Example cryptographic application: PGP

PGP ("Pretty Good Privacy") is an application for the secure transmission of messages. PGP uses public key encryption to securely send a random session key; the actual message encryption uses a private key system (IDEA). For extra security, the user's private key is stored in an encrypted form, and only decrypted when needed. The user needs to provide a "pass phrase"; an MD5 hash of the pass phrase is used as the key to decrypt the private key.

                                                    +--- MD5 <----- Pass
                                                    |              phrase
                                                    v
               Public                             IDEA <-- Private
                 key                             decrypt     key
                  |                                 |
  Random          v                                 v
  session  --->  RSA   ------------------------->  RSA
   key          encrypt                          decrypt
    |                            PGP                |
    +-------------+            MESSAGE              |
                  |                                 |
                  v                                 v
  Message  --->  IDEA  ------------------------->  IDEA  ----->  Message
                encrypt                           decrypt

         [SENDER]                                      [RECIPIENT]

PGP can also digitally sign messages, or both sign and encrypt. Recommended reading: "PGP: Pretty Good Privacy" by Simson Garfinkel (O'Reilly)

Last updated 8 October 1996