PGP is often used to secure email communication. Describe the steps that a pair of users using PGP must take before they can exchange email messages with privacy and authnticity guarantees. What scope is there to make the preliminary negotiations invisible to the users? (The PGP negotiation is an instance of the hybrid scheme.)

What will be an ideal response?


PGP is based on a hybrid. Its primary use is for secure email communication. It provides digital signatures for the authentication of messages string encryption for their secrecy and integrity. The signatures are made using the SHA-1 algorithm to make a digest of the message and RSA or DSS for signing with the sender’s private key.
The message is (optionally) encrypted with 3DES or IDEA, using a one-time session key generated by the sender, which is encrypted using RSA with the recipient’s public key and sent with the message.
PGP is required to generate public/private key pairs for each user and the one-time session keys used to encrypt messages. Users’ public/private keys should be changed from time-to-time. (No keys should be used indefinitely in a secure system because of the danger thst they may be compromised through inadvertent disclosure or as a result of an attack.) To achieve the rotation of public/private key pairs, PGP must generate and store multiple key pairs and give each pair a label or identifer.
Key management is based on a key ring held by each user and a collection of PGP key servers accessible on the Internet that hold only the public keys of registered PGP users. The key ring is simply a small database holding keys in data structures that are secure. They are secured using secret key encryption with a pass phrase that the use must type in order to allow applications to access the keys in the keyring.
If PGP is thoroughly integrated into an email or other application the necessary actions to generate keys, access the key ring and perform signing and encryption on email messages can all be triggered automatically. The only user action required is the input of the pass phrase to decrypt the keyring entries. If users are equipped with smart cards or other physical access keys, the pass phrase could be supplied from the card.

Computer Science & Information Technology

You might also like to view...

The cut and copy commands make use of temporary storage called the ________

A) Tablet B) Clipboard C) Pasteboard D) Cut/Copy board

Computer Science & Information Technology

Match the scripting term to the description.

A. “sample text” B. “Press any key” C. 9 D. 1424 E. $X F. %TEMP% G. #Start     H. Loop

Computer Science & Information Technology

____ is the use of networking technology to provide medical information and services.

A. Telecommuting B. Remote medicine C. Telemedicine D. Remote health

Computer Science & Information Technology

The body of a method can include statements that declare other methods.

Answer the following statement true (T) or false (F)

Computer Science & Information Technology