SlideShare a Scribd company logo

E-mail Security Protocol - 2 Pretty Good Privacy (PGP)

Vishal Kumar
Vishal Kumar

Pretty Good privacy. we will discuss in this document about the E-mail security protocol number 2 which is PGP, you will learn about the working of PGP, PGP Algorithms, PGP Key Rings, PGP Certificates and about the Web Trust in PGP.

Internet
1 of 12
Download to read offline
1 WWW.Prohackers.in “E-mail Security Protocol-2 Pretty Good Privacy (PGP)” By: -Vishal Kumar (CEH, CHFI, CISE, MCP) info@prohackers.in
2 WWW.Prohackers.in Table of Content 1. Introduction to PGP 2. The Working of PGP a) Step 1: Digital Signature b) Step 2: Compression c) Step 3: Encryption d) Step 4: Digital Enveloping e) Step 1: Base-64 Encoding 3. PGP Algorithms 4. Key Rings 5. PGP Certificates a) Introducer Trust b) Certificate Trust c) Key Legitimacy 6. Web of Trust
3 WWW.Prohackers.in 1. Digital Signature 2. Compression 3. Encryption 5. Base-64 Encoding Fig: PGP operation 4. Enveloping Introduction Phil Zimmerman is the father of the Pretty Good Privacy (PGP) protocol. The most significant aspects of PGP are that it supports the basic requirements of cryptography, is quite simple to use, and is completely free. Including its source code and documentation. Moreover, for those organizations that require support, a low-cost commercial version of PGP is available from an organization called Viacrypt (now Network Associates). PGP has become extremely popular and is far more widely used, as compare to PEM. The E-mail cryptographic support offered by PGP is shown below: 1 The Working of PGP In PGP, the sender of the message needs to include the identifiers of the algorithm used in the message, along with the value of the keys. The broad-level steps of PGP are illustrated in the fig. as shown, PGP starts with a digital signature, which is followed by compression, then by encryption, then by digital enveloping and finally, by Base-64 encoding. PGP allows for three security options when sending an email message. These options are.  Signature (steps 1 and 2) Pretty Good Privacy (PGP) Encryption Non-repudiation Message Integrity Fig: - Security Features offered by PGP
4 WWW.Prohackers.in  Signature and Base-64 encoding (Steps 1, 2 and 3)  Signature, Encryption, Enveloping, and Base064 encoding (Steps 1 to 5) Let us discuss these five steps in PGP, Step 1: Digital Signature We had earlier discussed about the digital signature in the Step 1 of Privacy Enhance Mail protocol. Step 2: Compression This is additional step in PGP. Here, the input message as well as the digital signature are compressed together to reduce the size of final message that will be transmitted. For this, the famous ZIP program is used. ZIP is based on Lempel-Ziv-algorithm. The Lempel-Ziv-algorithm looks for repeated strings or words, and stores them in a variable. It then replaces the actual occurrence of the repeated word or string with a pointer to the crossponding variable. Since a pointer requires only a few bits of memory as compare to original string, this this method reduces in the data being compressed. For instance, consider the following string: What is your name? My name is vishal Using the Lempel-Ziv-algorithm, we would create two variables, say A and B and replace the word is and name by pointer to A and B, respectively. This is shown in below image. What is your name? My name is vishal 1. A = is 2. B = name What 1 your 2? My 2 1 Vishal Original String Variable creation and assignment Compressed String Fig: - Lempel-Ziv-Algorithm, as used by the ZIP program
5 WWW.Prohackers.in As we can see, the resulting string What 1 your 2? My 2 1 vishal, is smaller then compare to original string what is your name? My name is vishal. Step 3: Encryption In this step the compressed output of stem 2 (the compression from of the original email and digital signature together) are encrypted with a symmetric key. For this, generally the IDEA algorithm in CFB mode is used. We have already discussed this process in PEM (Privacy Enhance Mail) protocol. Step 4: Digital Enveloping In this case symmetric key used for encryption in step 3 is now encrypted with receiver public key. The output of stem 3 and step 4 together forms a digital envelope. This is shown in below figure: Step 5: Base-64 encoding The output of step 4 is Base-64 encoded; we have already discussed the process of this encoding in PEM (Privacy Enhance Mail) protocol. Output of Step 3 Sender Symmetric key encrypted with the receiver’s public key Digital Envelope Fig: - Formation of Digital Envelope
6 WWW.Prohackers.in 2.2 PGP Algorithms PGP supports a number of algorithms. The most common of them are listed below: Algorithm type Description Asymmetric Key RSA (Encryption and signing, Encryption only, Signing only) DSS (Signing only) Message Digest MD5, SHA-1, RIPE-MD Encryption IDEA, DES-3, AES 2.3 Key Rings When a sender wants to send an email message to a single recipient, there is no too much of problem. Complexities are introduced when a message has to be sent to multiple recipients. If Alice needs to correspond with 10 people, Alice needs the public key of all the 10 people. Hence, Alice is said to need a key ring of 10 public key. PGP specific a ring of public-private keys. This is because Alice may want to change her public-private key pair, or may want to use a different key pair for different groups or users. In other words, every PGP user need to have two sets of key rings: (a) A ring of her own public- private key pair, (b) A ring of public key of other users. The concept of key rings is shown in the below figure. Note that in one of the key rings, Alice maintain a set of key pair; while in other she just maintain the public keys of other users. Obliviously, she cannot have the private key of other users. Table: - PGP Algorithms Alice’s key ring, where she holds her own public-private key pairs Alice’s key ring, where she holds only the public key of PGP users in the system Fig: Key rings maintain by a user in PGP
7 WWW.Prohackers.in 2.4 PGP Certificates In order to trust the public key of a user, we need to have that user’s digital certificate. PGP can use certificate issued by a CA, or can use its own certificate system. The originally, certificate issued by the root CA to the second-level CAs. The second level CA can issue certificate to third-level CA and so on this can continue up-to the require number of levels. At the lowest level, the last CA issues certificate to end user. In PGP, there is no CA, anyone can sign a certificate to anyone else in the ring. Vishal can sign the certificate to Deepak, Juhi, Harish and so on. There is no hierarchy of trust. This creates a situation where a user can have certificates issued by different users. For example; Juhi may have a certificate signed by Vishal and another one by Anita, this is shown in the below figure. Hence, if Harish wants to verify Juhi’s certificate, he has two paths: Juhi to Vishal and Juhi to Anita. Harish may fully trust Vishal, but not Anita, hence there can be a multiple path in the line of trust from a fully or partially trusted authority to a certificate. The equivalent of CA (a user who issue certificate) in PGP is called introducer. Vishal Anita Digital Certificate User: Juhi Issued by: Vishal Digital Certificate User: Juhi Issued by: Anita Juhi Fig: Anyone can issue certificate to anyone else
8 WWW.Prohackers.in The whole concept can be understood better with the help of three ideas:  Introducer trust  Certificate trust  Key legitimacy Let us discuss these three concepts now: (a) Introducer trust We know that there is no hierarchical CA structure in PGP. Hence it is natural that the ring of trust in PGP cannot be very large, if every user has to trust every other user in the system. Think about this, in real life, we do not fully trust everyone. To resolve this issue PGP provides for multiple level of trust. The number of level depends on the decision of implementing PGP. However, for simplicity, let us say that we have decided to implement three level of trust to an introducer. These three levels are none, partial, and complete. The introducer trust then specifies what level of trust the introducer wants to allocate to other user in the system. For example, Vishal may now say that he fully trust Juhi, where Anita says she only partial trust Juhi. Juhi says that she does not trust Harish, Harish suggest that he partially trust Anita in turn, and so on. This scenario is shown in the below figure. Vishal Anita Digital Certificate User: Juhi Trust: Full Digital Certificate User: Juhi Trust: Partial Juhi Fig: Introducer Trust Digital Certificate User: Anita Trust: Partial Digital Certificate User: Harish Trust: None Harish
9 WWW.Prohackers.in (b) Certificate trust When a user A receives a certificate of another user B issued by this ruder C, depending on the level of trust that A has in C, A assign a certificate trust level to that certificate while storing it. It is normally the same as the introducer trust level that issued the certificate this is shown in the below figure. Background Information: Vishal and Anita have issued certificate to Juhi, Juhi send these certificates to Harish, so that Harish can extract Juhi’s public key out of any of those certificates and use it in communication with Juhi. However, Harish does not trust Vishal at all, but trust Anita fully. Fig: certificate Trust Result: when Juhi sends the two certificates (issued by Vishal and Anita) to Harish, Harish adds them to his database of certificate. It is actually the ring of public key of other users. Apart from adding them there, Harish record the fact that it does not want to trust Juhi’s certificate issued by Vishal (because he does not trust Vishal), but want to trust Juhi’s certificate issued by Anita (because he trust Anita)
10 WWW.Prohackers.in This concept is explained in the diagram. Let us take another example to ensure that there is no confusion. Imagine that there is a set of users in the system. Assume that Mahesh fully trust Naren, partially trust Ravi and Anmol, and has no trust in Amit. i. Naren issue two certificates: one to Amrita (with public key K1) and another to Pallavi (with public key K2). Mahesh stores the public key and certificates or Amrita and Pallavi in his key ring of public keys with certificate trust level equal to fully. ii. Ravi issues a certificate to Uday (with public key K3). Mahesh stores the public key and certificate of Uday in his ring of public key with certificate trust level equal to partial. iii. Anmol Issue Two Certificates: one to Uday (with public key K3), and another to Parag (with public Key K4). Mahesh stores the public keys and certificates of Uday and Parag in his ring of public key with certificate trust level equal to partial. Note that Mahesh has now two certificates for Uday, one issued by Ravi, and the other issued by Anmol, both with partial level of certificate trust. iv. Amit issue a certificate to Parag (with public key K4). Mahesh stores the public key and certificate of Parag in his ring or public keys with certificate trust level equal to none. Mahesh can also discard this certificate. (c) Key legitimacy The objective behind the introducer trust and certificate trust is to decide whether to trust the public key of a user. In PGP terms, this is called Key Legitimacy. Mahesh needs to know how legitimate are the public keys of Amrita, Pallavi, Uday, and Parag and so on. PGP define the following the simple rule to decide the key legitimacy: the level of key legitimacy for a user is the weighted trust level for that user. For example, suppose we have assigned certain weights to certificate trust level, as shown in the below figure: Weight Meaning 0 No trust ½ Partial trust 1 Complete or Full trust
11 WWW.Prohackers.in In this situation in order to trust a public key (i.e. certificate) of any other user, Mahesh needs one fully trusted certificate or two partial trusted certificates. Thus Mahesh can fully trust Amrita and Pallavi based on the certificates they had received from Naren. Mahesh can also trust Uday, based on tow partial trusted certificates that Uday had received from Ravi and Anmol. 2.5 Web Trust The earlier discussion leads to a potential problem. What happens if nobody creates certificate for fully or partially trusted entity? In our example, on what basis would we trust Naren’s public key, if no one has created a certificate for Naren? To resolve this problem, several schemes are possible in PGP, as outlined below. (a) Mahesh can physically obtain the public key of Naren by meeting in person and getting the key on a piece of paper or as a disk file. (b) This can be done telephonic as well. (c) Naren can email his public key to Mahesh. Both Naren and Mahesh compute the message digest of this key. If MD5 is used, the result is a 16-byte digest. If SHA-1 is used, the result is 20-byte digest. In hexadecimal, the digest become a 32-digit value in MD5, and a 40-digit value in SHA-1. This is displayed as 8 groups of 4-digit value in MD5, and 10 groups of 4-digit values in SHA-1, and is called fingerprint. Before Mahesh adds this public key of Naren to his ring, he can call up Naren to tell him what fingerprint value he has obtained to cross-check with the fingerprint value that is separately obtained by Naren. This ensures that the public key value is not changed in the email transit. To make matters better, PGP assign a unique English word to a 4-digit hexadecimal number group, so that instead of speaking out the hexadecimal string of numbers, users can speak out normal English words as define by PGP. For example PGP may assign a word India to a hexadecimal pattern of 4AOB, etc. (d) Mahesh can obtain Naren’s public key from CA. Regardless of the mechanism, eventually this process of obtaining key of other users and sending our own to others creates which is called web of trust between groups of people.
12 WWW.Prohackers.in This keeps the public key ring getting bigger and bigger, and helps secure the email communication Whenever a user needs to revoke his/her public key (because of loss of private key, etc) he/she needs to send a key revocation certificate to the other users. This certificate is self-signed by the user with his/her private key. Thanks for reading this presentation Please give us your feedback at info@prohackers.in Your feedback is most valuable for us for improving the presentation You can also suggest the topic on which you want the presentation Website: www.prohackers.in FB page: www.facebook.com/theprohackers2017 Join FB Group: www.facebook.com/groups/group.prohackers/ Watch us on: www.youtube.com//channel/UCcyYSi1sh1SmyMlGfB-Vq6A ***Thanks***

Recommended

Electronic mail security
Electronic mail securityElectronic mail security
Electronic mail security
Dr.Florence Dayana
 
Email Security Presentation
Email Security PresentationEmail Security Presentation
Email Security PresentationYosef Gamble
 
Pgp
PgpPgp
Pgp
Reham Maher El-Safarini
 
Email security
Email securityEmail security
Email security
Indrajit Sreemany
 
Celebrity Cricket League 2016 - http://ccl5.com/
Celebrity Cricket League 2016 - http://ccl5.com/ Celebrity Cricket League 2016 - http://ccl5.com/
Celebrity Cricket League 2016 - http://ccl5.com/
Tania Agni
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacy
Pushkar Dutt
 
Lecture 8 mail security
Lecture 8 mail securityLecture 8 mail security
Lecture 8 mail security
rajakhurram
 
Network security cs8
Network security cs8Network security cs8
Network security cs8
Infinity Tech Solutions
 

Recommended

Electronic mail security
Electronic mail securityElectronic mail security
Electronic mail security
Dr.Florence Dayana
 
Email Security Presentation
Email Security PresentationEmail Security Presentation
Email Security PresentationYosef Gamble
 
Pgp
PgpPgp
Pgp
Reham Maher El-Safarini
 
Email security
Email securityEmail security
Email security
Indrajit Sreemany
 
Celebrity Cricket League 2016 - http://ccl5.com/
Celebrity Cricket League 2016 - http://ccl5.com/ Celebrity Cricket League 2016 - http://ccl5.com/
Celebrity Cricket League 2016 - http://ccl5.com/
Tania Agni
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacy
Pushkar Dutt
 
Lecture 8 mail security
Lecture 8 mail securityLecture 8 mail security
Lecture 8 mail security
rajakhurram
 
Network security cs8
Network security cs8Network security cs8
Network security cs8
Infinity Tech Solutions
 
Using PGP for securing the email
Using PGP for securing the emailUsing PGP for securing the email
Using PGP for securing the email
Gianni Fiore
 
The Fundamental of Secure Socket Layer (SSL)
The Fundamental of Secure Socket Layer (SSL)The Fundamental of Secure Socket Layer (SSL)
The Fundamental of Secure Socket Layer (SSL)
Vishal Kumar
 
E-mail Security in Network Security NS5
E-mail Security in Network Security NS5E-mail Security in Network Security NS5
E-mail Security in Network Security NS5koolkampus
 
S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)
Prafull Johri
 
Email Security
Email SecurityEmail Security
Email Security
selvakumar_b1985
 
E mail security
E mail securityE mail security
E mail securitySoumya Vijoy
 
Pgp
PgpPgp
PgpAbhishek Kesharwani
 
Ch15
Ch15Ch15
Ch15Joe Christensen
 
Email Security : PGP & SMIME
Email Security : PGP & SMIMEEmail Security : PGP & SMIME
Email Security : PGP & SMIME
Rohit Soni
 
Network Security Primer
Network Security PrimerNetwork Security Primer
Network Security Primer
Venkatesh Iyer
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacy
Punnya Babu
 
E mail security using Certified Electronic Mail (CEM)
E mail security using Certified Electronic Mail (CEM)E mail security using Certified Electronic Mail (CEM)
E mail security using Certified Electronic Mail (CEM)
Pankaj Bhambhani
 
Pgp
PgpPgp
Pgp
precy02
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacy
Pawan Arya
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distribution
Riya Choudhary
 
Network security unit 4,5,6
Network security unit 4,5,6 Network security unit 4,5,6
Network security unit 4,5,6
WE-IT TUTORIALS
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) Protocol
Mohammed Adam
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)
Arun Shukla
 
Security
SecuritySecurity
Securitymajstors
 
Information and data security email security
Information and data security email securityInformation and data security email security
Information and data security email security
Mazin Alwaaly
 
Public private key
Public private keyPublic private key
Public private keyStudsPlanet.com
 
Cgi whpr 35_pki_e
Cgi whpr 35_pki_eCgi whpr 35_pki_e
Cgi whpr 35_pki_e
madunix
 

More Related Content

What's hot

Using PGP for securing the email
Using PGP for securing the emailUsing PGP for securing the email
Using PGP for securing the email
Gianni Fiore
 
The Fundamental of Secure Socket Layer (SSL)
The Fundamental of Secure Socket Layer (SSL)The Fundamental of Secure Socket Layer (SSL)
The Fundamental of Secure Socket Layer (SSL)
Vishal Kumar
 
E-mail Security in Network Security NS5
E-mail Security in Network Security NS5E-mail Security in Network Security NS5
E-mail Security in Network Security NS5koolkampus
 
S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)
Prafull Johri
 
Email Security
Email SecurityEmail Security
Email Security
selvakumar_b1985
 
Email Security : PGP & SMIME
Email Security : PGP & SMIMEEmail Security : PGP & SMIME
Email Security : PGP & SMIME
Rohit Soni
 
Network Security Primer
Network Security PrimerNetwork Security Primer
Network Security Primer
Venkatesh Iyer
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacy
Punnya Babu
 
E mail security using Certified Electronic Mail (CEM)
E mail security using Certified Electronic Mail (CEM)E mail security using Certified Electronic Mail (CEM)
E mail security using Certified Electronic Mail (CEM)
Pankaj Bhambhani
 
Pgp
PgpPgp
Pgp
precy02
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacy
Pawan Arya
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distribution
Riya Choudhary
 
Network security unit 4,5,6
Network security unit 4,5,6 Network security unit 4,5,6
Network security unit 4,5,6
WE-IT TUTORIALS
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) Protocol
Mohammed Adam
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)
Arun Shukla
 
Information and data security email security
Information and data security email securityInformation and data security email security
Information and data security email security
Mazin Alwaaly
 

What's hot (20)

Using PGP for securing the email
Using PGP for securing the emailUsing PGP for securing the email
Using PGP for securing the email
 
The Fundamental of Secure Socket Layer (SSL)
The Fundamental of Secure Socket Layer (SSL)The Fundamental of Secure Socket Layer (SSL)
The Fundamental of Secure Socket Layer (SSL)
 
E-mail Security in Network Security NS5
E-mail Security in Network Security NS5E-mail Security in Network Security NS5
E-mail Security in Network Security NS5
 
S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)
 
Email Security
Email SecurityEmail Security
Email Security
 
E mail security
E mail securityE mail security
E mail security
 
Pgp
PgpPgp
Pgp
 
Ch15
Ch15Ch15
Ch15
 
Email Security : PGP & SMIME
Email Security : PGP & SMIMEEmail Security : PGP & SMIME
Email Security : PGP & SMIME
 
Network Security Primer
Network Security PrimerNetwork Security Primer
Network Security Primer
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacy
 
E mail security using Certified Electronic Mail (CEM)
E mail security using Certified Electronic Mail (CEM)E mail security using Certified Electronic Mail (CEM)
E mail security using Certified Electronic Mail (CEM)
 
Pgp
PgpPgp
Pgp
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacy
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distribution
 
Network security unit 4,5,6
Network security unit 4,5,6 Network security unit 4,5,6
Network security unit 4,5,6
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) Protocol
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)
 
Security
SecuritySecurity
Security
 
Information and data security email security
Information and data security email securityInformation and data security email security
Information and data security email security
 

Similar to E-mail Security Protocol - 2 Pretty Good Privacy (PGP)

Cgi whpr 35_pki_e
Cgi whpr 35_pki_eCgi whpr 35_pki_e
Cgi whpr 35_pki_e
madunix
 
PBU-Intro_to_PGP
PBU-Intro_to_PGPPBU-Intro_to_PGP
PBU-Intro_to_PGP
auremoser
 
CryptoGraphy Module in Mulesoft
CryptoGraphy Module in MulesoftCryptoGraphy Module in Mulesoft
CryptoGraphy Module in Mulesoft
shyamraj55
 
Digital Certified Mail
Digital Certified MailDigital Certified Mail
Digital Certified Mail
Matthew Chang
 
P01813101103
P01813101103P01813101103
P01813101103
IOSR Journals
 
What is digital signature or DSC
What is digital signature or DSCWhat is digital signature or DSC
What is digital signature or DSC
Adv Prashant Mali
 
Generation of Anonymous Signature and Message using Identity Based Group Blin...
Generation of Anonymous Signature and Message using Identity Based Group Blin...Generation of Anonymous Signature and Message using Identity Based Group Blin...
Generation of Anonymous Signature and Message using Identity Based Group Blin...
IDES Editor
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)
IJERD Editor
 
Cryptograpy Exam
Cryptograpy ExamCryptograpy Exam
Cryptograpy Exam
Lisa Olive
 
Principles of public key cryptography and its Uses
Principles of public key cryptography and its UsesPrinciples of public key cryptography and its Uses
Principles of public key cryptography and its Uses
Mohsin Ali
 
Secure 3 kany-vanda
Secure 3 kany-vandaSecure 3 kany-vanda
Secure 3 kany-vanda
Vanda KANY
 
Symmetric-Key Based Privacy-Preserving Scheme For Mining Support Counts
Symmetric-Key Based Privacy-Preserving Scheme For Mining Support CountsSymmetric-Key Based Privacy-Preserving Scheme For Mining Support Counts
Symmetric-Key Based Privacy-Preserving Scheme For Mining Support Counts
acijjournal
 
3 public key cryptography
3 public key cryptography3 public key cryptography
3 public key cryptography
Rutvik Mehta
 
Secure Mail Application's by Ashok Panwar
Secure Mail Application's by Ashok PanwarSecure Mail Application's by Ashok Panwar
Secure Mail Application's by Ashok Panwar
Ashok Panwar
 
SYMMETRIC-KEY BASED PRIVACYPRESERVING SCHEME FOR MINING SUPPORT COUNTS
SYMMETRIC-KEY BASED PRIVACYPRESERVING SCHEME FOR MINING SUPPORT COUNTSSYMMETRIC-KEY BASED PRIVACYPRESERVING SCHEME FOR MINING SUPPORT COUNTS
SYMMETRIC-KEY BASED PRIVACYPRESERVING SCHEME FOR MINING SUPPORT COUNTS
acijjournal
 
Jerad Bates - Public Key Infrastructure.ppt
Jerad Bates - Public Key Infrastructure.pptJerad Bates - Public Key Infrastructure.ppt
Jerad Bates - Public Key Infrastructure.ppt
SmeetaJavalagi
 
Jerad Bates - Public Key Infrastructure (1).ppt
Jerad Bates - Public Key Infrastructure (1).pptJerad Bates - Public Key Infrastructure (1).ppt
Jerad Bates - Public Key Infrastructure (1).ppt
MehediHasanShaon1
 

Similar to E-mail Security Protocol - 2 Pretty Good Privacy (PGP) (20)

Public private key
Public private keyPublic private key
Public private key
 
Cgi whpr 35_pki_e
Cgi whpr 35_pki_eCgi whpr 35_pki_e
Cgi whpr 35_pki_e
 
PBU-Intro_to_PGP
PBU-Intro_to_PGPPBU-Intro_to_PGP
PBU-Intro_to_PGP
 
CryptoGraphy Module in Mulesoft
CryptoGraphy Module in MulesoftCryptoGraphy Module in Mulesoft
CryptoGraphy Module in Mulesoft
 
Digital Certified Mail
Digital Certified MailDigital Certified Mail
Digital Certified Mail
 
P01813101103
P01813101103P01813101103
P01813101103
 
What is digital signature or DSC
What is digital signature or DSCWhat is digital signature or DSC
What is digital signature or DSC
 
Generation of Anonymous Signature and Message using Identity Based Group Blin...
Generation of Anonymous Signature and Message using Identity Based Group Blin...Generation of Anonymous Signature and Message using Identity Based Group Blin...
Generation of Anonymous Signature and Message using Identity Based Group Blin...
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)
 
Cryptograpy Exam
Cryptograpy ExamCryptograpy Exam
Cryptograpy Exam
 
PGP.ppt
PGP.pptPGP.ppt
PGP.ppt
 
Principles of public key cryptography and its Uses
Principles of public key cryptography and its UsesPrinciples of public key cryptography and its Uses
Principles of public key cryptography and its Uses
 
Secure 3 kany-vanda
Secure 3 kany-vandaSecure 3 kany-vanda
Secure 3 kany-vanda
 
Symmetric-Key Based Privacy-Preserving Scheme For Mining Support Counts
Symmetric-Key Based Privacy-Preserving Scheme For Mining Support CountsSymmetric-Key Based Privacy-Preserving Scheme For Mining Support Counts
Symmetric-Key Based Privacy-Preserving Scheme For Mining Support Counts
 
Digital signature
Digital signatureDigital signature
Digital signature
 
3 public key cryptography
3 public key cryptography3 public key cryptography
3 public key cryptography
 
Secure Mail Application's by Ashok Panwar
Secure Mail Application's by Ashok PanwarSecure Mail Application's by Ashok Panwar
Secure Mail Application's by Ashok Panwar
 
SYMMETRIC-KEY BASED PRIVACYPRESERVING SCHEME FOR MINING SUPPORT COUNTS
SYMMETRIC-KEY BASED PRIVACYPRESERVING SCHEME FOR MINING SUPPORT COUNTSSYMMETRIC-KEY BASED PRIVACYPRESERVING SCHEME FOR MINING SUPPORT COUNTS
SYMMETRIC-KEY BASED PRIVACYPRESERVING SCHEME FOR MINING SUPPORT COUNTS
 
Jerad Bates - Public Key Infrastructure.ppt
Jerad Bates - Public Key Infrastructure.pptJerad Bates - Public Key Infrastructure.ppt
Jerad Bates - Public Key Infrastructure.ppt
 
Jerad Bates - Public Key Infrastructure (1).ppt
Jerad Bates - Public Key Infrastructure (1).pptJerad Bates - Public Key Infrastructure (1).ppt
Jerad Bates - Public Key Infrastructure (1).ppt
 

More from Vishal Kumar

Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement Matrice
Vishal Kumar
 
The Complete Questionnaires About Firewall
The Complete Questionnaires About FirewallThe Complete Questionnaires About Firewall
The Complete Questionnaires About Firewall
Vishal Kumar
 
E-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) Protocol
E-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) ProtocolE-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) Protocol
E-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) Protocol
Vishal Kumar
 
Privileges Escalation by Exploiting Client-Side Vulnerabilities Using Metasploit
Privileges Escalation by Exploiting Client-Side Vulnerabilities Using MetasploitPrivileges Escalation by Exploiting Client-Side Vulnerabilities Using Metasploit
Privileges Escalation by Exploiting Client-Side Vulnerabilities Using Metasploit
Vishal Kumar
 
Exploiting Client-Side Vulnerabilities and Establishing a VNC Session
Exploiting Client-Side Vulnerabilities and Establishing a VNC SessionExploiting Client-Side Vulnerabilities and Establishing a VNC Session
Exploiting Client-Side Vulnerabilities and Establishing a VNC Session
Vishal Kumar
 
Auditing System Password Using L0phtcrack
Auditing System Password Using L0phtcrackAuditing System Password Using L0phtcrack
Auditing System Password Using L0phtcrack
Vishal Kumar
 
Dumping and Cracking SAM Hashes to Extract Plaintext Passwords
Dumping and Cracking SAM Hashes to Extract Plaintext PasswordsDumping and Cracking SAM Hashes to Extract Plaintext Passwords
Dumping and Cracking SAM Hashes to Extract Plaintext Passwords
Vishal Kumar
 
Fundamental of Secure Socket Layer (SSL) | Part - 2
Fundamental of Secure Socket Layer (SSL) | Part - 2 Fundamental of Secure Socket Layer (SSL) | Part - 2
Fundamental of Secure Socket Layer (SSL) | Part - 2
Vishal Kumar
 
The Fundamental of Electronic Mail (E-mail)
The Fundamental of Electronic Mail (E-mail)The Fundamental of Electronic Mail (E-mail)
The Fundamental of Electronic Mail (E-mail)
Vishal Kumar
 
Fundamental of Secure Socket Layer (SSl) | Part - 1
Fundamental of Secure Socket Layer (SSl) | Part - 1Fundamental of Secure Socket Layer (SSl) | Part - 1
Fundamental of Secure Socket Layer (SSl) | Part - 1
Vishal Kumar
 
Hawkeye the Credential Theft Maalware
Hawkeye the Credential Theft MaalwareHawkeye the Credential Theft Maalware
Hawkeye the Credential Theft Maalware
Vishal Kumar
 
Deep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL InjectionDeep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL Injection
Vishal Kumar
 
Owasp top 10 security threats
Owasp top 10 security threatsOwasp top 10 security threats
Owasp top 10 security threats
Vishal Kumar
 
Exploiting parameter tempering attack in web application
Exploiting parameter tempering attack in web applicationExploiting parameter tempering attack in web application
Exploiting parameter tempering attack in web application
Vishal Kumar
 
Mirroring web site using ht track
Mirroring web site using ht trackMirroring web site using ht track
Mirroring web site using ht track
Vishal Kumar
 
Collecting email from the target domain using the harvester
Collecting email from the target domain using the harvesterCollecting email from the target domain using the harvester
Collecting email from the target domain using the harvester
Vishal Kumar
 
Information gathering using windows command line utility
Information gathering using windows command line utilityInformation gathering using windows command line utility
Information gathering using windows command line utility
Vishal Kumar
 
Introduction ethical hacking
Introduction ethical hackingIntroduction ethical hacking
Introduction ethical hacking
Vishal Kumar
 
Social engineering
Social engineeringSocial engineering
Social engineering
Vishal Kumar
 
Social engineering
Social engineeringSocial engineering
Social engineering
Vishal Kumar
 

More from Vishal Kumar (20)

Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement Matrice
 
The Complete Questionnaires About Firewall
The Complete Questionnaires About FirewallThe Complete Questionnaires About Firewall
The Complete Questionnaires About Firewall
 
E-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) Protocol
E-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) ProtocolE-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) Protocol
E-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) Protocol
 
Privileges Escalation by Exploiting Client-Side Vulnerabilities Using Metasploit
Privileges Escalation by Exploiting Client-Side Vulnerabilities Using MetasploitPrivileges Escalation by Exploiting Client-Side Vulnerabilities Using Metasploit
Privileges Escalation by Exploiting Client-Side Vulnerabilities Using Metasploit
 
Exploiting Client-Side Vulnerabilities and Establishing a VNC Session
Exploiting Client-Side Vulnerabilities and Establishing a VNC SessionExploiting Client-Side Vulnerabilities and Establishing a VNC Session
Exploiting Client-Side Vulnerabilities and Establishing a VNC Session
 
Auditing System Password Using L0phtcrack
Auditing System Password Using L0phtcrackAuditing System Password Using L0phtcrack
Auditing System Password Using L0phtcrack
 
Dumping and Cracking SAM Hashes to Extract Plaintext Passwords
Dumping and Cracking SAM Hashes to Extract Plaintext PasswordsDumping and Cracking SAM Hashes to Extract Plaintext Passwords
Dumping and Cracking SAM Hashes to Extract Plaintext Passwords
 
Fundamental of Secure Socket Layer (SSL) | Part - 2
Fundamental of Secure Socket Layer (SSL) | Part - 2 Fundamental of Secure Socket Layer (SSL) | Part - 2
Fundamental of Secure Socket Layer (SSL) | Part - 2
 
The Fundamental of Electronic Mail (E-mail)
The Fundamental of Electronic Mail (E-mail)The Fundamental of Electronic Mail (E-mail)
The Fundamental of Electronic Mail (E-mail)
 
Fundamental of Secure Socket Layer (SSl) | Part - 1
Fundamental of Secure Socket Layer (SSl) | Part - 1Fundamental of Secure Socket Layer (SSl) | Part - 1
Fundamental of Secure Socket Layer (SSl) | Part - 1
 
Hawkeye the Credential Theft Maalware
Hawkeye the Credential Theft MaalwareHawkeye the Credential Theft Maalware
Hawkeye the Credential Theft Maalware
 
Deep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL InjectionDeep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL Injection
 
Owasp top 10 security threats
Owasp top 10 security threatsOwasp top 10 security threats
Owasp top 10 security threats
 
Exploiting parameter tempering attack in web application
Exploiting parameter tempering attack in web applicationExploiting parameter tempering attack in web application
Exploiting parameter tempering attack in web application
 
Mirroring web site using ht track
Mirroring web site using ht trackMirroring web site using ht track
Mirroring web site using ht track
 
Collecting email from the target domain using the harvester
Collecting email from the target domain using the harvesterCollecting email from the target domain using the harvester
Collecting email from the target domain using the harvester
 
Information gathering using windows command line utility
Information gathering using windows command line utilityInformation gathering using windows command line utility
Information gathering using windows command line utility
 
Introduction ethical hacking
Introduction ethical hackingIntroduction ethical hacking
Introduction ethical hacking
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Social engineering
Social engineeringSocial engineering
Social engineering
 

Recently uploaded

7 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 20247 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 2024
Danica Gill
 
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfMeet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Florence Consulting
 
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC
 
Bài tập unit 1 English in the world.docx
Bài tập unit 1 English in the world.docxBài tập unit 1 English in the world.docx
Bài tập unit 1 English in the world.docx
nhiyenphan2005
 
Italy Agriculture Equipment Market Outlook to 2027
Italy Agriculture Equipment Market Outlook to 2027Italy Agriculture Equipment Market Outlook to 2027
Italy Agriculture Equipment Market Outlook to 2027
harveenkaur52
 
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
3ipehhoa
 
1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...
JeyaPerumal1
 
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
CIOWomenMagazine
 
Understanding User Behavior with Google Analytics.pdf
Understanding User Behavior with Google Analytics.pdfUnderstanding User Behavior with Google Analytics.pdf
Understanding User Behavior with Google Analytics.pdf
SEO Article Boost
 
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
keoku
 
Explore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories SecretlyExplore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories Secretly
Trending Blogers
 
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdfJAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
Javier Lasa
 
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
eutxy
 
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
3ipehhoa
 
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
zoowe
 
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
3ipehhoa
 
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
zyfovom
 
[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024
hackersuli
 
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Brad Spiegel Macon GA
 
Gen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needsGen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needs
Laura Szabó
 

Recently uploaded (20)

7 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 20247 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 2024
 
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfMeet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
 
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
 
Bài tập unit 1 English in the world.docx
Bài tập unit 1 English in the world.docxBài tập unit 1 English in the world.docx
Bài tập unit 1 English in the world.docx
 
Italy Agriculture Equipment Market Outlook to 2027
Italy Agriculture Equipment Market Outlook to 2027Italy Agriculture Equipment Market Outlook to 2027
Italy Agriculture Equipment Market Outlook to 2027
 
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
 
1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...
 
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
 
Understanding User Behavior with Google Analytics.pdf
Understanding User Behavior with Google Analytics.pdfUnderstanding User Behavior with Google Analytics.pdf
Understanding User Behavior with Google Analytics.pdf
 
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
 
Explore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories SecretlyExplore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories Secretly
 
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdfJAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
 
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
 
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
 
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
 
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
 
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
 
[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024
 
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
 
Gen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needsGen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needs
 

E-mail Security Protocol - 2 Pretty Good Privacy (PGP)

  • 1. 1 WWW.Prohackers.in “E-mail Security Protocol-2 Pretty Good Privacy (PGP)” By: -Vishal Kumar (CEH, CHFI, CISE, MCP) info@prohackers.in
  • 2. 2 WWW.Prohackers.in Table of Content 1. Introduction to PGP 2. The Working of PGP a) Step 1: Digital Signature b) Step 2: Compression c) Step 3: Encryption d) Step 4: Digital Enveloping e) Step 1: Base-64 Encoding 3. PGP Algorithms 4. Key Rings 5. PGP Certificates a) Introducer Trust b) Certificate Trust c) Key Legitimacy 6. Web of Trust
  • 3. 3 WWW.Prohackers.in 1. Digital Signature 2. Compression 3. Encryption 5. Base-64 Encoding Fig: PGP operation 4. Enveloping Introduction Phil Zimmerman is the father of the Pretty Good Privacy (PGP) protocol. The most significant aspects of PGP are that it supports the basic requirements of cryptography, is quite simple to use, and is completely free. Including its source code and documentation. Moreover, for those organizations that require support, a low-cost commercial version of PGP is available from an organization called Viacrypt (now Network Associates). PGP has become extremely popular and is far more widely used, as compare to PEM. The E-mail cryptographic support offered by PGP is shown below: 1 The Working of PGP In PGP, the sender of the message needs to include the identifiers of the algorithm used in the message, along with the value of the keys. The broad-level steps of PGP are illustrated in the fig. as shown, PGP starts with a digital signature, which is followed by compression, then by encryption, then by digital enveloping and finally, by Base-64 encoding. PGP allows for three security options when sending an email message. These options are.  Signature (steps 1 and 2) Pretty Good Privacy (PGP) Encryption Non-repudiation Message Integrity Fig: - Security Features offered by PGP
  • 4. 4 WWW.Prohackers.in  Signature and Base-64 encoding (Steps 1, 2 and 3)  Signature, Encryption, Enveloping, and Base064 encoding (Steps 1 to 5) Let us discuss these five steps in PGP, Step 1: Digital Signature We had earlier discussed about the digital signature in the Step 1 of Privacy Enhance Mail protocol. Step 2: Compression This is additional step in PGP. Here, the input message as well as the digital signature are compressed together to reduce the size of final message that will be transmitted. For this, the famous ZIP program is used. ZIP is based on Lempel-Ziv-algorithm. The Lempel-Ziv-algorithm looks for repeated strings or words, and stores them in a variable. It then replaces the actual occurrence of the repeated word or string with a pointer to the crossponding variable. Since a pointer requires only a few bits of memory as compare to original string, this this method reduces in the data being compressed. For instance, consider the following string: What is your name? My name is vishal Using the Lempel-Ziv-algorithm, we would create two variables, say A and B and replace the word is and name by pointer to A and B, respectively. This is shown in below image. What is your name? My name is vishal 1. A = is 2. B = name What 1 your 2? My 2 1 Vishal Original String Variable creation and assignment Compressed String Fig: - Lempel-Ziv-Algorithm, as used by the ZIP program
  • 5. 5 WWW.Prohackers.in As we can see, the resulting string What 1 your 2? My 2 1 vishal, is smaller then compare to original string what is your name? My name is vishal. Step 3: Encryption In this step the compressed output of stem 2 (the compression from of the original email and digital signature together) are encrypted with a symmetric key. For this, generally the IDEA algorithm in CFB mode is used. We have already discussed this process in PEM (Privacy Enhance Mail) protocol. Step 4: Digital Enveloping In this case symmetric key used for encryption in step 3 is now encrypted with receiver public key. The output of stem 3 and step 4 together forms a digital envelope. This is shown in below figure: Step 5: Base-64 encoding The output of step 4 is Base-64 encoded; we have already discussed the process of this encoding in PEM (Privacy Enhance Mail) protocol. Output of Step 3 Sender Symmetric key encrypted with the receiver’s public key Digital Envelope Fig: - Formation of Digital Envelope
  • 6. 6 WWW.Prohackers.in 2.2 PGP Algorithms PGP supports a number of algorithms. The most common of them are listed below: Algorithm type Description Asymmetric Key RSA (Encryption and signing, Encryption only, Signing only) DSS (Signing only) Message Digest MD5, SHA-1, RIPE-MD Encryption IDEA, DES-3, AES 2.3 Key Rings When a sender wants to send an email message to a single recipient, there is no too much of problem. Complexities are introduced when a message has to be sent to multiple recipients. If Alice needs to correspond with 10 people, Alice needs the public key of all the 10 people. Hence, Alice is said to need a key ring of 10 public key. PGP specific a ring of public-private keys. This is because Alice may want to change her public-private key pair, or may want to use a different key pair for different groups or users. In other words, every PGP user need to have two sets of key rings: (a) A ring of her own public- private key pair, (b) A ring of public key of other users. The concept of key rings is shown in the below figure. Note that in one of the key rings, Alice maintain a set of key pair; while in other she just maintain the public keys of other users. Obliviously, she cannot have the private key of other users. Table: - PGP Algorithms Alice’s key ring, where she holds her own public-private key pairs Alice’s key ring, where she holds only the public key of PGP users in the system Fig: Key rings maintain by a user in PGP
  • 7. 7 WWW.Prohackers.in 2.4 PGP Certificates In order to trust the public key of a user, we need to have that user’s digital certificate. PGP can use certificate issued by a CA, or can use its own certificate system. The originally, certificate issued by the root CA to the second-level CAs. The second level CA can issue certificate to third-level CA and so on this can continue up-to the require number of levels. At the lowest level, the last CA issues certificate to end user. In PGP, there is no CA, anyone can sign a certificate to anyone else in the ring. Vishal can sign the certificate to Deepak, Juhi, Harish and so on. There is no hierarchy of trust. This creates a situation where a user can have certificates issued by different users. For example; Juhi may have a certificate signed by Vishal and another one by Anita, this is shown in the below figure. Hence, if Harish wants to verify Juhi’s certificate, he has two paths: Juhi to Vishal and Juhi to Anita. Harish may fully trust Vishal, but not Anita, hence there can be a multiple path in the line of trust from a fully or partially trusted authority to a certificate. The equivalent of CA (a user who issue certificate) in PGP is called introducer. Vishal Anita Digital Certificate User: Juhi Issued by: Vishal Digital Certificate User: Juhi Issued by: Anita Juhi Fig: Anyone can issue certificate to anyone else
  • 8. 8 WWW.Prohackers.in The whole concept can be understood better with the help of three ideas:  Introducer trust  Certificate trust  Key legitimacy Let us discuss these three concepts now: (a) Introducer trust We know that there is no hierarchical CA structure in PGP. Hence it is natural that the ring of trust in PGP cannot be very large, if every user has to trust every other user in the system. Think about this, in real life, we do not fully trust everyone. To resolve this issue PGP provides for multiple level of trust. The number of level depends on the decision of implementing PGP. However, for simplicity, let us say that we have decided to implement three level of trust to an introducer. These three levels are none, partial, and complete. The introducer trust then specifies what level of trust the introducer wants to allocate to other user in the system. For example, Vishal may now say that he fully trust Juhi, where Anita says she only partial trust Juhi. Juhi says that she does not trust Harish, Harish suggest that he partially trust Anita in turn, and so on. This scenario is shown in the below figure. Vishal Anita Digital Certificate User: Juhi Trust: Full Digital Certificate User: Juhi Trust: Partial Juhi Fig: Introducer Trust Digital Certificate User: Anita Trust: Partial Digital Certificate User: Harish Trust: None Harish
  • 9. 9 WWW.Prohackers.in (b) Certificate trust When a user A receives a certificate of another user B issued by this ruder C, depending on the level of trust that A has in C, A assign a certificate trust level to that certificate while storing it. It is normally the same as the introducer trust level that issued the certificate this is shown in the below figure. Background Information: Vishal and Anita have issued certificate to Juhi, Juhi send these certificates to Harish, so that Harish can extract Juhi’s public key out of any of those certificates and use it in communication with Juhi. However, Harish does not trust Vishal at all, but trust Anita fully. Fig: certificate Trust Result: when Juhi sends the two certificates (issued by Vishal and Anita) to Harish, Harish adds them to his database of certificate. It is actually the ring of public key of other users. Apart from adding them there, Harish record the fact that it does not want to trust Juhi’s certificate issued by Vishal (because he does not trust Vishal), but want to trust Juhi’s certificate issued by Anita (because he trust Anita)
  • 10. 10 WWW.Prohackers.in This concept is explained in the diagram. Let us take another example to ensure that there is no confusion. Imagine that there is a set of users in the system. Assume that Mahesh fully trust Naren, partially trust Ravi and Anmol, and has no trust in Amit. i. Naren issue two certificates: one to Amrita (with public key K1) and another to Pallavi (with public key K2). Mahesh stores the public key and certificates or Amrita and Pallavi in his key ring of public keys with certificate trust level equal to fully. ii. Ravi issues a certificate to Uday (with public key K3). Mahesh stores the public key and certificate of Uday in his ring of public key with certificate trust level equal to partial. iii. Anmol Issue Two Certificates: one to Uday (with public key K3), and another to Parag (with public Key K4). Mahesh stores the public keys and certificates of Uday and Parag in his ring of public key with certificate trust level equal to partial. Note that Mahesh has now two certificates for Uday, one issued by Ravi, and the other issued by Anmol, both with partial level of certificate trust. iv. Amit issue a certificate to Parag (with public key K4). Mahesh stores the public key and certificate of Parag in his ring or public keys with certificate trust level equal to none. Mahesh can also discard this certificate. (c) Key legitimacy The objective behind the introducer trust and certificate trust is to decide whether to trust the public key of a user. In PGP terms, this is called Key Legitimacy. Mahesh needs to know how legitimate are the public keys of Amrita, Pallavi, Uday, and Parag and so on. PGP define the following the simple rule to decide the key legitimacy: the level of key legitimacy for a user is the weighted trust level for that user. For example, suppose we have assigned certain weights to certificate trust level, as shown in the below figure: Weight Meaning 0 No trust ½ Partial trust 1 Complete or Full trust
  • 11. 11 WWW.Prohackers.in In this situation in order to trust a public key (i.e. certificate) of any other user, Mahesh needs one fully trusted certificate or two partial trusted certificates. Thus Mahesh can fully trust Amrita and Pallavi based on the certificates they had received from Naren. Mahesh can also trust Uday, based on tow partial trusted certificates that Uday had received from Ravi and Anmol. 2.5 Web Trust The earlier discussion leads to a potential problem. What happens if nobody creates certificate for fully or partially trusted entity? In our example, on what basis would we trust Naren’s public key, if no one has created a certificate for Naren? To resolve this problem, several schemes are possible in PGP, as outlined below. (a) Mahesh can physically obtain the public key of Naren by meeting in person and getting the key on a piece of paper or as a disk file. (b) This can be done telephonic as well. (c) Naren can email his public key to Mahesh. Both Naren and Mahesh compute the message digest of this key. If MD5 is used, the result is a 16-byte digest. If SHA-1 is used, the result is 20-byte digest. In hexadecimal, the digest become a 32-digit value in MD5, and a 40-digit value in SHA-1. This is displayed as 8 groups of 4-digit value in MD5, and 10 groups of 4-digit values in SHA-1, and is called fingerprint. Before Mahesh adds this public key of Naren to his ring, he can call up Naren to tell him what fingerprint value he has obtained to cross-check with the fingerprint value that is separately obtained by Naren. This ensures that the public key value is not changed in the email transit. To make matters better, PGP assign a unique English word to a 4-digit hexadecimal number group, so that instead of speaking out the hexadecimal string of numbers, users can speak out normal English words as define by PGP. For example PGP may assign a word India to a hexadecimal pattern of 4AOB, etc. (d) Mahesh can obtain Naren’s public key from CA. Regardless of the mechanism, eventually this process of obtaining key of other users and sending our own to others creates which is called web of trust between groups of people.
  • 12. 12 WWW.Prohackers.in This keeps the public key ring getting bigger and bigger, and helps secure the email communication Whenever a user needs to revoke his/her public key (because of loss of private key, etc) he/she needs to send a key revocation certificate to the other users. This certificate is self-signed by the user with his/her private key. Thanks for reading this presentation Please give us your feedback at info@prohackers.in Your feedback is most valuable for us for improving the presentation You can also suggest the topic on which you want the presentation Website: www.prohackers.in FB page: www.facebook.com/theprohackers2017 Join FB Group: www.facebook.com/groups/group.prohackers/ Watch us on: www.youtube.com//channel/UCcyYSi1sh1SmyMlGfB-Vq6A ***Thanks***