Keys used in PGP
Hi all, this article describes about the keys used in PGP(Pretty Good Privacy). If you are new to PGP take a look at my previous article.
Keys used in PGP :
- One-time session symmetric keys
- Public keys
- Private keys
- Passphrase based symmetric keys
SESSION KEY: This is a random string generated by multiple sources of entropy. These strings are mainly based on the Keystroke(a single depression of a key on a keyboard) input from the user.
KEY IDENTIFIERS: If the user has multiple private/public key pairs, how does the recipient knows which of it’s public key is used for encryption? To solve this issues, KEY ID is assigned to each public key which is an outcome of Public-key mod 2⁶⁴
KEY RINGS: Two key ID’s are included in PGP messages to provide both confidentiality and authentication. The scheme used in PGP is to provide a pair of data structures at each node.The data structures are referred to as Private key ring & Public key ring.
Private key rings are stored only in the user’s computer.
STEPS FOR GENERATING PUBLIC & PRIVATE KEY RINGS:
1.Select a passphrase.
2. When the system generates a new public or private key pair using RSA, it asks for the passphrase.
3. This passphrase is given for hash code generation.
4. The system encrypts the private key with the hash code.
5. When the user access the private key ring, the passphrase should be supplied.
PUBLIC KEY AND PRIVATE KEY PAIR:
The public key and private key are generated together. Both rely on the same very large secret prime numbers. The private key is the representation of two very large secret prime numbers. The public key is made up of the same two very large prime numbers used to make the private key. It is very hard to figure out which two large prime numbers created the public key. This problem is known as prime factoring. These randomly chosen gigantic prime numbers are hard to guess for both humans and computers.
I’ll see you in my next article regarding S/MIME. Thank you all for your time and patience😉
References:
