Note: My Web pages are best viewed with style sheets enabled.

PGP: Key Encryption

Copyright © 1998-2001, 2003, 2005, 2006 by David E. Ross

Combining Single-Key and Public Key/Private Key Encryption

If you seek details on the mechanics of PGP and the encryption algorithms it uses, this is not the place. There are many excellent sources of that information elsewhere on-line. Here, however, you will find some understanding of the PGP terminology.

Why Encrypt?

If you listen to the police and FBI, you would believe that only unsavory individuals such as drug dealers, pornographers, terrorists, and spies use PGP to encrypt their E-mail and computer files. However, ordinary individuals might want to use PGP, too. graphic with envelope and key

Two lovers exchanging love notes via E-mail might want to encrypt them. To the lovers, these notes may seem only amorous. Others might view them, however, as erotic or even worse. In any case, these notes should be protected from others viewing them.
The development team for a company's new product should definitely encrypt all E-mail regarding the product. Prior to the product being patented, the company's policies should mandate encryption. But even after receiving the patent, marketing and pricing plans, expected production volume, and other such information should also be protected. Thus, not only should E-mail be encrypted, but so should data files.
A wife and husband share a PC and an Internet account. They can see each other's E-mail. While the wife has access to her husband's private key, he keeps his passphrase only in his head. Because he is concerned that she might pick up the telephone at the wrong time, his plans for a surprise birthday party for his wife are made via encrypted E-mail.
Union leaders planning a job action should definitely encrypt all E-mail to each other and to anyone else involved. Members of the flight attendants' union at Northwest Airlines learned this lesson the hard way. When their job action became a wildcat strike against the airline, the airline filed a lawsuit against the union. To support its case, the company obtained a court order to seize the personal computers of some employees so that files on the hard drives could be copied and examined. Northwest was looking for E-mail and other evidence that union leaders conspired to conduct a strike that was contrary to the existing labor contract. The subpoenas were issued without any prior warning to the owners of the PCs. They were served at the same time the computers were seized. The airline was then able to browse through all files on each hard drive, not merely files related to the strike. If you want to keep anything on a home computer that you do not want your employer (or anyone else) to see, the file should most definitely be encrypted. It is far too late to start erasing files when a subpoena is thrust into your hand.
On my PC at work (before I retired), I kept a file containing a list of all my credit cards with the account numbers and the phone numbers of the issuers. I might want to talk to an issuer about my account during their business hours, which coincided with my work hours. Of course, this file was encrypted.
Father William J. Morton (an Episcopal priest in Canada) sometime counsels members of his church via E-mail. Such sensitive communications are encrypted.
A company is bidding on a major government project in competition with other companies. For submitting their final bid, the bid team is traveling to the site where the work will be done. Their bid data are on laptop computers the team is carrying. These data include their cost estimates, lists of key employees who will work on the project, technical details on how the project will be accomplished, and spreadsheets they will use to make the final adjustments in their bid after they examine the site. Even if the company has never previously been a victim of industrial espionage, all files on the laptops should be encrypted.
60 Minutes on 27 February 2000 described how a super-spy project of the United States (with help from Canada, the United Kingdom, New Zealand, and Australia) intercepts phone calls and E-mail. Even a slang use of bomb (e.g., describing a great automobile or a really bad stage play) in a supposedly private E-mail message can trigger an investigation of the sender and recipient. In the aftermath of the 11 September 2001 terrorist attacks, the FBI now has the authority to intercept E-mail messages without a judge issuing a search warrant. If this offends you, you definitely should encrypt your E-mail.
When I took my PC for repairs, I encrypted all files containing my personal financial data and certain other personal files.
A real estate developer wants to build a new shopping center. The land is owned by six different individuals. If the plans were leaked before the developer can buy all six parcels, the price of each parcel would jump. E-mail between the developer, his attorney, and his real estate broker should be encrypted.
A school district is involved in intense contract negotiations with the union representing its 3,000 teachers. The district's Superintendent of Education wants to instruct her hired negotiator regarding the district's absolute limit on salaries and benefits while allowing the negotiator to possibly get the teachers to settle for less. The superintendent suspects that staff members in the district's headquarters — sympathetic to the teachers — have been eavesdropping on her phone calls and listening at her office door. She sends encrypted E-mail to the negotiator.
The CEOs of two corporations are discussing a merger. They exchange E-mail messages, which must be kept from other companies that might want to interfere.
A company offers employment to a top executive at another company, who does not yet want his current employer to know he is leaving. Since many employers routinely monitor and read E-mail on their company computers, any E-mail exchanged during contract negotiations should be encrypted.
Anyone who provides information to a lawyer regarding a lawsuit or criminal case via E-mail should use PGP to ensure confidentiality. With U.S. Attorney-General John Ashcroft now having the FBI listening to phone conversations between lawyers and their clients — without any judicial supervision through a warrant or court order — this has new importance if the attorney-client privilege is to be preserved.
Roger Cardinal Mahony (Roman Catholic archbishop of Los Angeles) should have encrypted the E-mail he sent to his diocese's attorney. As in other Roman Catholic dioceses across the United States, the church in Los Angeles has been wracked with claims that priests sexually molested children. E-mail messages from Mahony to his attorney — in which he apparently confirms the reality of the claims, admits prior knowledge of the molestations, and even comments on a cover-up of the cases — were read on KFI-AM radio and published in the Los Angeles Times in April 2002. An FBI investigation into how 60 E-mail messages from Mahony to his lawyer regarding civil lawsuits were copied and sent to the media will provide little consolation to the Cardinal, a case of closing the barn door after the horse escaped.
According to one company's internal User's Guide to PGP,
PGP should be used when sending information that:
- Would cause us to lose our technology advantage if the information falls into competitor's hands
- Is a trade secret
- Could mean loss of business if given to the competitor
- Contains personnel information
According to an article in the "Business" section of the Los Angeles Times ("Laptop seizure raises concerns over firms' data", 4 November 2006), agents of U.S. Customs and Border Protection have the right not only to examine laptop computers carried by international travelers — including laptops carried by U.S. citizens — but also to seize them, all without any warrants. While they are searching for child pornography, proprietary business data are placed at risk. This is not peculiar to the U.S. Any international traveler carrying a laptop should definitely encrypt all files containing sensitive, confidential, or merely embarrassing data.
As noted in the Ventura County Grand Jury 2005-2006 Final Report, the
practice of using a commercial service to archive unencrypted data places sensitive data such as payroll and personnel records at risk of unauthorized disclosure.
…
The loss or theft of removable data media is a recognized problem affecting financial institutions, government agencies, colleges, and other organizations. Instances of this loss may lead to the compromise of sensitive data and the possibility of identity theft using those data. [citing a 28 April 2006 news article in the Boston Globe]

Although no such loss had yet impacted Ventura County, the Grand Jury recommended
When backing-up data, all files should be encrypted before release outside of the ISD [Information Services Department]. Only designated security personnel within ISD should have access to the related decryption keys.

Of course, a little thought would add more entries to this list. If such information were hardcopy on paper, it would be in a filing cabinet with a lock or even in a safe. PGP encryption provides an electronic safe where this information can still reside on a computer or even in a company's computer network, where access remains convenient.

Nothing sinister should be inferred when someone wants to keep personal data and private communications secret. Like sealing a personal letter into an envelope for postal mail or locking a checkbook into a desk drawer, PGP seals E-mail and keeps files safe. Of course, if proper care is taken when using PGP, it is far stronger than any envelope or desk drawer.

Someone who read this page wrote to me, suggesting that all messages and files should be encrypted, thereby confusing any snoop by hiding important data among trivial data. This concept was used by Edgar Allen Poe in his The Purloined Letter. To me, this would be more bother than it is worth. Since I am not a drug dealer, pornographer, terrorist, spy, or otherwise committing a felony, I do not really need to hide my important data. Encryption is sufficient. The effort and cost of decrypting my encrypted files exceed the value of the data I have secured.

That same writer expressed concern that the mere use of encryption could be dangerous. "A corrupt or corrupted regime will use your use of encryption as de facto evidence of criminal/treasonous behavior." This is indeed valid. In some nations, the mere use of encryption may be a crime, although that cannot be confirmed. He then argues that more widespread and routine use of encryption would temper such suspicions. I am not sure that would be true with a paranoid government.

Single-Key Encryption

If you take an arbitrary large number (or a string of characters and treat it as a number) and use it as input to a mathematical operation on some target data (also treated as a number) to scramble the latter, the former is an encryption key. Treating even text data as a number is easy if you consider that all characters are represented inside a computer as numbers. (See my Escaped Characters.) For example, a string of 100 characters (the key) can be converted to a number and added to the target data after it too is converted into a number. If the target data contains more than 100 characters, the process can be repeated with the same key over groups of 100 characters. This is a very simple form of encryption. Decryption could use the same key; the operation would merely be subtraction instead of addition. Since the same key is used for both encryption and decryption, this is a symmetric method. Obviously, you must keep the key confidential, sharing it in some safe manner only with the person who exchanges encrypted messages with you.

Public Key/Private Key Encryption

Use of public and private keys, showing the progression from plain text to encrypted and back to plain text PGP is an asymmetric (not symmetric) method. It uses one key (the public key) to encrypt the target data, using a mathematical operation far more complicated than merely adding the two together. There is no known mathematical operation that can take that same key and use it for decryption. Instead, a different key (the private key) is used by a different mathematical operation to decrypt the target data. Thus, you do not need a safe method of sharing a key with someone who exchanges encrypted messages with you. Instead, you send that other person your public key for him to use when he sends an encrypted message to you. You do not care who else sees that public key because no one can use it to decrypt the messages. You then use your private key (which you do not share with anyone) to decrypt the messages. Likewise, that other person sends you his public key for you to use when you send him a message. From this, we get the term public key/private key encryption.

Note that you really need only one pair of keys. Everyone can use your public key to encrypt data to send to you. You do not need a separate key for each individual. No one can decrypt those data — not those who have your public key, not even the person who used your public key to encrypt the data. Only your private key can be used to decrypt data that were encrypted with your public key. Further, PGP requires a passphrase when using your private key. A passphrase is a long password that can contain blanks and punctuation; some individuals use complete sentences for their passphrases. Your private key is itself symmetrically encrypted when stored on your computer, and your passphrase is the key used to encrypt and decrypt it.

Because your public key cannot be used to decrypt a file intended for you, you really do not care who has your public key. Not only your friends but also your enemies can have your public key. Your wife can have the same public key as your girlfriend. You really do not care if both the police and the criminals have your public key. On the other hand, you must carefully guard your private key, which is used to decrypt what your public key has encrypted. You must also separately guard your passphrase in case your private key is compromised.

Remember: You need the other person's public key to encrypt a message to him. He needs your public key to encrypt a message to you. You both need PGP or a PGP-compatible application.

Combining Single-Key and Public Key/Private Key Encryption

Actually, PGP uses a combination of symmetric and asymmetric encryption. Asymmetric encryption is relatively slow and, for a truly secure result, requires a pair of excessively long keys. Instead, each time PGP is used, it generates a new symmetric key — the session key — which it uses to encrypt the target data using a very secure symmetric method. Message Encrypted for Two Different Individuals, showing how a single session key encrypts a message and is then appended to the message twice after being encrypted to two different public keys To avoid the obvious weakness inherent in using symmetric keys, PGP then uses an asymmetric method with the intended recipient's public key to encrypt the session key, which PGP appends to the already encrypted target data. The recipient then uses PGP and her private key to decrypt the session key, which PGP then uses to decrypt the rest of the data. The session key (as its name implies) is used only for this one encryption session and is then discarded. It is never exposed by PGP at either end of the process. To the user, this is still asymmetric public key/private key encryption and it still defies attempts to break the results.

The combination of symmetric (two-way) session keys and asymmetric private-keys/public-keys means the same file or message can be encrypted for more than one recipient without requiring a separate resulting file for each. Instead, the file is encrypted with a session key. Then, the session key is repeatedly encrypted with each recipient's public key, each result separately appended to the encrypted file. The same file with appended session keys — all encrypted — can then be distributed to all the intended recipients. A recipient's PGP can determine which encryption of the session key (if any) used that recipient's public key. Thus, the session key can be decrypted in order to use it to decrypt the file. Anyone who receives the encrypted file but who does not have a private key corresponding to any of the appended encrypted session keys cannot decrypt the file.

The ability to encrypt a file or message with more than one public key has led to the Additional Decryption Key (ADK) capability in PGP. This capability not only provides a feature needed for business use of PGP, but it also creates a security problem.

______________________________
While the diagram above is conceptually correct, it is technically backwards. The two instances of the encrypted session key are actually appended before the encrypted message.

Basic Principles

Confusion afflicts many new users of PGP regarding which key to use and when to use it.

When you encrypt a message and send it to someone else, you need that other person's public key. You do not use your own keys — public or private — for this.
If you encrypt a message to someone else, you cannot then view the message unless you also encrypt it to your own public key. Then you use your private key to decrypt it.
When someone else encrypts a message and sends it to you, that person needs your public key. If you do not have a public key or if you have not distributed your public key, no one can encrypt a message to you.
No one should have your private key except for yourself. You use your private key to decrypt an incoming message or to sign an outgoing message.
- You do not want to give complete freedom to anyone else to decrypt your incoming messages. If you want someone else to see an incoming message, decrypt it with your private key and then encrypt it with his public key before forwarding it.
- You certainly do not want others putting your signature on messages and files, no more than you want others signing your checks.
For the same reasons, no one should have your passphrase except for yourself. Your private key is itself encrypted, with a key based on your passphrase. The two go together.
In any case, both you and the other person need to have PGP installed if you are using public key/private key encryption. This is true even if the messages are going only one way. Depending on the properties of the keys involved, the versions of PGP do not have to be the same. They don't even have to be The PGP Product, merely software that implements the PGP process (e.g., Gnu Privacy Guard (GPG)).
Except when exporting keys, you do not have to indicate public or private.
- For keys belonging to others, you only have copies of their public keys.
- For your own key-pair, PGP automatically selects your public key for encrypting and your private key for decrypting and signing.
- When exporting your own keys, the default is to export only your public key; there is a risk (whose explanation is beyond these Basic Principles) in exporting your private key.
It is necessary for you to keep the distinction between private and public keys clear in your head only so that you understand what you are doing when you use PGP.
When you upload your own key to a public key server, only your public key is uploaded.

Every point above also applies to encrypting and decrypting files, not just to messages.

Last updated 4 November 2006

Note: The copyright on this page extends to the uncaptioned graphic showing encryption and decryption and to the graphic captioned Message Encrypted for Two Different Individuals. Both are © 2001.