key space of the simple substitution cipher by allowing the use of numbers and lower case letters.
Another way to increase the security of encryption is to use a better algorithm (method) that makes it more difficult to determine if you have discovered the correct key. We could significantly improve the simple substitution cipher by figuring out a way to change the key for each letter of a message rather than for each message. The most secure encryption system ever invented, called the one-time pad, uses a random sequence of characters for the substitution alphabet rather than a 'rotated' alphabet. (The key is the random alphabet itself and both sender and recipient must have an identical copy.) In the one-time pad system, 'A' might be changed to 'F' one time and 'Z' the next time.
PGP actually uses a conventional encryption scheme called 'IDEA' to encrypt a message. IDEA has a large key space and a pseudo-random (as opposed to a truly random) substitution alphabet. PGP generates a random key for each message to be encrypted and then uses IDEA to do the actual message encryption. The key is then encrypted using the public key system and sent along with the message. (This method makes the process a lot faster than using the public key system for the entire message.)
The public key algorithm used by PGP is the RSA algorithm, named after the three inventors Rivest, Shamir, and Adelman. The RSA algorithm is based on the difficulty of factoring large prime numbers. (I told you there was some sophisticated math involved.) Suffice to say that the world's best cryptanalysts (people who try to break encryption systems) have tried to break the RSA algorithm for several years and have been unsuccessful. That is good enough for those of us who don't understand the math. (I'm one of them.)
PGP itself has been analyzed and attacked by the same cryptanalysts who are attacking the RSA algorithm and it has so far withstood all attempts. This is about the best indication of a secure system as we are likely to get. (Some commercial software has not fared so well. For example, the encryption available in an early version of Word Perfect can be broken by a freeware program in a few seconds.)
In summary, PGP's implementation of the RSA algorithm and the IDEA algorithm has so far withstood the test of time and attacks by professionals. If anyone, with the possible exception of the National Security Agency, ever does break it the news will be all over the world. As long as you don't hear anything, you can assume that PGP is still secure. In fact, even if you do hear some things, don't panic. There are always rumors of someone having broken PGP floating around in Cyberspace. So far, the rumors have proven to be false. If you hear a rumor, check it out with someone you trust before you panic.
The last term in our definition of PGP is highly sophisticated. One of the dictionary definitions of sophisticated is "highly complex, refined, or developed; characterized by advanced form, technique, etc." That pretty well describes PGP. PGP uses highly complex algorithms (techniques) such as RSA and IDEA, and wraps these in an advanced software package that makes it possible for normal computer users to use these advanced techniques in a secure manner. While the software package is not very user friendly, it does make the algorithms much easier to use than if they were implemented on their own and PGP prevents you from making some of the easy mistakes that would compromise the security of your encryption. There are still some mistakes that you can make but the most common ones are prevented.
Now that you know a bit about how PGP works and, presumably, have decided to start using it, the first thing you need to do is to get a copy. PGP V2.6.2 is freeware which means you won't have to pay for it but it also means that you won't be able to pick it up at the local retail computer store. (You can pay for a copy of the Windows 95/NT version of PGP from Pretty Good Privacy, Inc.) PGP V2.6.2 is so available in Cyberspace that it's almost embarrassing but if you don't know where to look you'll never find it.
Before you start looking for a copy of PGP, you need to figure out which version is legal for your individual situation. The legal status of PGP is somewhat complex and convoluted, due mainly to some insane US export regulations, but you can be pretty safe by placing yourself into one of three categories which will determine which version you should look for. Here are the categories.
What if you are a non-US citizen living or working in the US or a US citizen living or working outside the US? These are tricky situations. The laws of the US and other countries regarding possession, use, and transport of encryption technology is, to quote Mr Spock, "Most illogical!" If you ask ten different people what you should do in these situations, you will probably get ten different answers. My advice is to use your best judgment and keep a low profile.
There are several ways to find and obtain copies of PGP. The only way to get the commercial version is to buy it from Pretty Good Privacy, Inc and they will send you a package containing a diskette and some printed documentation. For the other versions, you will need to locate a source in Cyberspace and transfer the file to your computer in some way. I will discuss three ways to find and get PGP in this report: using the World Wide Web; using FTP; and a way to get PGP if all else fails. The versions you get in these ways contain not only the software but also the documentation. You may also come across a version that contains the 'C' source code. You can get that one if you want but it is not necessary unless you are a programmer/cryptanalyst and want to check out the code for yourself.
You will also need a copy of PKUNZIP to decompress the PGP files. The latest version is 2.04g. Earlier versions will not work. If you don't have PKUNZIP, you can usually locate a copy in the same places where PGP is found. If you have trouble with finding a copy, see the section below titled 'If All Else Fails' and it will tell you an easy way to get what you need. If you're strictly a Windows person, you can get a copy of WinZip which will do the same job as PKUNZIP.
Download What You Need From WEPIN Store
All the software you need is available for download from this Web site (WEPIN Store). You can find it plus instructions on what to download and how to download it at http://www.wepin.com/pgp/pgpuse.html
Purchase a Copy from PGP, Inc.
As noted earlier in this document, Pretty Good Privacy, Inc sells a new version of PGP for Windows 95 and Windows NT. You can also get a free version for personal use as well as a copy of PGP V2.6.2. Follow the links to 'Products' and then to 'PGP Freeware Products'.
The World Wide Web, abbreviated WWW or the Web, is the latest advancement in ways to enter and travel in Cyberspace. If you have and can use Microsoft Explorer or Netscape and have access to an internet service provider, use it. It is by far the easiest way to navigate Cyberspace. Just go to one of the search engines, Alta Vista is a good one, and search for Pretty Good Privacy, PGP, PGP 2.6.2, and any other combinations you can think of. You should find lots of pages with PGP available for download. If you do not have an internet service provider, the section 'If All Else Fails' explains how to order a diskette with PGP on it.
When you use the WWW to download a copy of PGP, you are actually using FTP. It is just made easier by connecting you to a server. If you don't have access to the WWW but you do have access to the internet that allows you to use FTP, then you can use FTP to get your copy of PGP. There are too many different FTP access methods for me to cover them all in this report. If you know how to use your version of FTP, then I will tell you where you can go to find copies of PGP. If you are unsure of how to use FTP, then you are probably better off using one of the other methods.
Here are some places to look for PGP. The FTP site name is presented first followed by the directory (in parentheses) you need to look in to find PGP. If you are looking for a US-legal version, look for a file named PGP262.ZIP. Otherwise, look for a file named PGP26UI.ZIP. The filename of the non-US version changes occasionally, so look for something similar to that given. For a Macintosh version, look for a file with 'macpgp' in the name. You can also use various gopher servers to locate FTP sites that have PGP available.
nic.funet.fi (pub/unix/security/crypt/cryptography/pgp)
ghost.dsi.unimi.it (pub/security)
src.doc.ic.ac.uk (computing/security/PGP)
ftp.mantis.co.uk (/pub/cryptography)
If you just can't figure out how to get PGP using the WWW or FTP, here's how you can get it. This assumes that you have an MS-DOS computer and a 3.5" disk drive. It is helpful if you are running Windows. If you are not running Windows, don't worry about it. Here's what you need to do:
You can send a request for 'PGP Diskette' along with 31 gAg (grams of silver - approx 1 ounce) or US$5.00 (make check or money order payable to 'WEPIN') to:
West El Paso Information Network
6112 N. Mesa #218
El Paso {79912}
TexasWe will send you a diskette with PGP and PKUNZIP on it. We will also include instructions on how to install everything.
PGP is not noted for being 'user-friendly'. It has a 'command-line' interface which means you have to know some arcane and somewhat arbitrary commands and understand how options are entered in order to use PGP by itself. Several people have written 'shells' or 'front-ends' for PGP to make it easier to use. Some of these front-ends are good and some are not so good. Here are our recommendations.
Before going on, you need to understand some terminology. Software written for Windows 3.1 or WFW 3.11 is written to use the capabilities of the 80386 processor. The 80386 processor uses a 16-bit bus. Thus, software written for this processor is sometimes referred to as 16-bit software. Most of this software will run on the later processors. Software written for Windows 95 or Windows NT, on the other hand, is designed to use the capabilities of the 80486 and later processors. These processors use a 32-bit bus. Thus, software written for these processors are sometimes referred to as 32-bit software. Most 32-bit software will not run on 16-bit processors. In summary, 16-bit software is written for Windows 3.1 or WFW 3.11 and may, or may not, run under Windows 95 and Windows NT. 32-bit software is written for Windows 95 and Windows NT and probably will not run under Windows 3.1 or WFW 3.11.
PGP Winfront is one of the better frontends for PGP that I have discovered. You can download PGP WinFront from WEPIN Store (this web site) or you can look for it on other Web sites. (You will also need some Visual Basic runtime routines. Download vbstuff.zip, decompress it using pkunzip, and put the resulting files into your windows/system directory.) PGP WinFront not only allows you to use about 99% of the PGP commands from a graphical Windows inteface, it also contains the PGP documentation in the form of a Windows help file. This makes the PGP documentation much easier to use and PGP WinFront is worth having just for this feature. PGP WinFront is 16-bit software but should run ok under Windows 95 or Windows NT. However, I run WFW 3.11 so I can't check it out. If you try to use PGP WinFront with Windows 95 or Windows NT and you run into problems, please let me know by sending email to wepin@wepin.com so I can update this information.
You can send a request for 'PGP Winfront Diskette' along with 31 gAg (grams of silver - approx 1 ounce) or US$5.00 (make check or money order payable to 'WEPIN') to:
West El Paso Information Network
6112 N. Mesa #218
El Paso {79912}
TexasWe will send you a diskette with PGP Winfront, VBSTUFF, and PKUNZIP on it. We will also include instructions on how to install everything.
The most useful front end that I have found for PGP is called PGPClick. It only implements a few of the PGP commands but they are the ones you will use most often if you use PGP to encrypt/decrypt email. It works as follows. From any Windows application, cut the text you wish to encrypt. Click on the closed padlock icon in PGPClick. Enter passphrases, public keys, etc as requested. Paste the encrypted text back into the Windows application. Believe me, this is even easier than it sounds. Once you get used to using PGPClick, you will find yourself sending more and more encrypted messages. There are two versions of PGPClick: the 16-bit version (pgpclk16.zip) for use with Windows 3.1 or WFW 3.11 and the 32-bit version (pgpclk32.zip) for use with Windows 95 or Windows NT. Just unzip the appropriate version into a new subdirectory. Each version requires additional Visual Basic routines to run. As with PGPClick, there are two versions: the 16-bit version (vb4run16.exe) for use with Windows 3.1 or WFW 3.11 and the 32-bit version (vb4r32p.exe) for use with Windows 95 or Windows NT. (The Visual Basic routines are self-extracting archives. Just execute (run) the files and the Visual Basic routines will be installed in the proper locations automatically.)
You can send a request for 'PGP Click Diskette', specifying whether you want the 16-bit version or the 32-bit version, along with 62 gAg (grams of silver - approx 2 ounces) or US$10.00 (make check or money order payable to 'WEPIN') to:
West El Paso Information Network
6112 N. Mesa #218
El Paso {79912}
TexasWe will send you two diskettes with PGP Click, Visual BASIC runtime routines, and PKUNZIP on it. We will also include instructions on how to install everything.
This section assumes that you have somehow obtained a copy of PGP in a compressed (*.zip) format. This section further assumes that you will be installing PGP on your c: drive. If you want to install it on some other drive, just substitute that drive designator for 'c:' in the following instructions.
Somewhere on your hard disk or on a floppy disk you should have a file named 'pgp262.zip'. If you obtained a non-US version of PGP, the filename will be different but still should begin with 'pgp' and end with '.zip' as, for example, 'pgp26i.zip'. If you obtained a copy of PGP from Pretty Good Privacy, Inc, you should use their installation instructions and then continue with the next section of this report.
If you obtained PGP from West El Paso Information Network, use the instructions that came with the diskette and then continue with the next section of this report.
Here are the steps we will describe in more detail below:
In the remainder of this report, when I tell you to enter something, I mean to enter the text indicated followed by pressing the <Enter> key. The brackets <> indicates that those characters, or something very similar, appear on the keycaps of a key you are to press. For example, press <Enter> means to locate a key with the word 'Enter' on it and press that key, NOT to type E-n-t-e-r. As another example, press <Alt> means to locate a key labeled 'Alt' and press it.
Step 1. Create a subdirectory 'c:\pgp'.
If you are using Windows, exit Windows and obtain a DOS prompt.
From the DOS prompt ('c:>'), enter 'cd \'.
Enter 'md pgp'.
Step 2. Copy 'pgp262.zip' into the new subdirectory.
Change to the drive and directory where 'pgp262.zip' is located.
From the DOS prompt, enter 'copy pgp262.zip c:\pgp'.
From the DOS prompt, enter 'cd \pgp'.
Step 3. Unzip the file 'pgp262.zip'.
If you already have PKUNZIP in your DOS path:
Enter 'pkunzip pgp262.zip'. After pkunzip is finished,
Enter 'pkunzip pgp262i.zip'. (This is an important step.)If you do NOT have PKUNZIP installed:
Use the procedure in Step 2 to copy 'pkunzip.exe' to 'c:\pgp'.
Enter 'pkunzip pgp262.zip'. After pkunzip is finished,
Enter 'pkunzip pgp262i.zip'. (This is an important step.)
Step 4. Make changes to your 'autoexec.bat' file.
Determine your time zone designator as follows:
The first three characters are the abbreviation for your standard time, i.e., PST for Pacific Standard Time, MST for Mountain Standard Time, CST for Central Standard Time, and EST for Eastern Standard Time. These can be any three characters so if you live in a strange time zone feel free to make up an abbreviation for it.
The next 1 or 2 characters is the number of hours your time zone is west of Greenwich Mean Time (in England). For example, PST is 8 hours west of GMT, so the next digit is '8'. As another example, EST is 5 hours West of GMT. Half-hours are not supported so if you live in a time zone that uses half-hours, just pick the closest integer.
The next three characters are the abbreviation for your daylight savings time, i.e., PDT for Pacific Daylight Time. If your area (such as Arizona) does not use Daylight Savings Time, then don't put anything after the number of hours. Here again, these characters can be anything.
Write down the result of the above. We will refer to it below as the 'tzvariable'. As an example, the tzvariable for California would be 'PST8PDT' and for Arizona it would be 'MST7'.
Enter 'cd \'.
Enter 'edit autoexec.bat'. NOTE: If you are using Windows 95 or Windows NT, you may have to use a different editor. The commands may be different but the process is the same.
Insert the following two lines at the beginning of the file:
SET PGPPath=c:\pgp
SET TZ=<tzvariable> (for California, SET TZ=PST8PDT)If there is a line in the file that starts with 'PATH=', then add to the end of that line ';c:\pgp'. The semicolon (;) is important.
If there is no line that starts with 'PATH=' then add the following line to the beginning of the file:
PATH=c:\pgp
Type '<Alt>FXY' (not necessary to press <Enter>) or use your mouse to exit the editor and save the changed file.
This completes the installation of the software. You are now ready to proceed with learning how to use PGP. You may now restart Windows if you wish but the rest of the report assumes you are NOT running Windows unless specifically stated.
GENERATING A PUBLIC/SECRET KEY PAIR
This section assumes that you have successfully obtained and installed a copy of PGP. It also assumes that you are using the MS-DOS version of PGP. If you are using some version other than the MS-DOS version, you should still be able to figure out what to do by comparing these instructions with the instructions for using your version. Also note that some of the responses you will get may be different from the MS-DOS version.
One of the first things you need to do with your new copy of PGP is to generate a public/secret keypair. You can then give the public one to anyone who wants to send you encrypted email and you can use the secret one to decrypt it. You will probably make some mistakes while you are learning to use PGP so I recommend that you follow the examples exactly even to the point of using the example user IDs, key sizes, and passphrases while you are learning. Then you can throw away that keypair and start over this time using all you've learned to make both the keys and your passphrases more secure. First, I will explain what is going to happen when you generate a keypair and then we will go thru the actual process.
When you start the PGP key generation process, you will first be asked what size key you want. The larger the size, the better the security but for purposes of learning, we will select a key size of 512 bits. We will discuss key sizes in more detail in the next section.
Next you will be asked for a user ID to be associated with the key. It is customary to use your real name with your normal email address in brackets. You're not required to do this, it is just customary. For example, if your name is 'John Smith', you might select as your user id 'John Smith <jsmith@goodhost.edu>.
You will next be asked for a passphrase to protect your secret key. Selection of a passphrase is extremely important and must be carefully considered. We will discuss passphrases in more detail after we discuss key sizes. For now, we will pick something short and obvious as long as we understand this keypair is for testing and learning only.
PGP needs to generate a random number to use in the key generation process. This number is generated by measuring the slight differences in the time between your keystrokes. PGP will ask you to start typing until you hear a beep. What you type is irrelevant. Just start typing anything until PGP has collected enough information.
Finally, PGP will start generating a keypair. This can be a fairly long process. It will not take long to generate the short 512-bit key we are using to learn PGP but when you generate a 'real' key of, say, 1024 bits or 2047 bits, it may take quite a while. By the way, PGP on most platforms can generate a maximum key size of 2048 bits while the maximum keysize on an MS-DOS platform is 2047 bits. While PGP is working, you will see periods (.) and asterisks (*) appearing on your screen. This is telling you that PGP is still working. Just be patient. You only have to go thru this process once. When PGP is finished, you will see the message, "Key generation completed" and you are ready to start using your new keypair.
As part of the key generation process, PGP will create public and secret key rings if you don't already have them and will add your new keys to the key rings. The key rings are maintained in files named pubring.pgp and secring.pgp in the c:\pgp directory. You can use key rings of different names but that is an advanced concept best left for later. The two key rings should be backed up occasionally.
After you have generated your keypair, you will sign your public key using your secret key. This prevents someone else from modifying your key and should always be done before you distribute your key to anyone.
Now that we have some idea of what we will be going thru, let's go through the actual process of creating a keypair. You may want to print out these instructions as you will be working in DOS and will not be able to view the instructions at the same time. Ready? Let's go!
Ensure that you are at a DOS prompt on the c:drive (or the drive where you installed PGP).
Enter 'cd \pgp'. This gets us into the correct directory.
Enter 'pgp -kg'. This is a command to PGP to generate a keypair. PGP will display:Pretty Good Privacy(tm) 2.6.2 - Public-key encryption for the masses. (c) 1990-1994 Philip Zimmermann, Phil's Pretty Good Software. 11 Oct 94 Uses the RSAREF(tm) Toolkit, which is copyright RSA Data Security, Inc. Distributed by the Massachusetts Institute of Technology.
Export of this software may be restricted by the U.S. government. Current time: 1995/02/14 22:36 GMT
Pick your RSA key size:
1) 512 bits- Low commercial grade, fast but less secure
2) 768 bits- High commercial grade, medium speed, good security
3) 1024 bits- "Military" grade, slow, highest securityChoose 1, 2, or 3, or enter desired number of bits:
Enter '1'. This generates the least secure keypair. PGP will display:
Generating an RSA key with a 512-bit modulus.
You need a user ID for your public key. The desired form for this user ID is your name, followed by your E-mail address enclosed in <angle brackets>, if you have an E-mail address. For example: John Q. Smith <12345.6789@compuserve.com>. PGP will display:
Enter a user ID for your public key:
Enter John Q. Smith <12345.6789@compuserve.com> as your user id. PGP will display:
You need a pass phrase to protect your RSA secret key.
Your pass phrase can be any sentence or phrase and may have many words, spaces, punctuation, or any other printable characters. PGP will display:
Enter pass phrase:
Enter Passphrase as your passphrase. PGP will display:
Enter same pass phrase again:
Enter Passphrase again to verify that you entered it correctly. PGP will display:
We need to generate 82 random bits. This is done by measuring the time intervals between your keystrokes. Please enter some random text on your keyboard until you hear the beep:
82
Type random characters on your keyboard until PGP beeps and displays:
0 * -Enough, thank you. ................**** ..**** Key generation completed.
c:\pgp>
When PGP displays the message, 'Key generation completed' and returns you to the DOS prompt, your new keypair has been generated and added to your public and secret key rings.
To verify that your key has been correctly generated, Enter 'pgp -kv'. This is a command to view your public key ring. You should see something like:
Type bits/keyID Date User ID pub 512/BDEFE971 1995/02/10 John Q. Smith <12345.6789@compuserve.com>
The keyID and the Date will of course be different but otherwise your copy of PGP should display something very close to the above. If it does, then you are ready to press on with the rest of the report. If not, please send email to wepin@wepin.com explaining what you did see and I'll see if I can help you out.
Now that you have a keypair, you need to sign the public one using the secret one. Enter:
pgp -ks "John Q. Smith"
PGP will display something similar to:
Looking for key for user 'John Q. Smith':
Key for user ID: John Q. Smith <12345.6789@compuserve.com>
512-bit key, Key ID BDEFE971, created 1995/02/10
Key fingerprint=8C 25 43 83 D4 19 50 22 6A 76 14 C4 3B 37 19 33READ CAREFULLY: Based on your own direct first-hand knowledge, are you absolutely certain that you are prepared to solemnly certify that the above public key actually belongs to the user specified by the above user ID (y/N)?
Since the key you are signing is your key, you should have no qualms about answering the above question with a 'y'. After you enter 'y', PGP will display:
You need a pass phrase to unlock your RSA secret key.
Key for user ID "John Q. Smith <12345.6789@compuserve.com>"
Enter pass phrase:
After you enter the passphrase (Passphrase, remember?) PGP will add a signature certificate to your key. This signs your public key and makes it impossible for anyone to make undetected changes to your public key (unless they have your secret key, of course).
That's it. You now have a secure public/secret keypair. Remember to keep it secret. Do not give your secret key to anyone!
As noted in the previous section, key size is one of the factors determining how secure your keypair is. Let's talk about key size for a few minutes.
The security of the RSA algorithm is based on the difficulty of factoring large prime numbers. Using the best available known factoring methods, it turns out that adding one bit to the key size approximately doubles the difficulty of factoring the associated prime number.
A recent worldwide effort using hundreds of computers and thousands of hours of computer time managed to break a 129-digit (approximately 483 bits) RSA key in about a year. Since our lowest security key size (512 bits) is 29 bits larger, it should take about two-to-the-power-of-29 times as long to break it. Two-to-the-power-of-29 equals 536,870,912 which means that using the same system that was used to break the 483-bit key would take over 500 million years to break.
Of course, rumors abound that the National Security Agency (NSA) can factor large prime numbers much faster using massively-parallel computers and secret factoring methods. Let's say, just for arguments sake, that NSA can break a 483-bit key in 1 second. Then it would take them about 500-million times as long to break a 512-bit key which works out to about 17 YEARS to break one relatively weak key. Now NSA might be willing to expend this much effort to break a key if they thought it would reveal something extremely important to national security but there is no way they can expend that much effort on every encrypted message being sent every day on the internet. Plus, most people use keys of 1024 bits which is two-to-the-power-of-512 times as difficult to break as a 512-bit key. If you use a key size of 1024 bits, you will be relatively safe for the foreseeable future.
If you are really really paranoid, you can generate even larger keys. When PGP asks you what key size you want, you can enter 1 for 512 bits, 2 for 768 bits, and 3 for 1024 bits, or you can enter a four-digit number up to 2048 to get a key of that size. Be aware, though, that there are some older versions of PGP still in use that cannot handle 2048-bit keys so my recommendation is to use 1024 bits or 2047 bits for now. A 1024-bit key provides sufficient security that other factors such as how you select and protect your passphrase becomes more important than the key size.
A more detailed and technical discussion of passphrases is available on the WEPIN Store Web site (this web site).
Selecting and protecting passphrases is where most people significantly weaken the protection provided by PGP. A passPHRASE is similar to a passWORD except that PGP allows you have a passPHRASE of up to 100 characters so passWORD hardly seems adequate. PGP uses your passphrase to protect the privacy of your secret key. As noted earlier, protection of your secret key is CRITICAL to the security of PGP.
Since the passphrase is used in this way, we should spend some time discussing how to select one and how to protect it once selected.
Someone who is seriously trying to guess your passphrase will use one or more methods technically referred to as cryptoanalytic attacks (another 3-dollar phrase). Here are some of the ways in which your passphrase can be guessed.
Dictionary Attack. This is more than just trying every word in a Webster's dictionary although it starts with that. For one thing, a dictionary of every language ever known, living or dead, is included in the computerized database used for a serious dictionary attack. Then, they go on to include common phrases used in every language they know about including common misspellings and common 'misquotes' of common phrases. A good database will also include common phrases from many well known works of literature such as the Bible, the Koran, Shakespeare's plays, The Odessey, etc. A list of all possible telephone number combinations and all possible birthdates are also included. In short, anything that just about anybody has ever thought about to use as a passphrase is probably included in a good database used for a dictionary attack.
Personal Information Attack. Knowing that many people will use personal information as a passphrase (because it is easy to remember), an attacker will usually attempt to use this information to guess your passphrase. For example, he will attempt to use your account user ID as a password. (It's amazing how often that works!) He will also attempt to use your name (various spellings), names of your wife, your kids, and your pets, birthdates of your wife, your kids, and your pets, your anniversary date, pet names you call your wife, pet names your wife calls you, . . . Well, you get the idea. If your passphrase has any connection with your personal life, it will probably be attempted.
Over The Shoulder Attack. This is one of the easiest attacks especially for a beginning attacker. The attacker will place himself in a position to watch you type and then generate a situation in which you will type your passphrase. (Hey, Bob, how does that PGP work anyway? Can you show me how to encrypt a message?) With a little practice, it is really easy to watch someone type something and remember it.
The Trash Can Attack. This attack is less common than it used to be. Back in the days when computer terminals had hard-copy printouts instead of display screens, many people would leave the hard-copy at the terminal after they logged off. The attacker simply has to find the beginning of the session on the hard-copy and read the passphrase. This is a little more difficult if you are using a modern terminal with a video display. However, you still need to be careful that you don't print out something with your passphrase on it.
There are many other attacks as well, but these are the most common ones that you need to protect against. Now that you know some of the theory behind passphrase attacks, what is the best way to select a passphrase and to protect it once it has been selected.
You should consider three factors when selecting a passphrase:
First, here are some things NOT to use as a passphrase or a passWORD for that matter.
Now, here are some principals you should apply when creating a passphrase.
Principals are fine but how the heck do you create a passphrase, anyway? Well, here's a method that I have used in the past and it seems to work reasonably well. Feel free to use it or make up a method of your own.
private#readme.doc%survive
If you apply all the Do's and Don'ts we listed above, you will see that this is a pretty good passphrase.
DON'T FORGET YOUR PASSPHRASE AND DON'T REVEAL IT TO ANYONE FOR ANY REASON. This includes your spouse. If he/she needs one, have them generate their own. Your passphrase is the most personal piece of information you will ever have. Make sure it stays personal.
ADDING PUBLIC KEYS TO YOUR KEY RING
Before you can use PGP to encrypt a message to someone, you have to have the recipient's public PGP key on your public key ring. You will only have your own keys on your secret key ring but you want yours and everyone else's (that you want to send encrypted messages to) on your public key ring. Key rings can be exchanged as binary files but as most of your keys will be sent to you via email, they will usually be in ASCII Armored format. Let's discuss armoring.
When email systems were first being developed, many of the systems assumed that only 7 bits of each 8-bit character would ever be used. This was a reasonable assumption since the American Standard Code for Information Interchange (ASCII) only defines 7 of the bits in each 8-bit word and who would have thought that anyone would want to send binary files as email. Now, of course, it is quite common to send binary files as email but the old 7-bit systems are still around and sometimes your email traverses these systems even though the sending and receiving computers can handle 8-bit characters. This means that binary files do not transfer well as email unless something is done to protect them thru these 7-bit systems. That is what armoring is all about.
There are many methods of sending binary files thru 7-bit systems but, since this is a report on PGP, we will only discuss PGP's method.
There are many specific idiosyncrasies that armoring protects against using various techniques but, basically, armoring takes three 8-bit characters and converts them into four 6-bit 'printable ASCII' characters. This seems like it should make the file bigger but the file is compressed before it is converted so the file is usually shorter after the armoring. But the major effect of the armoring is that you can reliably send binary files thru 7-bit email systems.
What this has to do with key rings is that public keys will usually be sent to you in ASCII Armored format. They will look something like:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2
mQCNAy8G5lIAAAEEAKT/Hd5q2dqyyLbvE/I+GnmuxV+u79lrCAcw8fWxzi1vVQwS
bKF8DjGO+xnPdZAdryPUJoS8yitmc/pE1wFmNWeunCImu81gxhpphgbnq8/nm8/c
3q1i4/0QlofxWphxhFF3b7zQMzS7iiFZL5x7Rget5aRaWnKE855C4hMDAC3JAAUR
tCZEb24gSGVuc29uLCBXRVBJTiA8ZGhlbnNvbkBpdHNuZXQuY29tPrQWV0VQSU4g
PHdlcGluQHNnaXIuY29tPokAlQMFEC8G52h8y4XkPC4ZpQEBkE0EAJxxVkO4ApzO
7tO2Drvbipve5bjNOEvNnpzA+5F7lnLFWddBMsP3C5V8IQ/gituSVDMfhp/D/1nD
6FnJ1sP+LM2SF/wRbL6exuAG0Z74PLTf2UGUzc8/cP3Q/imxXj77voi0Q0UVC1M5
SzvlsGFr8I0W6meUJqSH0a4AYUf3WMKmiQCVAwUQLwbmwp5C4hMDAC3JAQGsZgQA
hnFNMDh9TJmbv5O9Y7KXUkYhKXFX2kFZp0Czx2t/94A0O9XQeRFBrGimrbRm095s
+T+CJ/9C2J+AyV8heOUOGknq4d+1HTWaGlTo/2Zu3Lh0bml7l1ovbE28O7VjMu9l
Biz+X6bgccHs5YyanNLyWIYF/xDgrCklKMN4oOFjrSU=
=EWG6
-----END PGP PUBLIC KEY BLOCK-----
In order to add this key to your public key ring (remember, only your keys go on your secret key ring), you would first delete anything above the line '-----BEGIN PGP PUBLIC KEY BLOCK-----' and save it to a new file. If you don't do this step, PGP will usually get confused and tell you that it didn't find any keys.
Next, you will tell PGP to add a new key to your public key ring by giving it the command and the filename where a new key is located. Let's say we saved the above key in a file named 'newkey.asc'. We would go to the directory where 'newkey.asc' is located and enter:
pgp -ka newkey.asc
and PGP will add the new key to your public key ring. PGP will then ask you several questions to determine how much you trust the key you are adding.
First, you will be asked:
One or more of the new keys are not fully certified.
Do you want to certify any of these keys yourself (y/N)?
Answer 'Yes' if you are willing to certify one or more of the keys to be added. If you certify a key, you are saying that you are confident that the key came from the person indicated. If you answer 'No' here, PGP will not add the key.
Next, the key to be added will be displayed and you will be asked:
Do you want to certify this key yourself (y/N)?
You should answer 'Yes' if you are confident that the key you are adding actually came from the person indicated. You are basically saying that you trust this key for your own use. Again, if you answer 'No', PGP will not add the key to your keyring.
Next, PGP will display the following:
READ CAREFULLY: Based on your own direct first-hand knowledge, are you absolutely certain that you are prepared to solemnly certify that the above public key actually belongs to the user specified by the above user ID (y/N)?
If you answer yes, your signature will be appended to the key which will tell anyone you give the key to that you have certified it. This is used in the 'Web of Trust' that we will discuss later in this report. You will be asked to enter your passphrase to unlock your secret key so PGP can use it to sign the key you are adding. You can answer 'No' here and PGP will add the key to your keyring.
Finally, you will see the following:
Make a determination in your own mind whether this key actually belongs to the person whom you think it belongs to, based on available evidence. If you think it does, then based on your estimate of that person's integrity and competence in key management, answer the following question:
Would you trust "Mike Goldman <damon@telerama.lm.com>" to act as an introducer and certify other people's public keys to you? (1=I don't know. 2=No. 3=Usually. 4=Yes, always.) ?
Note that this is different than asking if you are confident that the key being added is from the person indicated. This question is asking you for your assessment of the person's integrity (Can you trust this person to always tell the truth) and competence in key management (Is this person able to understand and follow the rules of the Web of Trust). If you were to get someone else's key from this person, would you be confident that the other person's key was ok?
Once you answer the previous question, PGP will add the key to your public key ring and you can then use it to send encrypted messages to that person.
Now, for practice and for use in the next section, add the key at the end of this report to your public key ring. If you have any problems with this step, send email to wepin@wepin.com and I'll try to help.
SENDING YOUR FIRST ENCRYPTED MESSAGE
Although PGP's primary function is to encrypt email, it is not an email program. PGP operates on files, nothing else. Many people are working on integrating PGP with off-line readers and on-line email programs but PGP is not very easy to integrate. A new version (V5.0) is now available and that one is much easier to work with but only if you are operating under Windows 95/NT. In the meantime, however, sending encrypted email using PGP is basically a three-step process: create the message as a file, encrypt the file using PGP, email the file. Let's discuss each step separately before we attempt to send encrypted email.
Creating a message as a file should not be a problem. You can use any text editor or word processor to create a message that can be saved as a file. (Note that we are talking about the body of the message here. Creating the message header information such as To:, From:, and Subject: will be done in the third step.) Keep in mind, though, that most email is sent as plain ASCII (plain text). You can send a word processing file but you must be certain that the person on the other end can deal with it. If you are unsure, then plain ASCII is pretty safe. Once the message body is as you want it, just save it as a file and remember the filename you used for the next step.
Before you actually invoke PGP to encrypt a file, you must decide on the options you will be using. During message encryption, there are three options that you need to consider.
1. Do you want to sign the message? This is fairly common even for unencrypted messages so most people do it. It means that the recipient can determine if the message actually came from you. If you want to sign the message, you will add the option 's' to your PGP command. (We will discuss the command in a few minutes.)
2. Is the file text-only? If you are sending a binary file, then you don't add this option. If the file is text-only, you add the option 't' to your PGP command. If you add it and PGP finds non-ASCII data in your file, it will be treated as a binary file anyway, so most people just add the 't' routinely. Use of this option is actually more important when you are clearsigning a message, a procedure we will discuss later in this report.
3. Do you want to ASCII-armor the message? If you are sending the file thru email, then you should add the option 'a' to your PGP command. Otherwise, the encrypted file will be a binary file and will not make it thru many email systems. This option also invokes file compression.
Options are added to a PGP command following a dash (-) character. For example, if we want to encrypt (option 'e') a file, sign it (option 's'), tell PGP the file is text-only (option 't'), and ASCII-armor it (option 'a'), the command for a file named message.txt would be:
pgp -esta message.txt
After you enter this command, PGP will display:
A secret key is required to make a signature. You specified no user ID to select your secret key, so the default user ID and key will be the most recently added key on your secret key ring. You need a pass phrase to unlock your RSA secret key.
Key for user ID "John Q. Smith <12345.6789@compuserve.com>"
Enter pass phrase:
You would then enter your passphrase so that PGP can sign the message. If you omit the 's' option, PGP will not ask for your passphrase. After entering your passphrase, PGP will display:
Enter pass phrase: Pass phrase is good.
Key for user ID: John Q. Smith <12345.6789@compuserve.com> 512-bit key, Key ID BDEFE971, created 1995/02/10
Just a moment....
Recipients' public key(s) will be used to encrypt.
A user ID is required to select the recipient's public key.
Enter the recipient's user ID:
You will now enter the user ID of the person you are sending this encrypted message to. For practice, you can enter your own key or you can use the key for WEPIN that you added as part of your practice in the previous section of this report. If you want to encrypt the message for WEPIN, enter WEPIN's primary email address, wepinsto@colossus.net, as the recipient's user ID. This is the safest way to specify a key as most people include their email address in their user ID and since you will usually be sending email when you want to use a key you will already know the email address. PGP will then display:
Enter the recipient's user ID: wepinsto@colossus.net (you enter this)
Key for user ID: Don Henson, WEPIN <wepinsto@colossus.net> 1024-bit key, Key ID 03002DC9, created 1995/01/01.
Transport armor file: message.asc
and will return you to the DOS prompt. Keep in mind that some of the information displayed may be different depending on the specific information available on your machine.
Now that you have created a message and have encrypted it, you need to get the encrypted file (message.asc in the example above) into the email system. The way to do this will vary depending on your specific email system. Most email systems have some method of inserting a file into a message. In many cases, you can just open the file (message.asc) from within your email editor and either use it directly or 'cut & paste' it to the email message area. In other cases, you may have to logon to your email system and upload the file. If you are limited to DOS, you are pretty much on your own in figuring out how to get the encrypted file into your email system. If you are running Windows, however, things can be made much easier.
If you are running Windows, I encourage you to install PGP WinFront (look for files 'pwf31.zip') and PGPClick (look for file 'pgpclk16.zip' or 'pgpclk32.zip'). You can find these files along with an explanation of what to download for specific system configurations in What is PGP and How Do You Use It?.
PGP WinFront will allow you to access most of the functions of PGP using the standard Windows point-and-click interface. For example, to add a key to your public key ring, you would just double-click on the PGP WinFront icon, click on the <Key Mgmt.> button, click on the name of the file containing the key to be added, and click on the <Go> button. Other functions of PGP are accessed just as easily. It really makes PGP a lot easier to use. Plus, PGP WinFront contains a version of the PGP documentation that is in the standard Windows hypertext help format. This makes the documentation easier to access. PGP WinFront is worth a considerable price but is FREE. It's hard to beat that kind of value.
While PGP WinFront makes the traditional functions of PGP much easier to use, PGP Click makes PGP convenient for use in encrypting, signing, and decrypting email. During normal operations, i.e., not doing key management, you will usually need to do one of the three functions that PGPClip implements: encrypting, signing, and decrypting. It works by doing all the PGP operations on the Windows clipboard and can be used with any Windows application and many DOS applications as long as the DOS application is running in a DOS window. It also implements some key management functions such as adding a public key to your keyring. Here's how you would use it.
Let's say you normally use a Windows-based off-line reader to prepare and read your email. To encrypt and/or sign a message you are preparing, you first create the message as you normally would. When the message is complete but still in the editor, you first save a copy of the message so you will have a plaintext copy for your files (Remember that you cannot decrypt a message once it has been encrypted with someone else's public key). Then you highlight the entire body of the message and 'CUT' it. This removes the plaintext from the editor and places it in the Windows clipboard. Then you double-click on the PGPClick icon, make sure all the options are set, and click on the 'Encrypt/Sign' button. PGPClick will invoke PGP and you will have to enter your passphrase (if you are signing the message) and the user ID of the key you want to use (if you are encrypting the message). When you have entered the required information, the operation is completed and the encrypted/signed text is placed back in the Windows clipboard. Now you go back to your message editor and make sure the cursor is at the beginning of the message body. Activate the Windows PASTE function and the encrypted/signed message text appears in your editor. Now process the message as you would a normal message. The process described is much easier to do than it is to describe. Believe me, this is a great program and is also FREE. I highly recommend it.
I mentioned above that you can also use PGPClick in some DOS applications. Here's how to do that. There is a small constraint when using PGPClick for DOS applications, however. You are limited to encrypting/signing/decrypting whatever will fit in a single window. To encrypt/sign a message from a DOS application (it has to be running in a DOS window), first click on what is normally the 'close box' in the upper left-hand corner of the DOS window. Then click on the 'Edit' menu item. Then click on the 'Mark' menu item. Then highlight the text you want to encrypt/sign. (To highlight the text, position the cursor in the upper left-hand corner of the area to be encrypted/signed. Click and hold the left mouse button while dragging the cursor to the lower right-hand corner of the area to be encrypted/signed. Release the left mouse button.) Press <Enter> to place the highlighted text on the Windows clipboard. Use PGPClick as described above. Delete the text in the DOS application using whatever means is provided in the DOS application. Position the DOS cursor in the upper left-hand corner of the text area. Click on the 'close box'. Click on the 'Edit' menu item. Click on the 'Paste' menu item. This places what was on the Windows clipboard (the encrypted/signed text) back into the DOS application. Continue to process the message as you normally would. If the text you want to encrypt/sign will not fit in a single window, then you will have to use the file technique described earlier in this section.
Now for practice, prepare a message to yourself and encrypt it using the key of "John Q. Smith" that we created for educational purposes. Send it to yourself, if your email system allows that, or just save it as a file (call it 'message.asc') that we can use in the next section to decrypt a message. By the way, it is always a good idea to put the user ID in quotation marks as we did for "John Q. Smith" above. This will ensure that PGP doesn't misinterpret part of the user ID as another part of the command. The quotes are not necessary if there are no spaces in the user ID.
RECEIVING YOUR FIRST ENCRYPTED MESSAGE
PGP has the same problems with user-friendliness on the receive side as it has on the send side. When you receive an encrypted message, you will have to save it to a file, use PGP to decrypt it, and then use a text editor to read it. If you want to save a plaintext copy for your files, you will have to figure out a way to get it back into your email system.
Note that PGP should only be used on your standalone system. Most online systems don't have PGP available anyway but even if they do, DON'T USE IT. If PGP is located on a remote computer, you will have to send your secret passphrase to the remote computer IN THE CLEAR. Anyone who has access to the communications lines or the remote computer can monitor your line and capture your passphrase. If you are receiving email via an on-line system, you will have to download PGP encrypted messages to your standalone system before attempting to decrypt them.
You can recognize a PGP encrypted message because the first line of the encrypted portion will be:
-----BEGIN PGP MESSAGE-----
and you will not be able to read any of the rest of the message until you get to:
-----END PGP MESSAGE-----
Text prior to the BEGIN PGP MESSAGE line tends to confuse PGP so it is a good idea to delete everything prior to that line before trying to decrypt it. Once you have saved the modified file to a temporary filename (I usually use something like 'emsg.asc') then you can decrypt it by changing to the directory where the file is located and entering:
pgp <filename> (for example, pgp emsg.asc)
There are no options required to decrypt. PGP has all the information it needs to figure out what to do next, which is probably asking you for your passphrase so it can access your secret key. If the sender signed the message, PGP will also try to find the appropriate key in your public key ring. If it finds the key, it will verify the signature and report to you that the signature is valid. If it cannot find the key, it will ask you for the name of another key ring file. Assuming you only have one public key ring, just press the <Enter> key and PGP will report that the signature could not be verified.
That's about it for decryption. Let's work our way thru an example using the file you encrypted at the end of the previous section.
Enter pass phrase: Pass phrase is good. Just a moment......
File has signature. Public key is required to check signature. . Good signature from user "John Q. Smith <12345.6789@compuserve.com>". Signature made 1995/02/11 18:42 GMT
Plaintext filename: message
That's all there is to decryption. You should now be capable of using PGP to send and receive encrypted email.
If you are using a Windows application to read your email, then PGPClick can be used to make decryption easier as well. Just cut the encrypted portion of the message, which places the encrypted portion on the clipboard, double-click on the PGPClick icon, click on the 'Decrypt/Verify' button, and after PGP does it's thing, paste the decrypted text back into your email application. Now process the decrypted email as you would normally. Need an example?
You can use PGP to electronically sign your messages. PGP does this in such a way that anyone who has access to your PUBLIC key can verify that the message actually came from you (or from someone who had access to your secret key) and can determine if anything in the message has changed since you signed it. How is this done?
Without getting too technical, PGP first does an MD5 hash of your message. An MD5 hash is like a 'fingerprint' (or checksum if your familiar with that term) of your message but MD5 is sophisticated enough that it can detect the change of a single bit in a message of several thousand characters. This MD5 hash is then encrypted using your PGP secret key and attached to your message. When someone wants to check your signature, PGP first does another MD5 hash of your message (without including the attached encrypted MD5 hash), decrypts the attached MD5 hash using your public pgp key, and compares the two. If the two MD5 hash results are the same, then we have a very high confidence that nothing in the message has changed and since we had to have your public key to check the hash, it must have come from you (or from someone who had access to your secret key).
There are two types of PGP signatures, attached and detached. An attached signature is attached to the message which it signs and becomes an integral part of the message. A detached signature is maintained as a separate file (usually named <something>.sig). One of the purposes of a detached signature is to allow various individuals to sign a message (such as a contract) without also having to sign other people's signatures. Software authors will sometimes include a .sig file which is the signature of their executable file. You can use the signature file to verify that no one has modified the software since the author signed it. Another way to use .sig files is to sign your own software. A later check of the signature will tell you if it has been modified, perhaps by a virus.
Normally, signatures are attached to the message or file which is signed. You can force the signature to be detached by adding the option 'b' to the PGP option list. This will cause the signature to be saved in a separate file with the same name as the signed file but with the file extension of .sig. For example, if we sign the file message.txt with the following command:
pgp -sb message.txt
the result will be the original unmodified file 'message.txt' and another file named 'message.sig' containing the signature of 'message.txt'. Note that in the case of the command above, the signature will be in binary form which means it cannot be sent thru the 7-bit email system. If you need to send it via email, just add the option for ASCII armoring (a) to the option list. For example:
pgp -sba message.txt
will cause the file 'message.sig' to be ASCII armored.
If you receive a message with an attached signature and for some reason you want it to be detached, you can do that with the command:
pgp -b message.txt
The above command will result in any signature file being detached from 'message.txt'. The signature will be saved in a file named 'message.sig'.
To check the signature of a file with a detached signature, give PGP the command to decrypt the signature file. PGP will discover that the signature file doesn't contain anything except a signature and will prompt you for the name of the file to be checked. Entering the filename will allow PGP to complete the signature check. For example, if you have a detached signature for the file 'windows.exe' and you wish to check it's detached signature 'windows.sig', enter:
pgp windows.sig
PGP will then display:
File has signature. Public key is required to check signature.
File 'windows.$00' has signature, but with no text.
Please enter filename of material that signature applies to:
You would then enter the name of the file to be checked and PGP will then display:
Good signature from user "Don Henson, WEPIN <wepinsto@colossus.net>".
Signature made 1995/02/13 23:57 GMT
Signature and text are separate. No output file produced.
That is of course what you hope to get. If PGP reports a bad signature it means that something in the file has changed since it was signed. How the change occurred is something you have to figure out. It could be a malicious change or it could be that some email software decided to add some spaces or change the paragraph characters. In either case, you have been alerted. The action you take is up to you.
PGPClick will also check detached signatures as long as they are ASCII armored. Just use PGPClick to decrypt/verify the signature and proceed as described above. If you have a detached signature that is not ASCII armored, you can use PGP WinFront. That is why you need both applications. Using PGP WinFront to check a detached signature is as easy as decrypting the signature file. PGP will ask for the name of the file to check just as if you initiated the process from DOS.
As mentioned above, most signatures are attached to the files they sign. In those cases, the signature is automatically checked when you decrypt the message. If the message is not encrypted, use PGP to decrypt it anyway and it will just check the signature.
PGPClick will check attached signatures. When you click on the 'Decrypt/Verify' button, PGP will automatically check the signature and report it to be good or bad. As noted earlier, though, PGP cannot check the signature unless you have the sender's public key in your public key ring.
Many people like to sign their unencrypted messages. This poses a problem. If you just use:
pgp -s message.txt
the signature will be binary and will not make it thru the 7-bit email system. On the other hand, if you use:
pgp -sa message.txt
the ASCII armoring will be applied to the unencrypted text as well as the signature. Now the signature will make it thru the email system but the recipient will not be able to read the ASCII armored but unencrypted message. (Unless he has PGP of course.) PGP has a special 'command-line switch' to handle this situation.
The process we are trying to accomplish is to sign an unencrypted message, ASCII armor the signature, but leave the unencrypted text alone so that anyone can read it. This process is called 'clearsigning'. The command-line switch is 'cl' and it must be turned on. You must select the sign option (s), the ASCII armoring option (a), and the input file option must be set to text (t). To clearsign your message.txt, use:
pgp -sta +cl=on message.txt
Fortunately, later versions of PGP have some of these options turned on by default. Clearsign=on is default as well as input file of text (option t). That means you can accomplish the previous result with the command:
pgp -sa message.txt
Be aware, however, that the default options are set in a file in the c:\pgp directory named config.txt which can be changed. When you have some time, have a look at config.txt (it is a plain text file you can open with any text editor). There may be some other options in there that you want to change after you become more comfortable with PGP.
You check the signature on a clearsigned message in the same way that you check any signature. Use PGP to decrypt the message, even though it's not encrypted, and PGP will automatically check the signature.
Sometimes you just need to protect a file without sending it to anyone. You will be the only person who will ever see it. You could, of course, encrypt the file using your public key and decrypt it with your secret key just as if you had sent it to yourself as an email message. However, this process involves several mathematical operations that are not necessary given that a single key will work as well as a public/secret keypair in this situation. PGP uses a conventional encryption system to encrypt your messages anyway (it only uses the RSA algorithm to encrypt the random session key that gets sent with the message) so the author made the conventional encryption process available to users.
To use conventional encryption, you use the conventional encryption option (c). To conventionally encrypt file.exe, for example, use:
pgp -c file.exe
PGP will ask you for a passphrase which, by the way, should be different from the passphrase you use to protect your secret key.
After you enter the passphrase twice (to make sure you entered it correctly), PGP will create an encrypted version of file.exe named file.pgp which you can decrypt with the command:
pgp file.pgp
PGP will recognize that file.pgp was encrypted conventionally and ask for your passphrase. If you correctly enter your passphrase, PGP will decrypt file.pgp.
When you conventionally encrypt a file, the chances are that you don't want the unencrypted version around. Unfortunately, deleting a file doesn't erase the information. Deleted files can be easily recovered as long as none of the disk space where the file resided has been overwritten. And even if files have been overwritten, it is possible to recover some or all of the information in the file using techniques of various levels of sophistication. The only way to be reasonably sure that the information in a file cannot be easily recovered is to use some file wiping utility like Norton Utilities or RealDelete. These utilities will physically write over the areas where the original file was located several times using random data. When these utilities are used, only the most sophisticated techniques can recover the information.
PGP has an option for overwriting the encrypted file. You just add the option 'w', for wipe, to the command. For example:
pgp -cw file.exe
will cause PGP to overwrite the locations where file.exe was located. This option provides a modicum of safety but suffers from a couple of problems. First, it only overwrites the file once so it is still relatively easy to recover the information (although you can no longer recover it with the MS-DOS Undelete command). Second, if you are using a multitasking operating system such as Windows, pieces of the original file can be left in places where there is no reference to it as a result of swap file activity. This means that those pieces will still be there until they are by chance overwritten by the operating system. You can download a couple of file utilities, zapswap.com to wipe the Windows 3.x swap file and zapempty.com which will wipe all unused sectors on your hard disk. Do NOT use these utitilities on Windows 95 or Windows NT systems and do not run either one from Windows. They must be run from DOS (NOT from a DOS window).
I routinely use the wipe option on the theory that a little protection is better than none. However, I also keep any files I wish to protect on an encrypted file volume so that even if the file is not erased properly, it is still protected.
And, by the way, you can use the wipe option (w) with any PGP operation where it makes sense to wipe a file. For example, to encrypt a message and delete the plaintext version at the same time, use:
pgp -ew message.txt
This will cause PGP to encrypt 'message.txt' (encrypted file will be named 'message') and overwrite the file 'message.txt' and delete it.
PGP uses what is widely recognized to be the best encryption technology available today. The encryption is so strong that it is easier to get the information in an encrypted message in some way other than by breaking the encryption itself. For example, it is generally considered easier to hack your secret key passphrase than to determine the actual key. (See the section on Passphrases for examples of some of the many ways this can be done.) So it behooves you to protect your key and your passphrase so that it is extremely unlikely that anyone else can find out what they are.
On the other hand, if you lose your key or forget your passphrase, you will not be able to decrypt your messages and, worse, you will not be able to revoke your key unless you have access to your secret key. (We will discuss key revocation later.) Therefore, it behooves you to make sure you have backup copies of your key and some way of remembering your passphrase no matter what.
Here are some things you can do to reduce the probability that anyone can get your key and increase the probability that you will not lose your key.
The above procedures should keep your secret key relatively secure and is adequate for normal conditions. If, however, you discover that someone is actively trying to break your security, then you will have to get a lot more paranoid. Further information on this subject is beyond the scope of this document.
THE WEB OF TRUST - KEY SIGNATURES
Say you receive a PGP public key from someone named George. How do you know that the key actually came from George or that George is really who he says he is? The key you received could be one that was made up by Sam who just says that he is George so that he can get you to tell him things that you would normally only tell to George. Say, for example, that George is your defense attorney in a tax fraud case and that Sam is an IRS agent. You see how this could be a pretty serious situation. How do you protect yourself against this situation?
The most obvious way, of course, is to know George personally and get George to physically hand you a disk with his public key on it. In the case of a defense attorney, this is a reasonable thing to do. Unfortunately, in the evolving world of electronic commerce, physical meetings to exchange keys may not be practical. You may have a supplier in Tasmania and a customer in Finland while you live in Vladivostok. Getting all three together to exchange keys is not likely. And if this is only one out of dozens of suppliers and thousands of customers... Well, you get the idea. So what is the next best way to get keys you can trust?
The next best way to get a key you can trust is to get it from someone who knows both you and the person who's key you want to get. Let's say you want to correspond with John who knows George, your defense attorney. You could get John's key from George and John could get your key from George. In this way, George has acted as an 'introducer' between you and John and you can now trust John's key. Now John may know someone else you wish to correspond with, say Alice, so you ask John to act as an introducer between you and Alice. John gets Alice's key and signs it so that he can send it to you via email. You can check his signature before adding Alice's key to make sure no one tampered with it in transit. If it checks out ok, you can trust Alice's key because you got it from John whose key you already trust. Now let's say that Barbara wants to correspond with John but cannot arrange to meet John so Barbara asks you for John's key since she already knows you and trusts your key. You sign John's key and send it to Barbara. Barbara can now trust John's key because she knows you and trusts your key.
You can see how this situation can expand to include a lot of people and pretty soon you can be trusting and using keys of people you have never met because you trust the signatures on their keys. This situation is referred to as the 'Web of Trust' and is the basis for public key encryption. Without the web of trust, you would only be able to trust the keys of people you can physically contact and much of the usefulness of public keys would be lost.
PGP implements the web of trust by allowing keys to be signed by any number of people each signifying that they 'vouch for' that key. The signatures become a permanent part of the key and are transmitted with the key. If you get a key from someone you do not know, you may still be able to trust the key if you can find the signature of someone you trust in the list of that key's signatures. You can check the signatures on a key by first adding it to your key ring and then by using the PGP command:
pgp -kvv userID
PGP will display the key of userID and all the signatures that are attached. If you find a signature from someone you trust, then you can trust that key as well. Simple, elegant, and no central certifying authority needed.
There is one other way to get a key that you trust. If your only contact with someone has been via email, then you want the key of that person even if that person is not who he says he is. If you ever meet that person physically then the problem will be for him to prove that he is the same person you have been corresponding with, not the other way around. In this case, you would ask the person to send you his key with his signature just to be sure it hasn't been modified in transit. Then you can trust that key just as if you had been physically handed it.
It would make things a lot easier if there were some central place where you could go looking for keys. Fortunately, there is such a place or, rather, a bunch of places all working together. The places are called 'keyservers' and are available on the internet via email and via the WWW.
Keyservers are computers accessible via the internet that maintain huge PGP public key rings. You can send commands via email to these keyservers to add keys to the keyserver, revoke keys, and search for keys that you want. There are several keyservers in the world but it is only necessary to contact one of them. All the keyservers update each other so if you add your key to one, it is shortly available on all of them. Keyservers occasionally disappear so it is a good idea to keep the address of a few handy so in case one doesn't work, you can try another one.
Some keyservers are also available via the WWW. A good one that I use quite often is located at:
There is also a commercial keyserver called the Stable Large Email Database (SLED) which will allow you to add your key and email address to their database for free and will allow anyone to search their database for free. For a small fee, they provide additional services. For more information about SLED, you can send email to info@Four11.com or you can visit their World Wide Web home page at Universal Resource Locator (URL): http://www.Four11.com/ (link appears to be broken.)
You can access the free keyservers by sending email to one of the addresses listed below with the appropriate command as the subject of your message and any required info, such as your key, in the body of the message. Valid commands are:
Command Message body contains ---------------- -------------------------------------------------- ADD Your PGP public key (key to add is body of msg) INDEX List all PGP keys the server knows about (-kv) VERBOSE INDEX List all PGP keys, verbose format (-kvv) GET Get the whole public key ring GET userid Get just that one key MGET regexp Get all keys which match /regexp/ -------------------------------------------------------------------
Send your keyserver commands to one of the following servers:
pgp-public-keys@kub.nl
pgp-public-keys@pgp.iastate.edu
pgp-public-keys@pgp.mit.edu
pgp-public-keys@pgp.ai.mit.edu
public-key-server@pgp.ai.mit.edu
pgp-public-keys@cs.tamu.edu
pgp-public-keys@chao.sw.oz.au
pgp-public-keys@dsi.unimi.it
pgp-public-keys@kiae.su
pgp-public-keys@fbihh.informatik.uni-hamburg.de
The usual caveat applies. Things change and there's no guarantee that any one keyserver will remain in operation. Also, new ones come on line occasionally.
One word of caution. Do not GET the whole public key ring. The last time I checked, it exceeded 4 MBytes in size. This takes a long time to download and most of the keys will be useless to you anyway. I use the command MGET exclusively since I can specify any part of the userID and get the key. For example, if I wanted to get the public key of "John Q. Smith <12345.6789@compuserve.com>", I could MGET it by putting any one of the following commands in the subject of my keyserver message:
MGET John Q. Smith
MGET 12345.6789@compuserve.com
MGET Smith <12345.
As you can see, the MGET command is pretty versatile.
It is a good idea to ADD your own SIGNED public key to one of the keyservers. You do this by addressing an email message to one of the keyservers, putting the command 'ADD' in the subject line, and putting your extracted key (pgp -kxa <userid> key.asc) into the body of the message. It's also a good idea to MGET you own key to make sure it was properly added. By the way, it's only necessary to ADD your key to one keyserver as they all communicate with and update each other.
Sometimes you need to tell everyone to stop using your old key. This is pretty difficult for several reasons. For one thing, you have no idea who all has a copy of your key. Also, you have to announce that your old key is no good in such a way that everyone will believe you. You can't just send an email message because anyone could do that. You could sign your email message with your old key but you would still have to find out who all has a copy. To resolve these and other problems, at least partially, PGP allows you to generate a Key Revocation Certificate. This certificate is attached to your key much as a signature is attached. However, when someone views or tries to use a key with a Key Revocation Certificate attached, he will be notified that the key has been revoked.
This system is not perfect. It may take months or years before your revoked key gets sent to everyone who had a copy of your key. But at least now you can ADD the revoked key to the keyserver and then send out email to everyone you can think of that your key has been revoked and advising them to get a new copy of your key from the keyserver.
And the fact that you posted a revoked key to a public keyserver goes a long way toward throwing doubt on a document that was supposedly signed by you after the key had been revoked.
Why would you want to revoke your key? Perhaps you generated your key using an earlier version of PGP and you want a key generated by the later version. Or you lost control of your passphrase and you need to create a new key with a new passphrase. Maybe you suspect that someone has somehow obtained your secret key and you just want to be safe. There may be other reasons. But whatever your reasons, here is how you generate a Key Revocation Certificate and attach it to your key.
pgp -kd <userid>
That's it. Now extract a copy of your revoked public key (pgp -kxa <userid>) and ADD it to a keyserver. You should also send it directly to anyone who corresponds with you regularly. Generate a new keypair as soon as possible and ADD it to a keyserver and send it to your regular correspondents.
By the way, it is in extremely bad taste and may in some cases be considered fraud to use your key after it has been revoked.
USING PGP AS A PART OF YOUR OVERALL SECURITY STRATEGY
PGP, while good, is not the be-all and end-all of your personal security. You must be concerned about the privacy of your financial information at the bank, your physical security, etc. You should view PGP as what it is, a very good tool for you to use in a few aspects of protecting your privacy.
West El Paso Information Network (WEPIN Store) can help in some respects. We can, for example, provide information concerning Pure Contract Trusts which will provide protection of assets from excessive taxation and the ravages of probate. We can also provide information concerning the use of a 100% backed by gold private financial institution and we can tell you how to participate in asset appreciation and capital growth of private businesses. You can even get information on how you can pay fewer taxes each year. For more information, send email to wepin@wepin.com.
If you have read and understood the information in this report and if you have worked your way through the exercises, you should now be ready to start using PGP in your everyday life. It will take a while for you to become an 'expert' but you should now be able to use PGP to effectively protect the privacy of your electronic mail without making the common mistakes of most beginners. To go operational, you need to take the following actions.
pgp -kr "John Q. Smith"
PGP will display:
Removing from key ring: 'c:\pgp\pubring.pgp', userid "John Q. Smith".
Key for user ID: John Q. Smith <12345.6789@compuserve.com>
512-bit key, Key ID BDEFE971, created 1995/02/10
Are you sure you want this key removed (y/N)?
Enter 'y' for 'yes' and PGP will display:
Key removed from key ring.
Key or user ID is also present in secret key ring.
Do you also want to remove it from the secret key ring (y/N)?
Enter 'y' for 'yes' and PGP will display:
Removing from key ring: 'c:\pgp\secring.pgp', userid "John Q. Smith".
Key for user ID: John Q. Smith <12345.6789@compuserve.com>
512-bit key, Key ID BDEFE971, created 1995/02/10
Are you sure you want this key removed (y/N)?
Enter 'y' for 'yes' and PGP will display:
Key removed.
pgp -ks <userID> (substitute your userID of course)
pgp -kxa <userID>
I usually save a copy of my extracted key so that I can easily include it in an email message in case I want to send it to someone.
pgp -e short.txt
Ensure that PGP uses your new key to encrypt the file. Then decrypt the file using your secret key by entering:
pgp short.pgp
Open the resulting file ('short') and verify that it is the same as the original 'short.txt'.
To: pgp-public-keys@pgp.iastate.edu
Subj: MGET userID (using your own userID of course)
If you don't get your key back from the server within 48 hours, try ADDing it again. If after several attempts you still can't get your own key back, send email to wepin@wepin.com and I'll try to help.
Well, you should now be able to use PGP. If you would like to know more about PGP, how it works, the theory behind encryption, and where it is going, you can check out some of the resources listed below. Resources change constantly in Cyberspace so some of the resources listed may not be there when you get around to checking them and there will be many other resources that are not listed. That's the way it works in Cyberspace. Learn to enjoy it. And good luck with your pursuit of privacy.
The World Wide Web (WWW or the Web for short) is in a constant state of flux. The best thing to do with the Web is to log on and start browsing the various WWW pages. (This is known as 'surfing' the WWW.) I use the search engine Alta Vista to quickly find subjects I am interested in.
USENET, in case you are not familiar with it, is like a huge worldwide BBS with several thousands of forums/conferences/discussion groups. USENET calls discussion groups 'Newsgroups'. At last count, there were over 12,000 newsgroups with names like: talk.politics.guns, alt.jokes, tx.religion.pagan, and alt.binaries.pictures.erotic. The newsgroups that relate to PGP are called: alt.security.pgp, sci.crypt, and alt.security. There are more but these three will get you started. If you want to use USENET to explore PGP issues, you should get a list of newsgroups and look for interesting newsgroup names. You can access USENET and even search the newsgroups for specific topics via the WWW at Deja News.
You should be aware that USENET has its own culture and its own rules of behavior. Before posting to any newsgroup, you should spend a few days or weeks reading what others post to see what is acceptable and unacceptable behavior on the newsgroup. This simple step can save you a lot of grief.
There are a lot of books dealing with encryption and even a few dealing specifically with PGP. If you click on the titles below, you will be able to order the book online directly from Amazon.com, the world's first online bookstore.
If you are interested in the theory and math behind encryption, most cryptographers agree that the best book, especially for beginners, is:
To get an appreciation of the difficulty in creating unbreakable encryption systems, read:
For some insight into the internal workings of the National Security Agency (NSA), read:
For another view of how to use PGP and for a permanent reference on how to use PGP, get a copy of:
Many more references are available. Many of the better ones are listed in the Cryptography FAQ (Frequently Asked Questions). The Cryptography FAQ is posted to some of the USENET Newsgroups about every three weeks or you can get the latest version by anonymous FTP from rtfm.mit.edu. The FAQ is in ten parts and you must specify which part you want. For example, if you wanted part 10 (which contains the references), you would FTP to rtfm.mit.edu and look in directory:
/pub/usenet/news.answers/cryptography-faq/ for a file named 'part10'
You can also read the FAQ on the WWW. However, they didn't do a very good job of linking the various parts together. The last part of the URL below, /cryptofaq01-10.html, is interpreted as cryptofaq part 01 of 10. If you want to see the second part, you would replace '01' with '02' (cryptofaq02-10.html) and so on for each of the parts. Here's the URL for the first part:
APPENDIX A - THE SIMPLE SUBSTITUTION CIPHER
You may have seen an example of a simple substitution cipher in your daily newspaper. It's usually called a cryptogram. In the simple substitution cipher, each letter of the alphabet is assigned another letter of the alphabet. When a message is to be encrypted, each letter in the plaintext message is replaced with the substitute letter. The resulting message is called the ciphertext. For example, we may decide to shift each letter one position so that 'A' becomes 'B', 'B' becomes 'C', 'C' becomes 'D', etc. The last letter in the alphabet, 'Z' then becomes 'A'. This method is usually referred to as a rotation and the number of letters shifted is the key that allows the recipient to decrypt the message. An example of this key, usually called 'rot1' may help to clarify this method. Let's say we would like to encrypt the message 'Hello' using the key 'rot1'. Here's how we would go about it:
plaintext: H E L L O (This method only uses capital letters)
| | | | | (Shift each letter one position to the right)
ciphertext: I F M M P
We could now send the ciphertext 'IFMMP' as a normal message thru unsecure channels and the recipient would decrypt the ciphertext as follows:
ciphertext: I F M M P
| | | | | (Shift each letter one position to the left)
plaintext: H E L L O
Now rot1 is only one of the 25 possible keys that could be used in the simple substitution cipher so how does the recipient know which one of the keys to use to decrypt the message?
The easiest way, of course, is for the sender and receiver to have agreed on the key ahead of time. But this poses a problem. Suppose that the sender and receiver are not located close enough together so they can agree on the key. They certainly can't send the key thru the same channel as they plan to send the encrypted message because, if they do, anyone who can intercept the encrypted message can also intercept the key and can then decrypt the message. This problem is the problem of key management. How do you send the key to the intended recipient without also revealing it to someone who plans to intercept and read your encrypted messages? (Let's call these people 'spies' to make it simpler to talk about them.)
The problem of key management using conventional encryption (any method of encryption that requires the sender and receiver to have the same key) is usually handled by sending the keys thru a separate secure channel. In most cases, this means that a trusted person acts as a courier to transport the key or a set of keys to the intended recipients. As you can see, this method severely limits the number of senders and receivers and makes it virtually impossible to send encrypted messages to anyone you have never met. PGP solves this problem by making it possible to transmit the public key in the clear.
Back to the original problem of how the recipient can tell which key to use. Since the simple substitution cipher only has 25 possible keys (the total number of possible keys is usually referred to as the key space), the recipient only has to try each of the 25 possible keys to find one that works. (If the ciphertext decrypts into a sensible message, it is assumed to be the correct one.) The astute reader will realize that anyone, not only the intended recipient, can use the same technique to decrypt the message. (This method is referred to as a brute force cryptoanalytic attack. How's that for a three-dollar phrase?) The ease of this attack is why the simple substitution cipher is not used for any serious applications. Any encryption system to be used for serious work must have a much much greater key space than 25.
The simple substitution cipher also has another problem. Since each letter in the plaintext is always changed into the same letter in the ciphertext, it is fairly easy to figure out the plaintext message in a long message by using a technique called frequency analysis. Any human language will use certain letters and combinations of letters more often than others. By analyzing a lot of prose, it is possible to develop frequency tables that indicate the probability of any given letter being used in a message. By counting the number of times that a ciphertext letter appears in a long message, it is possible to determine with a high degree of confidence which key in being used simply by comparing the frequencies of letters in the ciphertext with the frequencies of letters in the frequency table. Then by trying various substitutions, certain words become recognizable which gives us more letters to try and so forth. Using this technique on a simple substitution cipher will yield the plaintext very quickly.
APPENDIX B - THE PGP PUBLIC KEY OF WEPIN
Delete all lines above the BEGIN PGP PUBLIC KEY BLOCK line of the PGP Public Key block before adding it to your key ring.
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2
mQCNAy8G5lIAAAEEAKT/Hd5q2dqyyLbvE/I+GnmuxV+u79lrCAcw8fWxzi1vVQwS
bKF8DjGO+xnPdZAdryPUJoS8yitmc/pE1wFmNWeunCImu81gxhpphgbnq8/nm8/c
3q1i4/0QlofxWphxhFF3b7zQMzS7iiFZL5x7Rget5aRaWnKE855C4hMDAC3JAAUR
tCZEb24gSGVuc29uLCBXRVBJTiA8ZGhlbnNvbkBpdHNuZXQuY29tPrQWV0VQSU4g
PHdlcGluQHNnaXIuY29tPokAlQMFEC8G52h8y4XkPC4ZpQEBkE0EAJxxVkO4ApzO
7tO2Drvbipve5bjNOEvNnpzA+5F7lnLFWddBMsP3C5V8IQ/gituSVDMfhp/D/1nD
6FnJ1sP+LM2SF/wRbL6exuAG0Z74PLTf2UGUzc8/cP3Q/imxXj77voi0Q0UVC1M5
SzvlsGFr8I0W6meUJqSH0a4AYUf3WMKmiQCVAwUQLwbmwp5C4hMDAC3JAQGsZgQA
hnFNMDh9TJmbv5O9Y7KXUkYhKXFX2kFZp0Czx2t/94A0O9XQeRFBrGimrbRm095s
+T+CJ/9C2J+AyV8heOUOGknq4d+1HTWaGlTo/2Zu3Lh0bml7l1ovbE28O7VjMu9l
Biz+X6bgccHs5YyanNLyWIYF/xDgrCklKMN4oOFjrSU=
=EWG6
-----END PGP PUBLIC KEY BLOCK-----
Copyright at Common Law, West El Paso Information Network, 1997