PGP

PGP is an encryption package available for most platforms and operating systems.

PGP stands for 'Pretty Good Privacy'. This is a self-depreciating joke, since PGP uses 'military strength' strong cryptography, to provide privacy, confidentiality and validity to your data and that of other peoples.

The software was first released in 1991, and was distributed by, (among others) Kelly Goen, who used several pay-phones, each miles apart, and an acoustic coupler to upload it to various BBS', USENET groups, and FTP sites within the US, staying at one location for several minutes before moving on. From there it spread rapidly, and quickly disseminated to Europe and Australasia, among other places.

The first version of PGP was coded by Phil Zimmermann. It used RSA public key cryptography in conjunction with a homegrown cipher in a hybrid cryptosystem. It was under development for a number of years. Then in April 1991 Phil Zimmermann was made aware of a rider to Senate Bill 266, which required that all telecommunication companies allow government access to plaintext. This rider, added at the request of the FBI, was withdrawn before the bill passed, but it had the effect of increasing the perceived urgency of the development. Goen professed to the journalist Jim Warren:

...the intent here is to invalidate the so-called trapdoor provision of the new Senate Bill coming down the pike before it makes it in to law.

There are two versions of how PGP was released:

• The original version:

  This was the version disseminated before the statute of limitations ran out, when it was still possible for the US Government to prosecute for exporting cryptographic software.

  Export controls were not considered in any detail when the software was released, although Goen was careful only to upload PGP to sites in the US. Encryption export controls originally meant that it was illegal to export encryption software above a certain (very low) key length in compiled or source code format on electronic media. Because of this, and because PGP was so obviously available outside of the US, Phil Zimmerman and Kelly Goen were the subject of a three year investigation by the US Customs and a grand jury which started in 1993 and was dropped in 1996.

• The truth:

  Now that the statute of limitations has expired, and prosecution is no longer possible, there was no longer any point in hiding the truth. Phill Zimmerman spoke out after keeping this under his hat for ten years:

  PGP was created by Phil Zimmerman specifically with human rights workers in mind. He admitted as much in his ''PGP Marks 10 Year Aniversary'' note¹:

  ''First, I sent it to Allan Hoeltje, who posted it to Peacenet, an ISP that specialized in grassroots political organizations, mainly in the peace movement. Peacenet was accessible to political activists all over the world.''

  He then goes on to say how Kelly Goen was given the program, with the explicit marking of ''US only''.

PGP was also responsible, along with Tim May and Eric Hughes, for triggering the birth of the cypherpunk movement. The freeware version of PGP (now at version 6.5.8) is available to anyone on the Internet. The source code has been exported in book format, thereby circumventing the export controls.

As of mid-1999, the export controls were relaxed. While there is still a large barrier of paperwork for anyone wishing to export encryption, it is now possible to buy 'PGP International' outside of the US.

Version two was created with the help of several programmers in Switzerland, New Zealand and the US, with Zimmerman acting as project coordinator. It was first released in Auckland and Amsterdam, partly as a way to circumvent the export restrictions, and partly because of the (now expired) patents existing on the RSA algorithm.

The home-grown (and rather weak) symmetric cipher was replaced with IDEA, a Swiss cipher believed at the time to be stronger than DES, and allowed users to 'sign' other peoples public key. This was a partial solution to the problem of authenticating keys. If Alice trusts Bob's public key and signs it, and Carol trusts Alice, then Carol can be introduced to Bob. This differs from the traditional hierarchical CA-based standards such as the X509 PKI standard. In PGP there is a 'web of trust' - where there is no strict hierarchy, and what keys are signed follow more approximately actual social relationships.

Since it's initial release, PGP has evolved considerably. Network Associates has taken the PGP brand and expanded it to take the form of a complete personal security/privacy package. The standard tools are now:

• Email encryption - this is the main use case. It is now capable of using Diffie-Hellman algorithms as well as RSA. There are plug-ins for the most common email clients.

• File encryption - Apart from the possibility of using public key encryption in email, it can also be used on traditional files. PGP uses strong encryption such as CAST, IDEA, Triple DES, and in the latest version Rijndael.

• File wipe - in most operating systems, when you delete a file, it isn't really gone. All that has been deleted is the pointer to the file's location - the bytes which that file used to consist of still exist, and can be recovered using commonly available tools, and can be recoverable even after they actual bytes have been overwritten by special forensic tools.

  PGP contains a utility which directly over-writes the bytes of the file with pseudo-random data up to thirty-two times. At the highest setting, it takes about four hours to wipe a gigabyte of data. Recent advances in data recovery using very expensive atomic-level imaging equipment may circumvent even this.

• Disk cleaner - this simply writes over all the free space on your hard-drive in the same method as above. This is used for making sure that any programs you've used do not leave sensitive temporary files half-deleted. It's best to leave this running overnight, unless you sleep in the same room as your computer, in which case it's too noisy - it thrashes your hard-drive, after all :-)

• Secure networking protocol suite - if anyone's actually used this, feel free to add a w/u below. Or I could get off my butt and do it myself.

Version 7 and above, in the windows/mac versions at least, includes a personal fire-wall. The company that sells the PGP software is a division of Network Associates, who are not known for being nice guys - rather the opposite in fact. Phil Zimmermann recently resigned because of a dispute over releasing the source for future versions.

In the past, the entire program had it's source code available for inspection by the crypto community, for debugging, and also as a way of verifying the cryptographical integrity of the program. The management at NAI has new and disproved opinions on whether or not this will be done in the future.

PGP has also established the openPGP message format which is now used by several applications such as GPG. PGP has occasionally made the headlines for having various flaws discovered.

The most recent one was an attack by two Czech cryptologists, Vlastimil Klima and Tomas Rosaon, on the openPGP format which allowed modification to be done to a private keyring to obtain the DSA and RSA private signature keys, by bypassing the strong encryption used to protect them by changing specific bytes in the file storing the keys.

To guard against this, keep your private key on media that you trust not to be available to an attacker, i.e. your home PC under a further (different) layer of encryption, a disk in your wallet, or, if you don't trust disks, burn a CD and keep it with you - If you feel that someone might want access to your encrypted conversations that badly.

Other vulnerabilities discovered meant that additional decrypting keys (ADKs) could be appended to the end of a public-key without any error checking. This 'feature' was originally included in version six and above for corporate use - as a message recovery feature. However, it was discovered that it was possible to add additional ADKs without PGP including them in the key-block hash function checking procedure. Anything encrypted with that public key-block would then be available to the owner of the appended key.

Despite these two flaws (and probably others which happened before my time), PGP remains one of the most user-friendly encryption tools around. However, if you run a NIX variant, GPG is recommended, as the whole thing is GPLed, and they generally fix flaws such as the ones described above within weeks as opposed to months.

1: See also PGP: Happy Birthday To You

Sources:
Phil Zimmerman on the CodeCon 2002 Legality Panel (mp3)
http://politechbot.com/docs/pgp.anniversary.060501.html
Applied Cryptography - Bruce Schneier
Handbook to Applied Cryptography - Menezes et al
Intro to Crypto - PGP Documentation
Crypto - Steven Levy
http://www.i.cz/en/pdf/openPGP_attack_ENGvktr.pdf

This writeup was originally written in 1997

In 1991 a computing consultant from Colorado released into the public domain a program that would revolutionise internet communications world-wide, allow anyone with a computer the right to secure communication and almost land the author of this program in prison for munitions export. The program was PGP or "Pretty Good Privacy" by Phil Zimmermann and it had such strong encryption that it was considered a practical impossibility to crack it, even with the vast resources of the US Government. It used the RSA public key encryption algorithm removing the need to send a private key "in clear", traditionally the weak link in all encryption (the German Enigma cipher couldn't have been cracked nearly so quickly if several machines hadn't been captured by the Allied forces). The release of the soft ware onto the Internet and the subsequent indictment of Phil Zimmermann caused one of the biggest debates on freedom of the Internet in its history.

PGP uses three different algorithms in its operation; these are the RSA public key encryption system, the IDEA symmetric key cipher and MD5, a 128bit checksum used to validate message integrity.

• RSA Public Key Encryption
  This encryption method uses a public key algorithm, essentially allowing you to encrypt a message with one key which is publicly known which can then only be decrypted by a private key held only by the recipient, alternatively a message can be encoded with a private key and decoded using a public key to allow secure signing of messages. It is a fairly safe algorithm when used with key lengths of 512 bits or more but cannot compare with conventional methods for safety of encryption for a given length of key and is also much slower. It is used by PGP only to transfer the key to the main cipher (IDEA).
• IDEA Symmetric Key Cipher
  This encryption method is used by PGP to encode the main message. It is very secure and is considered unbreakable for the foreseeable without the key. Using 1 billion processors each operating at 1 billion keys per second (much faster than the fastest CPUs are capable) it would take over 1000 times the age of the universe to crack. It is used by PGP to encode the message. It is a symmetric cipher so the message can be both encoded and decoded using the same key.
• MD5
  This is not an encryption system but it is a complicated algorithm for generating a 128-bit checksum (unique to that message) which can be used to verify that a message hasn't been tampered with.

1. Signing: An encrypted (or unencrypted) message can be signed to provide absolute proof that the message did indeed come from its apparent recipient. To achieve this, MD5 is applied to the message to get a unique checksum that can only apply to that message. This is then encrypted using RSA and the sender's private key (which only he knows), this can then be decoded using the sender's public key (as held by the recipient) to verify that the message is authentic. This works on the principal that only the sender's public key will decrypt a message encrypted with his private key, which only the sender knows, therefore if it can be decoded it must be from him. The signature is sent along with the main body of the message.
2. Encryption: Firstly a unique and random 128bit key is generated for that session (called the session key), the message (or the message and its encoded signature) is then encoded using IDEA using this key. The random key is then encoded using the RSA method with the recipient's public key and these two encoded parts are combined to form the encoded message (along with a signature if one is present).
3. Decryption: To decode the message, the recipient applies his private key to the encoded session key to obtain the session key. This is then applied to the main IDEA encoded message to decode the message, and, if applicable, the electronic signature.
4. Authentication: To verify that a message is authentic, the recipient must decode the checksum using the sender's public key and then MD5 applied to the message to compare with the checksum sent with the message (if they match the message has not been tampered with).

For years the US Government had been promoting an encryption system based on the "Clipper" chip. This was because encoded into every chip was a secret back door allowing the government to listen in to encrypted phone conversations, read encrypted email and access sensitive documents. The advent of PGP meant that not only did every computer user in the United States have access to a powerful an virtually unbreakable encryption program but it could also be copied abroad over the internet. The uploading of the package to an internet newsgroup caused the US Government to attempt to prosecute Phil Zimmermann under the Arms Export Control Act. They failed in there attempt to do this however, dropping the case in January 1996.

The reasons for this are, in my view, completely unjustified, in the information age many people have access to email and it is fast becoming a standard feature for business cards to carry an email address alongside phone and fax numbers. This means that there is a huge volume of plain text transmitted, most of it private and some of it undoubtedly classified industrial secrets. This is simple to intercept and change, far easier than a phone tap or mail intercept and if it is changed there is no sure way of detecting it. Some email software comes with the DES encryption method that uses a 46 bit key, but it has been shown that with a machine costing only one million dollars, a sum well within the budget of most multinational companies, can break these codes in a matter of hours and no verification of authenticity is available. The PGP system makes unbreakable cryptography free, as it should be, and available to the general public.

The viewpoint of the US Government is understandable in that the software could be used by oppressive regimes in the third world but the algorithms used are internationally known and the software could just as easily be written in the UK, Russia or even Libya. The irony of this is that in such a case, the software would be freely available in America as no such restriction applies to importing encryption software.

Though the case against Phil Zimmermann has been dropped, controversy and debate still rages over whether a government has the right to invade a citizen's privacy by tapping phone lines, intercepting mail and reading email. PGP prevents this, email is unbreakably encrypted and there will soon be a package called PGPhone released which allows you to use a modem as a secure telephone line, it is even possible to use PGP to encrypt regular letters, though this is very uncommon. The government approved clipper chip will form a part of a system in the United States where at any one time 1% of all telephone calls made will be able to be tapped at once, with a simple point and click system, but the clipper chip will not be able to help the charities to save refugees of oppressive regimes, as PGP has done, because the governments will be able to intercept every email and phone call. As Phil himself puts it "If you outlaw privacy, only outlaws will have privacy". Email encryption will form an important part of the internet in the next millennium, possibly becoming used for all emails as envelopes are now used to protect normal mail from prying eyes. PGP will most likely become the package of choice from its world-wide distribution and fame, and of course its unbreakable algorithms.

Update

With the recent upsurge in terrorist activity caused by the World Trade Center bombings, calls for further restriction have been made, with PGP again becoming the poster child for the Big Brother generation.

Why bother with PGP?
The very nature of email communication makes it perfect for spying and tapping. Imagine all the emails that fly across the Atlantic Ocean. Every single one of them could be tapped without you even noticing it. Of course, thinking that someone will sit and read every single one of them is preposterous - but the "problem" is that nobody has to.

But how do they find out what to tap?
Imagine if the FBI (Or whoever else, for that matter) set up a server that searched all email messages for keywords, say terrorism, bomb, assassination etc. etc. The emails that were caught in this filter would then be inspected by hand, and (obviously) read. So far no problems, unless you consider that you probably don't want people to be reading your emails. Whatever you send in an email is, for technological reasons, highly insecure. It has been said that "emails are as private as anything you send on a postcard". Security is so bad, that anyone who can be bothered to read it can do so as they please.

Of course, most of us, the law-abiding citizens, will not mind people reading emails containing the mentioned words. What, however, if the operators get bored, and add words like "sex" or "secret" or "stock exchange" to the search criteria? They could well be reading your love letters to your girl / boyfriend, your confessions or your business secrets.

The legality
When the USA passed their USA Patriot Act a short while ago (October 25, 2001), after the terrorist attacks on the WTC, in effect they bypassed a law making it hard for the NSA and the FBI to spy on people. So far, bugging a house, or tapping phone conversations involved getting a warrant etc. These warrants were hard to get a hold of, and were often delayed by several days.

With the new legislation, all the NSA or FBI (or even the CIA) would have to do is to claim someone belongs to a terrorist organization. This seems like a fairly wild measure, but there have been reported cases where people have been labeled "Terrorist" just because someone who is also labeled "terrorist" has them in their address book. As you can imagine, this way just about anyone can be labeled terrorist, and just about anyone can have their phones tapped, have cameras fitted in their house, and (obviously) have their email monitored by whoever wants to do this.

Privacy
Personally, I am not a criminal, and I really don't mind the monitoring of terrorism. But at the same time, I strongly resent the fact that I can't seem to keep my privacy either, because of the mentioned laws and law practices. That's why I urge you to have a look at PGP - Pretty Good Privacy. Free encryption that makes sure that only the recipient can read your emails!

Jetify notes that...

There was a case of a mafiosi in the US who encrypted all the data on his PC using PGP. The FBI obtained a search warrant for his house. While searching (without his knowlege of course) they installed a keylogger on his computer. They gained his passphrase, etc., and therefore had access to his data.

And so it goes, that if you're using PGP on a computer, and they want access, they'll use a keylogger. PGP provides good transport security between readers, but for authorities such as the FBI, there are easier methods of getting the same information, and there are better means of protecting your data from them.

-30-