PGP: PRETTY GOOD PRIVACY by Simson GARFINKEL
Table of Contents
Foreword ...................................................... xix
Preface ....................................................... xxi
Part I: PGP Overview ......................................... 1
Chapter 1: Introduction to PGP .................................. 3
Why PGP? The Case for Encryption ................................ 4
Your Mail Can Go Astray ......................................... 7
Protecting Your Privacy ......................................... 8
Where Did PGP Come from? ....................................... 10
Basic PGP Terminology .......................................... 11
Keys: Public, Secret, and Session .............................. 11
Key Certificates ............................................... 13
Key Rings ...................................................... 14
Pass Phrases ................................................... 15
Digital Signatures ............................................. 17
Signatures on Key Certificates ................................. 20
How to Run PGP ................................................. 21
The Command Line Interface ..................................... 21
Getting Help (-h Option) ....................................... 22
Specifying Command Line Arguments .............................. 22
Using ASCII Armor (-a Option) .................................. 23
Encrypting and Signing Email (-e and -s Options) ............... 24
PGP File Extensions ............................................ 27
PGP Environment Variables ...................................... 28
PGP Configuration Variables .................................... 29
The PGP Language File .......................................... 29
PGP and Its Competitors ........................................ 30
Key Certification with PGP ..................................... 31
Chapter 2: Cryptography Basics ................................. 33
How Does Simple Cryptography Work? ............................. 33
Codes .......................................................... 34
Ciphers ........................................................ 35
Substitution ciphers ........................................... 35
One-Time Pads .................................................. 36
Keys and Key Length ............................................ 39
Breaking the Code .............................................. 39
Brute force (key search) attack ................................ 39
Cryptanalysis .................................................. 40
Private Key Cryptography ....................................... 42
Private Key Algorithms ......................................... 43
A Private Key Example .......................................... 44
Problems with Private Key Cryptography ......................... 45
The Key Distribution Center .................................... 46
The Outlook for Private Key .................................... 47
Public Key Cryptography ........................................ 47
Public Key Systems ............................................. 49
Advantages of Public Key Systems ............................... 51
Digital Signatures ............................................. 51
Using Private and Public Key Cryptography Together ............. 51
How Good is Cryptography? ...................................... 51
The Strong and the Weak ........................................ 52
The Case for Weakness .......................................... 54
What Encryption Can't Do ....................................... 54
U.S. Restrictions on Cryptography .............................. 56
Cryptography and the U.S. Patent System ........................ 56
Cryptography and Export Controls ............................... 57
Part II: Cryptography History and Policy ....................... 59
Chapter 3: Cryptography Before PGP ............................. 61
Cryptography Through the Ages .................................. 61
National Security and the NSA .................................. 62
Lucifer and the DES ............................................ 64
The National Bureau of Standards ............................... 65
The Security of the DES ........................................ 66
DES Cracking ................................................... 67
Alternatives to the DES ........................................ 68
Public Key Cryptography ........................................ 69
Ralph Merkle's Puzzles ......................................... 69
Diffie-Hellman Multi-User Techniques ........................... 71
Diffie-Hellman Exponential Key Exchange ........................ 72
The Birth of RSA ............................................... 74
How does RSA work? ............................................. 75
Technical Memorandum #82 ....................................... 77
The Rise and Fall of Knapsacks ................................. 79
Taking Public Key to Market .................................... 82
Chapter 4: A Pretty Good History of PGP ........................ 85
Phil Zimmermann: On the Road to PGP ............................ 85
Metamorphic Systems ............................................ 87
Charlie Merritt ................................................ 88
Phil Zimmermann Meets Public Key ............................... 90
Face to Face with Jim Bidzos ................................... 91
The Rise of RSA Data Security .................................. 92
Working with Big Jim ........................................... 94
A Pretty Good Program .......................................... 96
The Anti-Crime Bill S.266 ...................................... 97
The Birth of PGP-Version 1.0 ................................... 98
PGP Grows Up .................................................. 101
Bass-O-Matic .................................................. 101
The Real Thing-PGP Version 2.0 ................................ 102
The Cypherpunks ............................................... 103
PEM, RSAREF, and RIPEM ........................................ 103
ViaCrypt ...................................................... 105
MIT Steps in .................................................. 106
Throwing PGP into the Wind .................................... 109
The Federal Investigation of Zimmermann ....................... 111
Whither PGP? .................................................. 113
RSA-129 Solved! ............................................... 113
Chapter 5: Privacy and Public Policy .......................... 117
Wiretapping and the U.S. Government ........................... 118
The FBI's Digital Telephony Plan .............................. 121
The Untold Cost of Digital Telephony .......................... 123
Return of Digital Telephony ................................... 124
Where's the Beef? ............................................. 125
An Information Superhighway that's "Wired for Sound" .......... 126
The NSA's Clipper Chip ........................................ 127
Inside Clipper ................................................ 128
Who Gets the Keys? ............................................ 129
The Battle over Clipper and the EES ........................... 131
Problems with Clipper ......................................... 133
Chapter 6: Cryptography Patents and Export .................... 135
Patents and Policy ............................................ 135
Export: 40 Bits is not Enough! ................................ 137
The Digital Signature Standard ................................ 138
The Battle over the DSS ....................................... 138
The DSS and Patents ........................................... 139
The Fall of PKP? .............................................. 141
The Cylink Lawsuit ............................................ 141
The Schlafly Lawsuit .......................................... 143
Part III: Using PGP ........................................... 145
Chapter 7: Protecting Your Files .............................. 147
Encrypting and Decrypting Files ............................... 148
Encrypting a File ............................................. 148
Making a Mistake .............................................. 151
Erasing the Original File (-w Option) ......................... 151
Retrieving Your Encrypted File (Default Option) ............... 152
The Pass Phrase ............................................... 153
Should You Use a Different Pass Phrase for Every File? ........ 153
How to Pick a Pass Phrase ..................................... 154
Good Pass Phrases ............................................. 156
Why Use a Long Pass Phrase? ................................... 156
Chapter 8: Creating PGP Keys .................................. 159
Making Public Key Cryptography Work ........................... 160
The Theory Behind the Keys .................................... 161
Using PGP to Create Keys (-kgOption) .......................... 162
Choosing the Length of Your Public Key ........................ 163
Entering Your User ID ......................................... 163
Picking Your Pass Phrase ...................................... 165
Creating Randomness ........................................... 165
What If PGP Won't Generate Keys? .............................. 167
PGP Key Rings: A Place for Your Keys .......................... 168
Chapter 9: Managing PGP Keys .................................. 171
Secret and Public Key Rings ................................... 172
Viewing Keys (-kvOption) ...................................... 173
Viewing Keys on Your Public Key Ring .......................... 174
Viewing Keys on Your Secret Key Ring .......................... 174
Viewing Keys on Other Key Rings ............................... 175
Getting More Information about Keys (-kvc Option) ............. 176
Changing Your Key Certificate (-keOption) ..................... 177
Changing Your Pass Phrase ..................................... 177
Changing Your User ID (-ke Option) ............................ 178
Editing with Options .......................................... 180
Changing Your User ID (-ke and -kr Options) ................... 181
Giving Your Public Key to Someone ............................. 182
Copying Your Public Key Ring .................................. 183
Extracting Your Public Key (-kx Option) ....................... 183
Extracting Printable Keys with ASCII Armor (-kxa Option) ...... 185
Using Filter Mode (-f Option) ................................. 186
Extracting Multiple Keys into a Single ASCII-Armored File ..... 187
Adding Keys to Key Rings (-kaOption) .......................... 188
Adding Someone's Key to Your Public Key Ring .................. 188
Adding a Key to a Specified Key Ring .......................... 190
No Duplicates Allowed ......................................... 191
Removing Keys from Key Rings (-krOption) ...................... 191
Removing Keys from Your Public Key Ring ....................... 192
Removing Keys from a Specified Key Ring ....................... 192
A Starter Set of Public Keys .................................. 193
Chapter 10: Encrypting Email .................................. 195
Sending Encrypted Email ....................................... 196
Step 1: Creating the Message .................................. 196
Creating a message with your word processor ................... 197
Creating a message from the keyboard .......................... 197
Running PGP in filter mode .................................... 198
Step 2: Getting the Recipient's Public Key .................... 199
Step 3: Encrypting the Message (-e Option). ................... 199
Step 4: Sending the Message ................................... 203
Doing It All at Once (-f Option) .............................. 204
Encrypting and Sending a Message at the Same Time ............. 204
Typing, Encrypting, and Sending at the Same Time .............. 205
Receiving Encrypted Email ..................................... 205
Decrypting Email .............................................. 206
Changing the Output File (-o Option) .......................... 208
Viewing the Decrypted File (-m Option) ........................ 208
User Unknown .................................................. 208
Sending and Receiving Huge Documents .......................... 209
Changing the Size of Armored Files ............................ 212
Sending an Encrypted File to a Mailing List ................... 212
Encrypting and Sending to Multiple People ..................... 213
Adding Yourself to the Mailing List ........................... 214
Adding Yourself Automatically to the List ..................... 215
Chapter 11: Using Digital Signatures .......................... 217
How Do Digital Signatures Work? ............................... 218
The MD5 Message Digest Function ............................... 218
Message Digests and Public Key ................................ 220
RSA Digital Signatures ........................................ 222
PGP's Digital Signatures ...................................... 223
Signing a Message (-s Option) ................................. 223
Verifying a Digital Signature ................................. 226
Selecting from Multiple Secret Keys (-u Option) ............... 228
Signing and Encrypting a Message (-se Option) ................. 229
Receiving Signed Mail ......................................... 230
Creating Detached Signatures (-sb Option) ..................... 231
Chapter 12: Certifying and Distributing Keys .................. 233
Forged Keys ................................................... 234
The Web of Trust .............................................. 235
Adding a Key with Signatures (-kaOption) ...................... 236
Adding a Key for Phil's Pretty Good Pizza ..................... 236
The fingerprint ............................................... 238
The certification ............................................. 240
Adding a Key for Terrence Talbot, Esq. ........................ 241
Levels of trust ............................................... 244
Adding a Key for Sam Spade .................................... 245
Viewing Signatures ............................................ 246
Checking Your Keys and Signatures (-kc Option) ................ 246
Checking Your Keys and Signatures (-kvv Option) ............... 247
Checking all the Fingerprints for Your Keys (-kvc Option) ..... 248
Changing Your Trust in a Person (-ke Option) .................. 249
Why Change the Level of Trust? ................................ 250
Specifying a Different Key Ring ............................... 251
Signing a Key (-ksOption) ..................................... 251
Signing with a Different Secret Key (-uOption) ................ 253
Removing a Signature (-krsOption) ............................. 255
Unknown Signers ............................................... 256
Certifying the Keys in keys.asc (Version 2.6.1) ............... 261
Chapter 13: Revoking, Disabling, and Escrowing Keys ........... 263
Revoking Your Public Key ...................................... 263
What is a Key Revocation Certificate? ......................... 264
Making a Key Revocation Certificate (-kd Option) .............. 264
Questions about Revoking Keys ................................. 267
Disabling a Public Key (-kd Option) ........................... 268
A Manual System for Escrowing Keys ............................ 268
Simple Key Escrow ............................................. 269
Split-Key Escrow .............................................. 270
Chapter 14: PGP Configuration File ............................ 271
What is the PGP Configuration File? ........................... 271
Where is the Configuration File? .............................. 272
Editing the Configuration File ................................ 272
Specifying a Configuration .............................. Variable
on the Command Line ........................................... 273
Inside the PGP Configuration File ............................. 274
Configuration Variable Summary ................................ 276
Chapter 15: PGP Internet Key Servers .......................... 285
Communicating with a Key Server ............................... 286
Key Server Commands ........................................... 286
Getting Help .................................................. 287
Finding out Who is on the Server .............................. 287
Adding Your Key to the Server ................................. 288
Getting a Public Key from the Server .......................... 289
Getting a Set of Public Keys .................................. 290
Getting Updated Keys .......................................... 291
Where are the Key Servers? .................................... 291
Part IV: Appendices ........................................... 293
A: Getting PGP ................................................ 295
Getting PGP from MIT .......................................... 296
What to Type .................................................. 297
Other Ways of Getting PGP ..................................... 306
University of Hamburg: Lots of Crypto Resources ............... 306
University of California at Berkeley: The Cypherpunks ......... 307
Netcom: The PGP FAQ and Other Information ..................... 308
Electronic Frontier Foundation ................................ 308
Other Sources ................................................. 309
B: Installing PGP on a PC ..................................... 311
Choosing a Directory .......................................... 311
Unpacking PGP ................................................. 311
Verifying Your Copy of PGP .................................... 315
Setting up the ............................................... PGP
Environment on a PC ........................................... 317
PGPPATH Environment Variable .................................. 319
TZ Environment Variable ....................................... 319
A Sample autoexec.bat File .................................... 320
Creating Your Secret Key/Public Key Pair ...................... 321
C: Installing PGP on a UNIX System ............................ 323
Unpacking PGP on UNIX ......................................... 323
Getting a C Compiler .......................................... 325
Building the RSAREF Library ................................... 325
Building PGP .................................................. 327
Verifying Your Copy of PGP .................................... 331
Finishing the PGP Installation Under UNIX ..................... 334
The Dangers of Using PGP in a Multi-User Environment .......... 336
D: Installing PGP on a Macintosh .............................. 339
Getting MacPGP ................................................ 339
Installing MacPGP ............................................. 339
Copying the File .............................................. 340
Decoding the File ............................................. 340
Creating a Setup Folder ....................................... 340
Creating a PGP Folder ......................................... 340
Launching MacPGP .............................................. 341
Creating Your Keys ............................................ 341
Adding Keys to Your Key Ring .................................. 342
MacBinarizing the Distribution ................................ 343
Certifying the Keys ........................................... 345
E: Versions of PGP ............................................ 349
F: The Mathematics of Cryptography ............................ 355
How Diffie-Hellman Works ...................................... 355
How RSA Works ................................................. 357
The Security of RSA ........................................... 358
How Large is Very Large? ...................................... 359
How Random is Random? ......................................... 360
Dr. Ron Rivest on the Difficulty of Factoring ................. 361
Abstract ...................................................... 361
Factoring Algorithms .......................................... 362
Costs of Computation .......................................... 362
Results ....................................................... 364
Conclusions ................................................... 364
How PGP Picks Primes .......................................... 365
Glossary ...................................................... 367
Bibliography .................................................. 377
Books ......................................................... 377
Papers and Other Publications ................................. 378
Electronic Resources .......................................... 379
Index ......................................................... 381
List of Figures
1-1: Threats to your message ................................... 6
1-2: Paper mail, with envelopes, provides privacy .............. 9
1-3: Email, like postcards, offers little privacy .............. 9
1-4: Information on a PGP public key certificate .............. 13
1-5: PGP key rings ............................................ 15
1-6: A digital signature ...................................... 18
2-1: A simple example of encryption ........................... 34
2-2: Freemason cipher ......................................... 36
2-3: George Washington's codebook ............................. 37
2-4: One-time pad ............................................. 37
2-5: Brute force attack ....................................... 40
2-6: Private key cryptography with three people ............... 46
2-7: Private key cryptography with five people ................ 47
2-8: Private key cryptography with a key distribution center ) 48
2-9: A session key from the KDC allows secure communication ... 49
2-10: Public key cryptography ................................. 50
7-1: Encrypting and decrypting a file ........................ 149
10-1: Encrypting email ....................................... 197
10-2: Decrypting email ....................................... 206
11-1: Signing a message ...................................... 223
11-2: Verifying a message .................................... 227
11-3: Signing and encrypting a message ....................... 229
11-4: Decrypting and verifying a signature ................... 231
12-1: The web of trust ....................................... 236
D-1: MacPGP self-extracting archive .......................... 340
D-2: MacPGP distribution folder .............................. 341
D-3: Files in the MacPGP folder .............................. 341
D-4: PGP window used for messages ............................ 342
D-5: Key menu (Generate key... option) ....................... 342
D-6: Picking a key size ...................................... 343
D-7: Typing a pass phrase .................................... 343
D-8: Key menu (Add keys... option) ........................... 344
D-9: Adding keys from the keys.asc file ...................... 344
D-10: Adding keys to the pubring.pgp file .................... 344
D-11: File menu (MacBinarize... option) ...................... 345
D-12: MacBinarizing the MacPGP2.6-Installer file ............. 345
D-13: File menu (Open/Decrypt... option) ..................... 346
D-14: Selecting a file for certification ..................... 346
D-15: Specifying the filename for certification .............. 347
D-16: Specifyng the filename again for certification ......... 347
E-1:Versions of PGP .......................................... 353
List of Tables
3-1: Time required to break a DES-encrypted message ........... 68
6-1: The public key cryptography patents ..................... 136
F-1: Number of MIPS-years that can be bought for $1000
for low, average, and high levels of technological growth .... 363
F-2: Number of MIPS-years that can be purchased by an attacker,
combining money available and technological growth estimates . 363
F-3: Number of MIP-years required to factor a number
in low, average and high scenarios .......................... 364
F-4: Size of a number (in bits) that an attacker would be able to
factor at various points of time under various scenarios .... 364
