9
3
There's PGP public key block posted on some websites (eg. http://phrack.org/index.html).
It's not hex code. it uses much more alphabet characters. What is it?
Why is this information posted? how can i use it?
DrStrangeLove
Posted 2011-07-18T17:46:14.203
Reputation: 1 381
4
Pretty Good Privacy (PGP) is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting and decrypting texts, E-mails, files, directories and whole disk partitions to increase the security of e-mail communications.
Cryptography is the science of using mathematics to encrypt and decrypt data. Cryptography enables you to store sensitive information or transmit it across insecure networks (like the Internet) so that it cannot be read by anyone except the intended recipient.
While cryptography is the science of securing data, cryptanalysis is the science of analyzing and breaking secure communication. Classical cryptanalysis involves an interesting combination of analytical reasoning, application of mathematical tools, pattern finding, patience, determination, and luck. Cryptanalysts are also called attackers.
How does cryptography work?
A cryptographic algorithm, or cipher, is a mathematical function used in the encryption and decryption process. A cryptographic algorithm works in combination with a key—a word, number, or phrase—to encrypt the plaintext. The same plaintext encrypts to different ciphertext with different keys. The security of encrypted data is entirely dependent on two things: the strength of the cryptographic algorithm and the secrecy of the key. A cryptographic algorithm, plus all possible keys and all the protocols that make it work comprise a cryptosystem. PGP is a cryptosystem.
Public key cryptography is an asymmetric scheme that uses a pair of keys for encryption: a public key, which encrypts data, and a corresponding private, or secret key for decryption. You publish your public key to the world while keeping your private key secret. Anyone with a copy of your public key can then encrypt information that only you can read. Even people you have never met.
It is computationally infeasible to deduce the private key from the public key. Anyone who has a public key can encrypt information but cannot decrypt it. Only the person who has the corresponding private key can decrypt the information.
How does PGP work?
PGP combines some of the best features of both conventional and public key cryptography. PGP is a hybrid cryptosystem. When a user encrypts plaintext with PGP, PGP first compresses the plaintext. Data compression saves modem transmission time and disk space and, more importantly, strengthens cryptographic security. Most cryptanalysis techniques exploit patterns found in the plaintext to crack the cipher. Compression reduces these patterns in the plaintext, thereby greatly enhancing resistance to cryptanalysis. (Files that are too short to compress or which don't compress well aren't compressed.) PGP then creates a session key, which is a one-time-only secret key. This key is a random number generated from the random movements of your mouse and the keystrokes you type. This session key works with a very secure, fast conventional encryption algorithm to encrypt the plaintext; the result is ciphertext. Once the data is encrypted, the session key is then encrypted to the recipient's public key. This public key-encrypted session key is transmitted along with the ciphertext to the recipient.
See http://www.pgpi.org/doc/pgpintro/.
And PGP.
Binarylife
Posted 2011-07-18T17:46:14.203
Reputation: 519
The "How can i use it?" part is not clear to me, after reading the answer. Why is it displayed in the web site? – dxvargas – 2017-09-20T14:46:04.000
dxvargas: The relationship between the public and private keys is that anything encrypted with one of them can only be decrypted with the other. That means:
If you receive a message that's encrypted, and you can decrypt it with the phrack public key, you can be confident it came from someone with access to phrack's private key.
If you want to send something and be sure only someone with access to phrack's private key can read it, you can encrypt it with their public key.
If you trust that the private key is well protected, the "someone with access" must be someone at phrack. – Scott – 2018-06-19T17:20:54.247
1but, how are public and private key generated?? are they generated at the same time?? are they somehow related??(eg. they're related but it's not possible to deduce private one from public one) – DrStrangeLove – 2011-07-18T18:08:26.167
2
@DrStrangeLove: The keys are generated together; they are basically randomly-chosen numbers with special mathematical properties. It's not possible to deduce the private key from public one. Usually, the opposite (public from private) is impossible too. The Wikipedia articles on RSA, DSA and ECDSA have descriptions of each algorithm.
– user1686 – 2011-07-18T18:13:05.2631@grawity: but in my example (on phrack) public key is represented with non-hex characters! What is this representation of the public key?? – DrStrangeLove – 2011-07-18T18:19:29.283
2
@DrStrangeLove: Often, blocks of binary data are encoded using Base64. OpenPGP keys use a slighly modified version called Radix64, described in the same page.
– user1686 – 2011-07-18T18:21:15.370@grawity: So, (on phrack) it's not true public key, but rather true public key encoded with Base64/Radix64 encoding, right?? – DrStrangeLove – 2011-07-18T18:27:20.220
@DrStrangeLove: It depends on what exactly you mean by saying "true public key". (The OpenPGP standard accepts both raw and Radix64-encoded forms, and all programs treat them as equal.) – user1686 – 2011-07-18T18:55:04.340
1@grawity: if i send encrypted message to Phrack, What garantees that their pgp software's very secure, fast conventional decryption algorithm will match mine likewise encryption algorithm??(i understood about the keys)Will it decrypt my message?? – DrStrangeLove – 2011-07-18T20:45:18.277
1@DrStrangeLove: The OpenPGP standard guarantees it. One, OpenPGP defines a list of standard crypto algorithms (AES, Camellia, Blowfish, 3DES) that must be supported. Two, every OpenPGP encrypted message includes information on what algorithm was used. – user1686 – 2011-07-18T20:54:31.770
1@grawity: Thanks, man!! You really enlightened me!! :)) – DrStrangeLove – 2011-07-18T21:19:33.280