Scribd
Upload
9 views

Experiment-7

Uploaded by

mohammed.ansari
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
9 views

Experiment-7

Uploaded by

mohammed.ansari
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 13

Experiment - 7

Name: Ansari Mohammed Shanouf Valijan


Class: B.E. Computer Engineering, Semester - VII
UID: 2021300004
Batch: VII

Aim:
To implement Pretty Good Privacy (PGP) security method.

Theory:
Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and
authentication for data communication. Developed by Phil Zimmermann in 1991, PGP uses a
combination of symmetric-key and public-key encryption to secure email communications
and files. By encrypting messages, PGP ensures that only the intended recipient, who
possesses the corresponding private key, can read the content. This dual-layered approach
enhances security, allowing users to share sensitive information without fear of interception.
One of the key features of PGP is its use of a web of trust model, which allows users to
authenticate each other’s public keys without relying solely on centralized authorities.
Instead of a single certificate authority, users can sign each other's keys, creating a
decentralized trust network. This model empowers users to verify the authenticity of public
keys, reducing the risk of man-in-the-middle attacks. As a result, PGP not only protects the
confidentiality of messages but also helps to ensure the integrity and authenticity of the
communication.

Over the years, PGP has evolved, with various implementations and extensions, such as
OpenPGP, which standardizes the encryption method. Despite the rise of other encryption
tools and services, PGP remains a foundational technology in secure communications. Its
influence can be seen in many modern encryption practices, and it continues to be a crucial
tool for journalists, activists, and anyone needing to communicate securely in an increasingly
digital world. However, its complexity and the learning curve associated with managing keys
can pose challenges for new users, necessitating ongoing efforts to improve usability without
sacrificing security.

Implementation:
Following is a step-by-step walkthrough of PGP implementation that was carried out along
with the lab partner (Palaash Jain - 2021300050)-

Downloading and installing gpg4win (for PGP implementation) and kleopatra (for key
management)
Creating the public-private RSA-based key pair for self (using kleopatra’s interface)

Protecting the private key using a password


Importing partner’s public key and viewing it in the interface

Following message was used for testing of proper encryption-decryption workflow

Importing the message in kleopatra for its encryption


Signing the message with private key and encrypting it using partner’s public key as imported

Similar process was followed on the partner’s end and following encrypted message was
received (message_send.txt)
Providing the password to allow the system to utilize private key for decryption of the
received message

Successful message decryption and signature verification acknowledgement as received


Following is the decrypted message as viewed

A similar activity was performed through command line interface, summary images of which
are as follows
Further, upon successful verification of proper functioning of the PGP routine, it was
integrated with the email system (postbox) through enigmail, the details of which are as
follows-

Signing into postbox mail service


Trying to view an email sent by the lab partner (unable to view because of its encryption)

Installing enigmail extension for postbox (to integrate the PGP routine with the mail service)

Configuring the enigmail extension


Retrying to view the encrypted email by providing the secret password
Decrypted email as viewed

Similarly, sending an email (automatically encrypted and signed by the enigmail extension)

The decrypted message (from part-1) as viewed on the lab partner’s screen

Following is a one-page hand-written report on the PGP example-


Conclusion:
By performing this experiment, I was able to get familiar with the Pretty Good Privacy (PGP)
security routine. I was able to implement the same using gpg4win software and kleopatra key
management tool. Implementation was properly verified through message sharing with the
lab partner. Further, upon proper verification, I was able to integrate the PGP routine to email
client (postbox) using enigmail and was able to successfully share encrypted emails and
decrypt received emails.

You might also like