TCF389: Public Key Cryptography
-
Text or data is encrypted (scrambled) according to a key that
both sender & receiver have
-
Then it is decrypted using that key
-
One piece of software facilitating that is Pretty Good Privacy (PGP)
Pretty Good Privacy (PGP)
-
Two complementary keys are used to maintain secure communications:
-
Private key to which only you have access
-
Public key which you freely exchange with other PGP users.
-
Include your public key in an e-mail message,
-
It's just a block of text--e.g., see my public key on
my homepage.
-
Copy it to a file and give them the file,
-
Post it on a public key server where anyone can get a copy when they need
it. You can then put a link to it in your Web pages:
-
To send someone an encrypted, private e-mail message
-
Use a copy of that persons public key to encrypt the information,
which only they can decipher by using their private key.
-
(When someone wants to send you encrypted mail, they use a copy of
your public key to encrypt the data, which only you can decipher by
using a copy of your private key.)
-
Signing e-mail with encryption--to authenticate that it was really
sent by who it purports to be sent by
-
Faking e-mail is extremely easy
-
You use your private key to sign a message, thus authenticating it
with your PGP Signature.
-
Then recipients use their copy of a public key to determine if you
really sent the e-mail and whether it has been altered while in transit.
PGP Examples
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv
iQA/AwUBM+H1J5tjw2ns+CY3EQLp4ACbBzc6d5k65zwFNMBjf0abblBdp08AoNZO
2qZZpjVAF9CMm1OJTNAPU+cC
=X7qO
-----END PGP SIGNATURE-----