Uploaded byaryalmadhave123
739 views

Email Security Pretty Good Privacy (PGP),Services Provided by PGP.pdf

The document discusses email security, focusing on Pretty Good Privacy (PGP) as a method for ensuring confidentiality, integrity, and authenticity of email communications. It outlines various security measures such as strong passwords, two-factor authentication, and encryption, while detailing the operational mechanisms of PGP, including authentication, confidentiality, compression, and segmentation. Additionally, it addresses challenges with PGP such as user complexity and compatibility with email clients.

Embed presentation

Download to read offline
Email Security: Pretty Good Privacy (PGP),Services Provided by PGP PRESENTED BY: -PRATIK RAYAMAJHI -RUPAK LAMICHANNE -MADHAV ARYAL
Email, short for electronic mail, is a digital method for exchanging messages. It enables communication between people over the internet or other computer networks. Emails allow the sending and receiving of text-based messages. Attachments such as documents, images, or videos can be included in emails. It facilitates communication between individuals or organizations. INTRODUCTION EMAIL:
EMAIL SECURITY: Email security refers to the steps taken to protect email messages and their content from unauthorized access and damage. It ensures the confidentiality, integrity, and availability of email messages. Email security also safeguards against phishing attacks, spam, viruses, and other forms of malware. Achieving email security involves a combination of technical and non-technical measures.
BASIC EMAIL SECURITY MEASURES: Strong Passwords: Use complex passwords, change regularly. Two-Factor Authentication (2FA): Adds an extra layer of security. Encryption: Basic concept of converting data into code. Regular Updates: Importance of keeping email software updated.
ADVANCED EMAIL SECURITY PRACTICES: End-to-End Encryption: Ensures only sender and recipient can read the message. Email Filters: Setting up filters to block spam and malicious emails. Digital Signatures: Ensures the authenticity of the sender. Secure Email Gateways: Acts as a shield between the internal email system and the internet.
ARCHITECTURE OF EMAIL SECURITY:
PRETTYGOODPRIVACY(PGP) Pretty Good Privacy (PGP) is an encryption software program designed to ensure the confidentiality, integrity, and authenticity of virtual communications and information. It was developed by Phil Zimmermann in 1991. PGP has become a cornerstone of modern cryptography. It is widely regarded as one of the best methods for securing digital data.
Why Is PGP Popular? Why Is PGP Popular? •It is availiable free on a variety of platforms. •Based on well known algorithms. •Wide range of applicability •Not developed or controlled by governmental or standards organizations
Consist of five services: –Authentication –Confidentiality –Compression –E-mail compatibility –Segmentation Operational Description Operational Description
Authentication Authentication Authentication refers to the process of validating something as true or real. For example, logging into a site using an account name and password is an authentication verification procedure. In the context of email, authentication involves verifying the authenticity of an email to ensure it actually came from the claimed sender. Email authentication is important to prevent spoofing and spam, which can cause significant inconvenience.
The Authentication service in PGP is provided as follows: The Authentication service in PGP is provided as follows:
The Hash Function (H) calculates the Hash Value of a message. For hashing, SHA-1 is used, producing a 160-bit output hash value. The hash value is encrypted using the sender’s private key (KPa) to create a Digital Signature. The message is appended to the signature. The message is then compressed to reduce transmission overhead and sent to the receiver. At the receiver’s end: The data is decompressed to obtain the message and signature. The signature is decrypted using the sender’s public key (PUa) to retrieve the hash value. The message is passed through the hash function again to calculate and obtain its hash value. Working Process: Working Process:
Packages labeled as 'Confidential' are meant only for selected individuals and not for everyone. Similarly, email confidentiality ensures that only the sender and receiver can read the message. The contents of the email must be kept secret from everyone else except for the sender and receiver. Confidentiality Confidentiality
PGP provides that Confidentiality service in the following manner: Working Process: Working Process: The session key (Ks) is encrypted using the receiver's public key (KUb) through public key encryption (EP). The encrypted session key and the encrypted message are concatenated and sent to the receiver. The original message is compressed and encrypted, making it unreadable to anyone without the session key. The session key, though transmitted, is in encrypted form and can only be decrypted using the receiver's private key (KPb). CAST-128, IDEA, or 3DES is used for symmetric key encryption.
At the receiver's end: The encrypted session key is decrypted using KPb. The message is decrypted using the obtained session key. The message is decompressed to retrieve the original message (M). RSA algorithm is used for public-key encryption. CAST-128, IDEA, or 3DES is used for symmetric key encryption. Practically, both the Authentication and Confidentiality services are provided in parallel as follows :
Compression Compression Compression converts a message from n bits to m bits (where n > m) using a compression algorithm. Compression helps email service providers by reducing storage overhead, processing time, and maintenance labor. In PGP, the ZIP algorithm is used for compression. Compression is included in the combined Authentication & Confidentiality of PGP.
Some email systems only allow the use of blocks that include ASCII text. When PGP is used, the minimum part of the block that needs to be transmitted is encrypted. The scheme used is radix-64 conversion (see appendix 5B). The use of radix-64 expands the message by 33%. Email Compatibility Email Compatibility
Email Compatibility Email Compatibility
Segmentation Segmentation Email facilities often impose a maximum message length limit. For example, some internet facilities set a maximum length of 50,000 octets (bytes). Messages exceeding this limit must be divided into smaller segments, each sent independently. Often restricted to a maximum message length of 50,000 octets. PGP automatically subdivides a message that is to large.
PGP OPERATION -SUMMARY
SESSION KEYS PGP (Pretty Good Privacy) uses session keys for efficient encryption and decryption of messages. Session keys are symmetric keys generated specifically for each session or communication instance. They are typically randomly generated and are used for a short duration. Session keys are used to encrypt the actual message content in PGP. After the message is encrypted using the session key, the session key itself is encrypted using the recipient's public key. This ensures that only the intended recipient can decrypt the session key and subsequently decrypt the message.
PUBLIC KEY Used for encryption and verifying digital signatures. Typically shared openly or with anyone who needs to send encrypted messages or verify signatures. Derived from the private key through a mathematical process and is mathematically related but computationally infeasible to derive the private key from it. Ensures confidentiality and authenticity of communications.
PRIVATE KEY Used for decryption of messages and generating digital signatures. Must be kept confidential and known only to the owner. Used to prove ownership of the public key and to decrypt messages encrypted with the corresponding public key. Both keys are mathematically related, and anything encrypted with the public key can only be decrypted with the corresponding private key.
PGP MESSAGE FORMAT A typical PGP message consists of the following main parts: Message Component: Contains the actual data, filename, and creation timestamp. Signature Component contains: i)Timestamp: Time when the signature was created. ii)Message Digest: SHA-1 digest of the message, encrypted with the sender's private key iii)Leading Two Octets of Message Digest: Placed in the signature to verify correct decryption and serve as a frame check sequence. iv)Key ID of Sender's Public Key: Identifies the sender's public key used for decryption, and indirectly the sender's private key used for encryption. Session Key Component: Contains the session key encrypted with the recipient's public key.
FORMAT OF PGP MESSAGE
MESSAGE GENERATION Create the message content including data, filename, and timestamp. Optionally generate a session key for efficient encryption. Encrypt the message using: Symmetric encryption with the session key (if used), or Asymmetric encryption with the recipient's public key. Optionally create a digital signature: Compute a hash of the message. Encrypt the hash with your private key to create the digital signature. Format the message with encryption, optional signature, and metadata. Transmit or store the formatted PGP message securely.
PGP MESSAGE GENERATION
MESSAGE RECEPTION Receive the PGP message: Obtain the encrypted message, including optional session key and digital signature. Decrypt the session key (if used): Use your private key to decrypt the session key. Decrypt the message content: Use the session key (if used) or your private key to decrypt the message. Verify the digital signature (if included): Decrypt the signature using the sender's public key to obtain the message digest. Compute the hash of the decrypted message content. Compare the computed hash with the decrypted digest to ensure integrity and authenticity. Extract metadata: Retrieve any additional information, such as timestamps or filenames. Handle errors or warnings: Address any issues during decryption or verification. Securely store or use the decrypted message: Ensure the plaintext message content is securely stored or used as intended.
PGP MESSAGE RECEPTION
CHALLENGES AND LIMITATIONS OF PGP COMPLEXITY: STEEP LEARNING CURVE FOR NEW USERS. COMPATIBILITY: NOT ALL EMAIL CLIENTS SUPPORT PGP. KEY MANAGEMENT: DIFFICULTIES IN SECURELY SHARING AND STORING KEYS. PERFORMANCE: CAN SLOW DOWN EMAIL PROCESSING DUE TO ENCRYPTION/DECRYPTION.
Email Security Pretty Good Privacy (PGP),Services Provided by PGP.pdf

More Related Content

PDF
Web Security
byDr.Florence Dayana
 
PPT
PGP S/MIME
bySou Jana
 
PPT
Pretty good privacy
byPushkar Dutt
 
PPT
Email Security : PGP & SMIME
byRohit Soni
 
PDF
Electronic mail security
byDr.Florence Dayana
 
PPT
Authentication Protocols
byTrinity Dwarka
 
PPTX
Pgp pretty good privacy
byPawan Arya
 
PPTX
Information and network security 13 playfair cipher
byVaibhav Khanna
 
Web Security
byDr.Florence Dayana
 
PGP S/MIME
bySou Jana
 
Pretty good privacy
byPushkar Dutt
 
Email Security : PGP & SMIME
byRohit Soni
 
Electronic mail security
byDr.Florence Dayana
 
Authentication Protocols
byTrinity Dwarka
 
Pgp pretty good privacy
byPawan Arya
 
Information and network security 13 playfair cipher
byVaibhav Khanna
 

What's hot

PPTX
Block cipher modes of operation
byharshit chavda
 
PPT
block ciphers
byAsad Ali
 
PPTX
Public Key Cryptography
byGopal Sakarkar
 
PDF
2. public key cryptography and RSA
byDr.Florence Dayana
 
PDF
Elliptic curve cryptography
byCysinfo Cyber Security Community
 
PPT
Message Authentication Code & HMAC
byKrishna Gehlot
 
PPTX
Symmetric and asymmetric key cryptography
byMONIRUL ISLAM
 
PPTX
Diffie hellman key exchange algorithm
bySunita Kharayat
 
PDF
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
byJyothishmathi Institute of Technology and Science Karimnagar
 
PPTX
Public Key Cryptosystem
byDevakumar Kp
 
PPT
RC4&RC5
byMohamed El-Serngawy
 
PPT
DES (Data Encryption Standard) pressentation
bysarhadisoftengg
 
PPTX
Hash Function
bySiddharth Srivastava
 
PPTX
Elgamal digital signature
byMDKAWSARAHMEDSAGAR
 
PPTX
Secure Hash Algorithm
byVishakha Agarwal
 
PDF
CRYPTOGRAPHY AND NETWORK SECURITY
byKathirvel Ayyaswamy
 
PDF
IPSec (Internet Protocol Security) - PART 1
byShobhit Sharma
 
PPTX
Hash Function
byssuserdfb2da
 
PPT
Polyalphabetic Substitution Cipher
bySHUBHA CHATURVEDI
 
PPTX
Data Encryption Standard (DES)
byHaris Ahmed
 
Block cipher modes of operation
byharshit chavda
 
block ciphers
byAsad Ali
 
Public Key Cryptography
byGopal Sakarkar
 
2. public key cryptography and RSA
byDr.Florence Dayana
 
Elliptic curve cryptography
byCysinfo Cyber Security Community
 
Message Authentication Code & HMAC
byKrishna Gehlot
 
Symmetric and asymmetric key cryptography
byMONIRUL ISLAM
 
Diffie hellman key exchange algorithm
bySunita Kharayat
 
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
byJyothishmathi Institute of Technology and Science Karimnagar
 
Public Key Cryptosystem
byDevakumar Kp
 
RC4&RC5
byMohamed El-Serngawy
 
DES (Data Encryption Standard) pressentation
bysarhadisoftengg
 
Hash Function
bySiddharth Srivastava
 
Elgamal digital signature
byMDKAWSARAHMEDSAGAR
 
Secure Hash Algorithm
byVishakha Agarwal
 
CRYPTOGRAPHY AND NETWORK SECURITY
byKathirvel Ayyaswamy
 
IPSec (Internet Protocol Security) - PART 1
byShobhit Sharma
 
Hash Function
byssuserdfb2da
 
Polyalphabetic Substitution Cipher
bySHUBHA CHATURVEDI
 
Data Encryption Standard (DES)
byHaris Ahmed
 

Similar to Email Security Pretty Good Privacy (PGP),Services Provided by PGP.pdf

PPTX
Pretty good privacy
byPunnya Babu
 
PPT
Email security
byIndrajit Sreemany
 
PPTX
E mail security
bySoumya Vijoy
 
DOCX
Pgp
byAbhishek Kesharwani
 
PPTX
Pgp1
bySanjeevsharma620
 
DOCX
Pgp
byAbhishek Kesharwani
 
PPTX
Network security
bySVijaylakshmi
 
PPT
electronic mail security for authent.ppt
bynaghamallella
 
PPTX
Information and data security email security
byMazin Alwaaly
 
PPT
PGP (1). in information security and data
bygallanandhini
 
PPT
Pgp
byReham Maher El-Safarini
 
PPT
CRYPTOGRAPHY_ENGG_CSE_III_YEAR_PGP_CNS.ppt
bySakethBhargavaRallap
 
PPTX
E-mail Security S/MIME PrettyGoodPrivacy
byDr.Manjunath Kotari
 
DOCX
Unit 4
byVinod Kumar Gorrepati
 
PPT
computer netwok security Pretty Good Privacy PGP.ppt
byjayaprasanna10
 
PPT
PGP.ppt
byqwerrew1
 
PDF
Using PGP for securing the e-mail
bydavidepiccardi
 
PPTX
Email sec11
byAthira Asakumar
 
PDF
1682302951397_PGP.pdf
bygeorgejustymirobi1
 
PPT
chapter 15-Network and Security-By-MIT.ppt
byKamranHussainAwan
 
Pretty good privacy
byPunnya Babu
 
Email security
byIndrajit Sreemany
 
E mail security
bySoumya Vijoy
 
Pgp
byAbhishek Kesharwani
 
Pgp1
bySanjeevsharma620
 
Pgp
byAbhishek Kesharwani
 
Network security
bySVijaylakshmi
 
electronic mail security for authent.ppt
bynaghamallella
 
Information and data security email security
byMazin Alwaaly
 
PGP (1). in information security and data
bygallanandhini
 
Pgp
byReham Maher El-Safarini
 
CRYPTOGRAPHY_ENGG_CSE_III_YEAR_PGP_CNS.ppt
bySakethBhargavaRallap
 
E-mail Security S/MIME PrettyGoodPrivacy
byDr.Manjunath Kotari
 
Unit 4
byVinod Kumar Gorrepati
 
computer netwok security Pretty Good Privacy PGP.ppt
byjayaprasanna10
 
PGP.ppt
byqwerrew1
 
Using PGP for securing the e-mail
bydavidepiccardi
 
Email sec11
byAthira Asakumar
 
1682302951397_PGP.pdf
bygeorgejustymirobi1
 
chapter 15-Network and Security-By-MIT.ppt
byKamranHussainAwan
 

Recently uploaded

PDF
LogiNext Media Kit & Company Overview 2025
bysmritipatil055
 
PDF
Image and video processing: From Mars to Hollywood with a stop at the hospita...
byHarinath Palavalli
 
PDF
Manual Testing Still Matters: 7 Areas Where Humans Beat Automation
byKiwiQA Services
 
PDF
Attendance Dashboard – Time & Attendance Analytics
byHajir Pro
 
PDF
Why I Volunteer at FOSDEM and You Should Too
byImma Valls Bernaus
 
PDF
SLIDE PROPARTNER SUMMIT 2025 - ITALY.pdf
bygiuo
 
PDF
The Growing Impact of Blockchain and Web3 on Digital Ownership With Paul Inou...
byPaul Inouye
 
PDF
ChampionMATES – Compete With Friends. Predict Sports. Become the Champion.
byRafal Ksiazek
 
PDF
Physiotherapist App Development for Modern Rehabilitation
byV3CUBE TECHNOLABS
 
PDF
Introducing MySQL HeatWave Migration Assistant
byAlexander Hitrov
 
PDF
Figma systems development services
bydavidjohansen1597
 
PDF
Visualizing Your Data Lake with Grafana - Amsterdam
byImma Valls Bernaus
 
PDF
Build a Scalable On-Demand Courier Service App.pdf
byV3CUBE TECHNOLABS
 
PPTX
Best eCommerce Development Agency in USA | The Dataflux
byKey Medsolutions Inc
 
PPTX
Edison MuleSoft Meetup : Vibe Coding | MuleSoft Meetups
bySravan Lingam
 
PDF
Accelerating Data Validation with QuerySurge AI
byRTTS
 
PDF
Smart ways to se AI in your business , presentation
byAI n Dot Net
 
PDF
2026 Safety Roadmap: Systems, Skills, and Scale for EHS Leaders
byTECH EHS Solution
 
PPTX
Applicius Technologies: Full Service Overview for Branding, SEO, Web & App De...
byappliciustech
 
PDF
Artificial Intelligence Planning (Harinath Palavalli)
byHarinath Palavalli
 
LogiNext Media Kit & Company Overview 2025
bysmritipatil055
 
Image and video processing: From Mars to Hollywood with a stop at the hospita...
byHarinath Palavalli
 
Manual Testing Still Matters: 7 Areas Where Humans Beat Automation
byKiwiQA Services
 
Attendance Dashboard – Time & Attendance Analytics
byHajir Pro
 
Why I Volunteer at FOSDEM and You Should Too
byImma Valls Bernaus
 
SLIDE PROPARTNER SUMMIT 2025 - ITALY.pdf
bygiuo
 
The Growing Impact of Blockchain and Web3 on Digital Ownership With Paul Inou...
byPaul Inouye
 
ChampionMATES – Compete With Friends. Predict Sports. Become the Champion.
byRafal Ksiazek
 
Physiotherapist App Development for Modern Rehabilitation
byV3CUBE TECHNOLABS
 
Introducing MySQL HeatWave Migration Assistant
byAlexander Hitrov
 
Figma systems development services
bydavidjohansen1597
 
Visualizing Your Data Lake with Grafana - Amsterdam
byImma Valls Bernaus
 
Build a Scalable On-Demand Courier Service App.pdf
byV3CUBE TECHNOLABS
 
Best eCommerce Development Agency in USA | The Dataflux
byKey Medsolutions Inc
 
Edison MuleSoft Meetup : Vibe Coding | MuleSoft Meetups
bySravan Lingam
 
Accelerating Data Validation with QuerySurge AI
byRTTS
 
Smart ways to se AI in your business , presentation
byAI n Dot Net
 
2026 Safety Roadmap: Systems, Skills, and Scale for EHS Leaders
byTECH EHS Solution
 
Applicius Technologies: Full Service Overview for Branding, SEO, Web & App De...
byappliciustech
 
Artificial Intelligence Planning (Harinath Palavalli)
byHarinath Palavalli
 

Email Security Pretty Good Privacy (PGP),Services Provided by PGP.pdf

  • 1.
    Email Security: PrettyGood Privacy (PGP),Services Provided by PGP PRESENTED BY: -PRATIK RAYAMAJHI -RUPAK LAMICHANNE -MADHAV ARYAL
  • 2.
    Email, short forelectronic mail, is a digital method for exchanging messages. It enables communication between people over the internet or other computer networks. Emails allow the sending and receiving of text-based messages. Attachments such as documents, images, or videos can be included in emails. It facilitates communication between individuals or organizations. INTRODUCTION EMAIL:
  • 3.
    EMAIL SECURITY: Email securityrefers to the steps taken to protect email messages and their content from unauthorized access and damage. It ensures the confidentiality, integrity, and availability of email messages. Email security also safeguards against phishing attacks, spam, viruses, and other forms of malware. Achieving email security involves a combination of technical and non-technical measures.
  • 4.
    BASIC EMAIL SECURITYMEASURES: Strong Passwords: Use complex passwords, change regularly. Two-Factor Authentication (2FA): Adds an extra layer of security. Encryption: Basic concept of converting data into code. Regular Updates: Importance of keeping email software updated.
  • 5.
    ADVANCED EMAIL SECURITYPRACTICES: End-to-End Encryption: Ensures only sender and recipient can read the message. Email Filters: Setting up filters to block spam and malicious emails. Digital Signatures: Ensures the authenticity of the sender. Secure Email Gateways: Acts as a shield between the internal email system and the internet.
  • 6.
  • 7.
    PRETTYGOODPRIVACY(PGP) Pretty Good Privacy(PGP) is an encryption software program designed to ensure the confidentiality, integrity, and authenticity of virtual communications and information. It was developed by Phil Zimmermann in 1991. PGP has become a cornerstone of modern cryptography. It is widely regarded as one of the best methods for securing digital data.
  • 8.
    Why Is PGPPopular? Why Is PGP Popular? •It is availiable free on a variety of platforms. •Based on well known algorithms. •Wide range of applicability •Not developed or controlled by governmental or standards organizations
  • 9.
    Consist of fiveservices: –Authentication –Confidentiality –Compression –E-mail compatibility –Segmentation Operational Description Operational Description
  • 10.
    Authentication Authentication Authentication refers tothe process of validating something as true or real. For example, logging into a site using an account name and password is an authentication verification procedure. In the context of email, authentication involves verifying the authenticity of an email to ensure it actually came from the claimed sender. Email authentication is important to prevent spoofing and spam, which can cause significant inconvenience.
  • 11.
    The Authentication servicein PGP is provided as follows: The Authentication service in PGP is provided as follows:
  • 12.
    The Hash Function(H) calculates the Hash Value of a message. For hashing, SHA-1 is used, producing a 160-bit output hash value. The hash value is encrypted using the sender’s private key (KPa) to create a Digital Signature. The message is appended to the signature. The message is then compressed to reduce transmission overhead and sent to the receiver. At the receiver’s end: The data is decompressed to obtain the message and signature. The signature is decrypted using the sender’s public key (PUa) to retrieve the hash value. The message is passed through the hash function again to calculate and obtain its hash value. Working Process: Working Process:
  • 13.
    Packages labeled as'Confidential' are meant only for selected individuals and not for everyone. Similarly, email confidentiality ensures that only the sender and receiver can read the message. The contents of the email must be kept secret from everyone else except for the sender and receiver. Confidentiality Confidentiality
  • 14.
    PGP provides thatConfidentiality service in the following manner: Working Process: Working Process: The session key (Ks) is encrypted using the receiver's public key (KUb) through public key encryption (EP). The encrypted session key and the encrypted message are concatenated and sent to the receiver. The original message is compressed and encrypted, making it unreadable to anyone without the session key. The session key, though transmitted, is in encrypted form and can only be decrypted using the receiver's private key (KPb). CAST-128, IDEA, or 3DES is used for symmetric key encryption.
  • 15.
    At the receiver'send: The encrypted session key is decrypted using KPb. The message is decrypted using the obtained session key. The message is decompressed to retrieve the original message (M). RSA algorithm is used for public-key encryption. CAST-128, IDEA, or 3DES is used for symmetric key encryption. Practically, both the Authentication and Confidentiality services are provided in parallel as follows :
  • 16.
    Compression Compression Compression converts amessage from n bits to m bits (where n > m) using a compression algorithm. Compression helps email service providers by reducing storage overhead, processing time, and maintenance labor. In PGP, the ZIP algorithm is used for compression. Compression is included in the combined Authentication & Confidentiality of PGP.
  • 17.
    Some email systemsonly allow the use of blocks that include ASCII text. When PGP is used, the minimum part of the block that needs to be transmitted is encrypted. The scheme used is radix-64 conversion (see appendix 5B). The use of radix-64 expands the message by 33%. Email Compatibility Email Compatibility
  • 18.
  • 19.
    Segmentation Segmentation Email facilities oftenimpose a maximum message length limit. For example, some internet facilities set a maximum length of 50,000 octets (bytes). Messages exceeding this limit must be divided into smaller segments, each sent independently. Often restricted to a maximum message length of 50,000 octets. PGP automatically subdivides a message that is to large.
  • 20.
  • 21.
    SESSION KEYS PGP (PrettyGood Privacy) uses session keys for efficient encryption and decryption of messages. Session keys are symmetric keys generated specifically for each session or communication instance. They are typically randomly generated and are used for a short duration. Session keys are used to encrypt the actual message content in PGP. After the message is encrypted using the session key, the session key itself is encrypted using the recipient's public key. This ensures that only the intended recipient can decrypt the session key and subsequently decrypt the message.
  • 22.
    PUBLIC KEY Used forencryption and verifying digital signatures. Typically shared openly or with anyone who needs to send encrypted messages or verify signatures. Derived from the private key through a mathematical process and is mathematically related but computationally infeasible to derive the private key from it. Ensures confidentiality and authenticity of communications.
  • 23.
    PRIVATE KEY Used fordecryption of messages and generating digital signatures. Must be kept confidential and known only to the owner. Used to prove ownership of the public key and to decrypt messages encrypted with the corresponding public key. Both keys are mathematically related, and anything encrypted with the public key can only be decrypted with the corresponding private key.
  • 24.
    PGP MESSAGE FORMAT Atypical PGP message consists of the following main parts: Message Component: Contains the actual data, filename, and creation timestamp. Signature Component contains: i)Timestamp: Time when the signature was created. ii)Message Digest: SHA-1 digest of the message, encrypted with the sender's private key iii)Leading Two Octets of Message Digest: Placed in the signature to verify correct decryption and serve as a frame check sequence. iv)Key ID of Sender's Public Key: Identifies the sender's public key used for decryption, and indirectly the sender's private key used for encryption. Session Key Component: Contains the session key encrypted with the recipient's public key.
  • 25.
  • 26.
    MESSAGE GENERATION Create themessage content including data, filename, and timestamp. Optionally generate a session key for efficient encryption. Encrypt the message using: Symmetric encryption with the session key (if used), or Asymmetric encryption with the recipient's public key. Optionally create a digital signature: Compute a hash of the message. Encrypt the hash with your private key to create the digital signature. Format the message with encryption, optional signature, and metadata. Transmit or store the formatted PGP message securely.
  • 27.
  • 28.
    MESSAGE RECEPTION Receive thePGP message: Obtain the encrypted message, including optional session key and digital signature. Decrypt the session key (if used): Use your private key to decrypt the session key. Decrypt the message content: Use the session key (if used) or your private key to decrypt the message. Verify the digital signature (if included): Decrypt the signature using the sender's public key to obtain the message digest. Compute the hash of the decrypted message content. Compare the computed hash with the decrypted digest to ensure integrity and authenticity. Extract metadata: Retrieve any additional information, such as timestamps or filenames. Handle errors or warnings: Address any issues during decryption or verification. Securely store or use the decrypted message: Ensure the plaintext message content is securely stored or used as intended.
  • 29.
  • 30.
    CHALLENGES AND LIMITATIONSOF PGP COMPLEXITY: STEEP LEARNING CURVE FOR NEW USERS. COMPATIBILITY: NOT ALL EMAIL CLIENTS SUPPORT PGP. KEY MANAGEMENT: DIFFICULTIES IN SECURELY SHARING AND STORING KEYS. PERFORMANCE: CAN SLOW DOWN EMAIL PROCESSING DUE TO ENCRYPTION/DECRYPTION.