Example cryptographic application: PGP
PGP ("Pretty Good Privacy") is an application for the secure transmission of
messages. PGP uses public key encryption to securely send a random session
key; the actual message encryption uses a private key system (IDEA). For
extra security, the user's private key is stored in an encrypted form, and
only decrypted when needed. The user needs to provide a "pass phrase"; an
MD5 hash of the pass phrase is used as the key to decrypt the private key.
+--- MD5 <----- Pass
| phrase
v
Public IDEA <-- Private
key decrypt key
| |
Random v v
session ---> RSA -------------------------> RSA
key encrypt decrypt
| PGP |
+-------------+ MESSAGE |
| |
v v
Message ---> IDEA -------------------------> IDEA -----> Message
encrypt decrypt
[SENDER] [RECIPIENT]
PGP can also digitally sign messages, or both sign and encrypt. Recommended
reading: "PGP: Pretty Good Privacy" by Simson Garfinkel (O'Reilly)
Last updated 8 October 1996