In “Encrypting Emails using PGP/GPG”, I have described how to configure GPG (PGP) + Enigmail + Thunderbird for sending signed and encrypted emails. But the inner process of PGP is not described. In this post, I will describe how PGP works and the emulation process of PGP will be covered by the nice cryptography tool named cryptoolv2.
What is PGP: A Brief Introduction
Symmetric encryption is very good and have good performance/speed in encryption/decryption. But the main problem is in transferring keys between the Alice and Bob. Alice and Bob are two characters whom want to send encrypted messages to each other and is commonly used names in cryptographic systems. For more information check the Alice and Bob.
In other side, the power of asymmetric encryption is considerable. Every participant has two keys: the public key (e) which is accessible by everyone in the system and the private key (d) which is only accessible for the participant. One of the major abilities of this cryptography system is that the key transfer is very easy, because of the public key. Beside its abilities, it lags in encryption/decryption of large amount of data. If you want to know more about asymmetric encryption/decryption and the meaning of signature (encrypting with private key) and encryption (encrypting with public key), check Public-key cryptography.
PGP stands for Pretty Good Privacy which uses the power of asymmetric and symmetric encryption. Symmetric encryption lacks in key transfer which can be transferred by asymmetric encryption. The key size is not large in comparison of data which is going to be encrypted/decrypted.
So the system is OK. Encrypt the content with a random symmetric key (K). Sign and encrypt K with sender’s private key and receiver’s public key. The system is depicted in below but in the figure, sender does not sign the K, just encrypts with the receiver’s public key.
Cryptool is a nice GUI based tool for testing and learning cryptography. I’ve used version 2 of the program which can be run in Microsoft Windows. The tool is accessible from cryptoolv2. The following picture shows a screenshot of the program in action.
PGP in Cryptool
I have configured the PGP protocol in cryptool and add signature and encryption for the system. The first picture shows the overall system and process.
The following picture shows the detailed work of each part. It should be noticed that there are some elements in the figure which RSA stands for asymmetric encryption/decryption system, AES for symmetric encryption/decryption and key generator for generating private and public keys.
The final picture shows the system in action. As shown, the decrypted message is the same as the plain text message (“Hello World!“).
The project is attached in the following file. You may download and test the file as you like in cryptool v2.