PGP Authentication and Confidentiality (original) (raw)
Last Updated : 30 Apr, 2026
This is an encryption software used to provide confidentiality, integrity, and authentication for digital communication and stored data. PGP secures emails, files, and other information by using a hybrid cryptographic approach, which combines both symmetric-key encryption and public-key encryption.
- Symmetric encryption uses a single secret key for both encryption and decryption.
- Public-key encryption uses a public key for encryption and a private key for decryption, ensuring secure communication between users.
- Provides a mechanism to create, store, and exchange cryptographic keys securely.
- Compresses data before encryption to reduce file size and improve transmission efficiency.
- Uses a decentralized trust model where users verify each other’s public keys instead of depending on a central authority.
- Works on different operating systems such as Windows, Linux, and macOS.
1. Authentication in PGP
This is used to verify that the message is truly sent by the claimed sender and has not been modified during transmission. It is achieved using digital signatures and hash functions.
Authentication in PGP
At the Sender’s End
- The original message is processed using a hash function (such as SHA-1) to generate a fixed-length hash value.
- This hash value is encrypted using the sender’s private key, creating a digital signature.
- The digital signature is attached to the original message.
- The message and signature are compressed and sent to the receiver.
At the Receiver’s End
- The received message is decompressed.
- The digital signature is decrypted using the sender’s public key to obtain the original hash value.
- The receiver again applies the same hash function to the received message.
- If both hash values match, the message is authentic and unchanged; otherwise, the message may be tampered with.
2. Confidentiality in Pretty Good Privacy (PGP)
Ensures that only the intended receiver can read the message. The message content is kept secret from unauthorized users by using encryption.
Confidentiality in PGP
At the Sender’s End
- The original message is first compressed to reduce size and improve security.
- The compressed message is encrypted using a random session key (Ks) with symmetric encryption algorithms such as CAST-128, IDEA, or 3DES.
- The session key (Ks) is then encrypted using the receiver’s public key (PUb) with RSA encryption.
- The encrypted message and encrypted session key are sent together to the receiver.
At the Receiver’s End
- The receiver decrypts the session key (Ks) using their private key (KPb).
- The retrieved session key is used to decrypt the message.
- The decrypted message is then decompressed to obtain the original content.
Authentication and Confidentiality Together
PGP provides Authentication and Confidentiality together to ensure that the message is secure, private, and verified. This combined process protects the message from unauthorized access and confirms the identity of the sender.
Authentication and Confidentiality services in PGP
- **M: Message
- **H: Hash Function
- **Ks: Session Key (for Symmetric Encryption)
- **KP a, KP b: Private Keys of Sender (A) and Receiver (B)
- **PU a , PU b: Public Keys of Sender (A) and Receiver (B)
- **EC / DC: Symmetric Encryption & Decryption Algorithms
- **EP / DP: Public Key Encryption & Decryption Algorithms
- ****| |:** Concatenation
- **Z / Z -1: Compression & Decompression Functions
Advantages
- Provides strong encryption, making data and emails highly secure.
- Ensures confidentiality so only the intended receiver can read the message.
- Supports digital signatures to verify sender identity and maintain data authenticity.
- Uses a hybrid cryptographic method (public + private key), improving overall security.
Disadvantages
- Complex to use, requiring technical knowledge and training.
- Key management can be difficult; losing keys may result in permanent data loss.
- Incorrect configuration or usage can weaken security.
- Does not provide anonymity; sender and receiver identity can still be traced.