next up previous contents
Next: The Web of Trust Up: PGP Previous: PGP

Basic principles of operation

The program use RSA combined with IDEA for encryption. PGP uses a good method for generating random numbers: it measures the time between the user key-strokes. A pseudo random number generator is then seeded with these times.

Each message which is encrypted will be encrypted with IDEA in a modified CFB mode. A different session key is used for every message. The key is then encrypted with RSA using the public key of the intended recipient, and stored along with the encrypted message block. Only the person who has the secret key corresponding to this public key will then be able to recover the session key and decode the message. A message can even be sent to several people by just encrypting the session key with their public key and adding it to the message block. The message block size will only increase marginally.

To read an encrypted message the receiver must first use their private key to decrypt the session key. The session key is then used in the IDEA algorithm to decode the message.

PGP can also be used to make digital signatures. It uses MD5 for generating cryptographically secure message digests. This 128 bit message digest is then encrypted using RSA with the signers private key and appended to the message.

To check the signature on a document, one must first calculate the MD5 message digest of the document and then compare this value with decrypted version of the message digest stored with the document. If the values are the same then the receiver knows that the document has been signed by the owner of the public key used for decrypting the message digest.



Asgaut Eng
Wed Apr 10 14:07:30 MET DST 1996