Network Ine

Security
private kev itself is not stored in the key ring. Rather, this key is encryped

procedure isas follows

using CAST-128. The used tor encrypting private keve
passphrases to be
I.The user select a private key pair using RSA,
generates a newW public /
passphrases. A 160-bit hash code is generated from
2. When the system
the user for the
pass-phrase using SHA-1.
3. The system encrypts the private key using CAST-128 with the 128-bits of the
hash code as the key.
PGP retrieve the encrypted private ky, generate the hash code of the
will
pass-phrase and decrypt the encrypted private key using CAST-128 with the
code. hash
4.1.1.4 PGP Message Generation
Fig. 4.1.8 shows PGP message generation.
Public key
ring
Passphrase H
Private key Select
ring 1Dg Key ID
Select Encrypted
IDA private ring Encrypted
DC key ring
Key ID

Private key Public

KRb
key
KRa

Message
digest RNG
EP
Message
M
SessionKs key
Message Output
Signature
+ message EP

Fig. 4.1.8 EC Encrypted

signature
The sending PGP PGP + message
a) Signs the entity message generation
message: performs the
i. PGP
index.
gets fol owing
sender's private key fromsteps :
key ring using its user
idas
a

TECHNICAL PUBLICATIONS - an
 4- 13
Application Layer Security
ii. PGP prompts user for
. PGP constructs the pasS-phrase to decrypt private key.
signature.component of the message.
b)Encryptsthe message :
PGP
i generates a session key and encrypts the
; PGP retrieves the receiver public key message.
id as an index, from the key ring using its user
ii PGP constructs session component of message.
11.5 PGP Message Reception
Fig. 4.1.9 shows PGP message receptiorn.
Public key
Passphrase H
ring
Select
Private key
ring
Select
encrypted
private key
DC

Private key
KRy
Public key
Receiver's KUa
key ID
DP
Encrypted
|session key
Session key Senders
Key ID
Encrypted Ks
message Encrypted DP
|+signature digest
DC Compare
Message
-
Fig. 4.1.9 PGP message recèption
The
a) receiving thePGP entity performsthe following steps :

Decrypting i
message :
PGP get privaté key from private-key ring using Key ID field in
session key component of message as an index.
ii. PGP prompts user for pass-phrase to decrypt private key.
iii. PGP recoves the session key and.decrypts the message.
TECHNICAL PUBLICATIONS an up-thrust for khowledge
Network Security 4- 14
Application Layer Securty
b) Authenticating the message :
i. PGP retrieves the sender's public key from the public-key ring
the Key ID field in the signature key component as index using
"ii. PGP recovers the transmitted message digest.
111. PGP computes the message for the received message and compares it
to the transmitted version for authentication.

4.1.1.6 Concept of Trust

PGP uses trust field for trust information. These fields are
1. Key legitimate field
2. Signature trust field
3. Owner trust field.
1. Key legitimate field : Key
key. i.e. extent to which PGPlegitimate
will trust.
field indicates the validity of the publr
2. Signature trust field : It
signer to certify public keys.indicates the degree to which PGP user trusts the
3. Owner trust field : It
sign other public key indicates the degree to which the public key is
certificates. This level is assigned by USer. trusted to
4.1.1.7 Trust Processing Operation
On the public key
to the trust flag ring, user A inserts a new public
which is key, then PGP assign a
OWner is user
A, then this associated with the owner of this valte
value of ultimate trust is public key also appears in the public ey. lI ue
Tf user A is
not the
oWner,
automatically
PGP
private
assigned the trust field.
to key ring and the

assigned the owner of this

to asks user A for his
The user can key and
specify that this owWner is user.A must aSsessment of the trust to be
enter the desired level.
When the new unknown, untrusted or
When a
public key is entered, one or completely
See if the signature is
author of inserted into the
more
signatures may be attached toit.
this entry, PGP
The value of
the key signature is
among the searches the
known public keypublic
key ringto
trust fields
Fig. 4.1.10
legitimacy
present in this entry. field is calculated the basis of the
on
OWners.
signature
shows PGP
signature trust and key Trust model
public key ring. The userlegitimacy areexample. It is an in whic.
has
acquired related. example the structure of a
The figure of way
a
number of public shows
keys.
the
TECHNICAL PUBLICATIONs an u-th
 4- 15
Application Layer Security
You

D
E

H K
G N
o

Fig. 4.1.10 PGP trust model

,The node labeled "You" refers to the entry in the public key ring,
corresponding
this user. This key is legitimate and the OWNERTRUST value is ultimate trust.
to
In this example, this user has specified that it always trusts the following user to
sign other keys : D, E, , L. This user partially trúst users Aand B to-sign other
keys.
Notation used in above figure
?= Unknown signatory

X is signed by Y
(a)

Key's owner is trusted by you to sign keys

(b)

Key's owner is partly trusted by you to sign

(c) keys

Key is deemed legitimate by you

(d)

TECHNICAL PUBLICATIONS- an up-thrust for knowledge