銆怰EVIEW銆?In this paper, the realization principle about PGP and background knowledge.
In this paper, the realization principle about PGP and background knowledge. The other on the PGP installation, use, etc. Please refer to this article and other documents are provided. PGP Pretty Good Privacy, is an RSA public key encryption system based on e-mail encryption software. Can use it to your e-mail confidential to prevent unauthorized persons to read, it can also add your e-mail signature so that the recipient can be sure that the message is sent by you. It allows you to safely and you have never seen people communicate, do not need any prior confidentiality channel used to pass key. It uses: careful key management, an RSA encryption of the hybrid and traditional algorithms, message digest for digital signature algorithms, encryption, compression, etc. before, there are a good ergonomic design. It has fast speed and powerful. And its source code is free of charge. PGP's features in fact more than the above said: PGP can be used to encrypt files, you can also use PGP instead of UUencode generate RADIX 64 format (MIME is the BASE 64 format) encoded files. PGP is the founder of the United States Phil Zimmermann. His creativity lies in his RSA public key system to the convenience and speed of traditional encryption systems combined, and authentication in digital signatures and key management mechanisms have a clever design. So PGP become almost the most popular public key encryption package. PGP is an encryption software for public use. Encryption is for security, privacy is a basic human right. In modern society, e-mail and network file transfer has become a part of life. E-mail security problems have become increasingly prominent, and we all know the Internet to transmit data is not encrypted. If you do not protect their own information, third parties will have easy access to your secret. Another problem is the message authentication, how to make the recipient believe the message has not been tampered with third parties, we need digital signatures. RSA public key system features make it ideally suited to meet these two requirements: Confidentiality (Privacy) and authentication (Authentication).
RSA (Rivest-Shamir-Adleman) algorithm is a prime factor decomposition based on large numbers can not assume that the public key system. Simply is to find two large prime numbers, one open to the world, a world not tell anyone. Called "public key" and another called "private key" (Public key & Secretkey or Private key). The two keys are complementary, that is encrypted with a public key cipher can be decrypted using the private key, and vice versa. Suppose A to B to send a letter, they know each other's public key. A with B's public key to encrypt messages sent, B received after his own private key can decrypt the A's original. Since no other people to know B's private key so I can not even decrypt a letter, which addresses the issue of confidentiality letter. On the other hand because everyone knows B's public key, they can write to B, then B can not be sure it was not a letter. Certified question arises, this time, there digital signature used.
Before the first digital signature in the notes to explain what "message digest" (message digest), is one speaking on a message method with a calculated one can embody this message "essence" of a few years, once the message has any change this number will change, then the number with the author's name (actually the key in the author) also dates and so on, you can sign up as a. Rather PGP is a 128-bit binary number as a "message digest", and used to generate its algorithm called MD5 (message digest 5), MD5 The author is Ron Rivest, PGP is the code used in Colin Plumb prepared, MD5 itself is the common software. So PGP legal provisions are not mentioned. MD5 is a one-way hash algorithm, which unlike the CRC check code, hard to find a replacement with the original message with the same "essence."
Back up digital signature, a private with its own 128-bit key would be the "cream" of encryption, attached to the mail, then B's public key to encrypt the entire message. The ciphertext that was received after B and B with their own private key to decrypt the message, get the original text and signature A, B of PGP calculated from a 128-bit original "cream" to re-use A's public key Comparing the number of signatures obtained to decrypt, if found to explain this is indeed a message sent. This two requirements are met.
PGP encryption can also be not only the signature, which applies to public statements, the statements of people in order to prove his identity (so the network can), you can use your private key signature. This allows the recipient to confirm the identity of the sender, the sender can deny his own statement to prevent. This is great in the commercial application of the future of the field, it can prevent the sender's denial and the letter was en route tampering.
So why use PGP encryption is RSA and the traditional hybrid algorithm? Because a great amount of RSA algorithm for encryption speed is not a lot of data, so PGP encryption is not actually used for RSA itself, but uses a traditional encryption algorithm called IDEA. Let me first explain what is meant by traditional encryption, simply is to use a plaintext encryption key, and then use the same key to decrypt. This approach is represented by the DES (US Federal DataEncryption Standard), is multiplication encryption, its main drawback is that the transmission channel can not solve key security issues, e-mail encryption is not suitable for the network environment needs. IDEA is a patented algorithm, the patent holder is the ETH and a Swiss companies: Ascom-Tech AG. IDEA to achieve non-commercial use without paying fees to them. IDEA, plus (solutions) close much faster rate than RSA, it actually is a randomly generated PGP key (different for each encrypted) encrypted with the IDEA algorithm explicitly, then the key with RSA encryption algorithm. This is also the recipient of this RSA to decrypt the random key, and then IDEA decrypt the message itself. This chain RSA encryption to make the existing system of confidentiality, but also a fast algorithm of IDEA. PGP creative half on this point, why RSA system proposed 70 years ago, has not promote the use of it? Too slow! Then the other half of PGP creative here? I talk about under the surface PGP's key management.
A sophisticated encryption system must have a sophisticated key management mechanisms supporting. Public key system proposed is to solve the traditional encryption key distribution system difficult to confidential shortcomings. Such as Internet hacker who is one of the means used to "listen", if the key is transmitted through the network would be too dangerous. For example: NovellNetware old version, the user's password in cleartext in the transmission line, so that listeners will easily get the password of others. Of course, Netware 4.1 in the header of the user password is now encrypted in the. On the PGP public key is supposed to be for the public, there is no anti-monitoring problem. However, the release of public key security issues still exist, such as public key's been tampered with (Public Key Tampering), which is public key cryptography may be the biggest loophole, as most beginners can not quickly find it. You must be sure you get the public key belongs to its looks is the one. In order to clarify this issue, I give an example, and then say how to properly use the PGP plug this loophole.
Alice's communication to you and example, suppose you want to mail a letter to Alice, then you have to have Alice's public key, you download from the BBS on Alice's public key, and used it to encrypt a message sent with the function of BBS's Email the Alice. Unfortunately, you and Alice do not know, another user named Charlie sneaked into the user BBS, the name of his own with Alice's key pair generated public key replaces Alice's public key. You used to write the public key is not Alice, but Charlie, everything seems to be Ok, because you get the public key of the user name is "Alice". So Charlie can use his private key to decrypt the hands of your letter to Alice, and even he can use Alice's public key to a real forward your letter to Alice, so no one will not be suspicious, he would like to change if you give Alice did not issue the letter. What is more, he can forge Alice's signature letter to you or anyone else, because you in the hands of the public key is fake, you would think that Alice is really a letter.
Avoid such a situation the best way to prevent any other person the opportunity to tamper with public key, such as get her hands directly from Alice's public key, but when she was thousands of miles away or can not see, this is very difficult . PGP public key describes the development of a mechanism to solve this problem. For example: If you and Alice have a mutual friend David, but David knew he was in the hands of Alice's public key is correct (on how certified public key, PGP there is a way to talk back, assuming David has already Alice had her certified public key). So David can use his own private key in Alice's public key to sign (that is, speak with the signature of the above methods), said he secured the public key belongs to Alice. Of course you need to use David's public key to verify Alice he gave you the public key, the same David to Alice can be certified for your public key, so that David will be between you and Alice "introducer." Alice or David so they can be safely put David signature to Alice's public key uploaded to BBS and let you go and get, not to tamper with it might not be you find, even BBS administrator. This is the public key from a public safety channel transmission means.
Some people may ask: how do you safely get David's public key then, this is not a first, the chicken or the egg question? Indeed, David could you get the public key is fake, but this requires the participation mischief this whole process, he must be three of you are familiar with, but also planning for a long time, which is generally not possible. Of course, PGP may have to prevent such a proposal, that is widely trusted by a person or institution to play this role. He was known as the "key waiter" or "certification authority", each signed by his public key is considered to be true, so you only have a copy of his public key on the line, this person's public key certificate is to facilitate because he was widely available this service, fake his public key is extremely difficult because of his wide spread public key. This "authority" for non-personal control as organizations or government agencies, now have the institutional level certification system exists.
For people who are dispersed, PGP is more in favor of the use of private means of key referral form, because it better reflects the non-organic nature of social interaction, and that people can trust the people the freedom to choose to introduce. Short and to meet the same people do not know. Each public key has at least a "user name" (User ID), please try to use their full name, preferably together with my Email address, to avoid confusion.
Attention! You must follow a rule is: you use any public key, be sure to first certified it! ! ! No matter what you are tempted, of course, there will be this temptation, you do not, absolutely not, a direct trust from the public channels (by those who seem confidential) have come to the public key, remember to use the public key acquaintance introduced or their own personal authentication with each other. Do not the same as the others you sign their public key authentication, you and your real life, home, house keys to the trust you are only human.
Now, I talk about how the authentication key by telephone. Each key has their own identity (keyID), keyID is a hexadecimal number eight, the two keys have the same keyID possibility is one of billions, and PGP also provides a more reliable method of identification keys: "Key fingerprint" (key''s fingerprint). Each key corresponds to a string of numbers (16 8 hexadecimal numbers), this figure may be repeated more minimal. And no one can specify to generate a key with a fingerprint, key is randomly generated from the fingerprint can not be key to anti-launched. So you get someone's public key after him on the phone can check the fingerprint, which certified his public key. If you can not, and Alice the phone, you can phone David David's public key certificate, which certified by David Alice's public key, which is directly and indirectly introduced the combination of authentication.
This gives rise to a method, is to sign with different people gather together their own public key, sent to public occasions, so most people can expect at least know one of them, and thus indirectly, your public key certification. Similarly, you signed a friend's public key should be returned to his post, so let him be you through your other friends authentication. A bit like it, and social reality as people contacts. PGP will automatically find you get your public key in what your friends come, who is friend of a friend you came, which is a friend of a friend's friend's ... ... it will help you to divide them into different trust level, so that you refer to determine their level of trust. You can designate someone to have several layers of public key referred to the ability, this ability is delivered with certification and decreasing.
Referred to the authentication mechanism which can be transferred, this is an interesting question. PGP author Phil Zimmermann. A statement: "do not have transitive trust; I have a friend I think not lie. But he is determined president would not lie fool, obviously I do not think the president will not lie."
On the security of public key security issue is the core of PGP, I will not elaborate here. Like the traditional single-key system, private key confidentiality is crucial. In terms of relative public key and private key does not exist to be tampered with, but there is disclosure of the issue. RSA private key is a long one number, the user can not remember it, PGP's approach is to allow users to randomly generated RSA private key to specify a password (pass phase). Only by giving the password to release the private key using the private key with password encryption method of confidentiality and PGP itself is the same. Therefore the private key of the security issue is in fact the first user password confidential. Compromised private key file itself of course is also very dangerous, because those who just need breaking with the exhaustive method test out your password, and although very difficult, but after all is lost level of security. Here only briefly to remember that like any privacy to be preserved as your private key, do not let anyone have access to it.
PGP Security issues in the careful consideration reflected in all aspects of PGP. Such as the actual encryption key for each is a random number, we all know that computers can not generate real random numbers. PGP program to generate random numbers is very prudent, random number key RSA key is generated as the user see the keyboard from the time interval to achieve a random number seeds. For the disk randseed.bin file is used and mail the same encryption strength. This effectively prevents other people from your randseed.bin paper analyze your key to the Law of the actual encryption.
Here I refer to the PGP encryption before the pre-compression, PGP core algorithms using PKZIP to compress plaintext before encryption. On the one hand on the e-mail, the compressed encrypted encoded ciphertext for another 7bits have less than clear, which saves time for network transmission. On the other hand, clearly compressed, in fact, after the equivalent of a transformation, information more disorganized and the resilience of the plaintext attack more. PGP algorithm used in PKZIP was agreed after the original author. PKZIP algorithm is a recognized compression ratio and compression speed are very good compression algorithm. PGP is used in PKZIP 2.0 compatible version of the algorithm.
Well, on the PGP security issues I will "PGP Security," a paper devoted. I have just mentioned, so much just to let everyone know that PGP is very safe, as long as you follow the correct use. Installation and use of PGP, please refer to "PGP 2.6.3i installation and use of" article. If you look at the English document, some do not understand the words, try to not be from the "PGP Glossary" article for clues. PGP 2.6.3i is I recommend you use the PGP version of detailed questions about this version, see "PGPi Questions" article.
In today's Internet use PGP signatures can be seen on the article, PGP quickly updated version is also said to PGP 3.0 and then a few months to release the. The world, more and more people use PGP, we Chinese people should pay attention to protect their legitimate privacy rights. I translate articles is to organize the promotion in the domestic use of PGP. Although it is still a new thing, but we want to see in cyberspace (CyberSpace) in that it can certainly grow up fast, although China started late, but not too different than the U.S., we should catch up.
相关链接:
mkv
MP3 M3U to ID3
5Star DVD to Video RIPPER
Youtube to AVI Pack
Flac To Wav
Infomation Components And Libraries
Mov to avi converter
Infomation E-Mail List Management
Experts Return Weapon entertainment, travel to save MONEY
Clocks And Alarms introduction
WORLDCUP Flash to Mobile
Vob File
Youtube Movie TO Windows Mobile Pack
Video Player
No comments:
Post a Comment