Foundations of Computer SecurityLecture 68: PGP Services IIDr. Bill YoungDepartment of Computer SciencesUniversity of Texas at AustinLecture 68: 1 PGP Services IIPGP ServicesRecall that PGP supplies five basic services:1Authentication2Confidentiality3Compression4Email compatibility5SegmentationActually, only authentication and confidentiality are really“services.” The others are engineering features designed to makePGP efficient and robust.Lecture 68: 2 PGP Services IICompressionAs a default, PGP compresses the message, using the ZIPcompression algorithm, after applying the signature and beforeencryption.It is done in this order because:It is preferable to sign an uncompressed message so that thesignature does not depend on the compression algorithm.Versions of the compression algorithm behave slightlydifferently, though all version are interoperable.Encryption after compression strengthens the encryption,since compression reduces redundancy in the message.Lecture 68: 3 PGP Services IIEmail CompatibilityPGP always involves encryption. Encrypted text contains arbitrary8-bit octets. However, many email systems would choke on certainbit strings they’d interpret as control commands.PGP uses radix-64 conversion to map groups of three octets intofour ASCII characters. Also appends a CRC for data errorchecking. By default, even ASCII is converted.Use of radix-64 expands the message by 33%. This is usually morethan offset by the compression.Lecture 68: 4 PGP Services IISegmentation and ReassemblyEmail systems often restrict message length. Longer messagesmust be broken into segments, which are mailed separately.PGP automatically segments messages that are too large. This isdone after all of the other steps, including radix-64 conversion.Thus, signature and session key appear only once.At the receiving end, PGP strips off mail headers and reassemblesthe message from its component pieces.Lecture 68: 5 PGP Services IILessonsPGP provides the “services” of compression, emailcompatibility, and segmentation to make the system morerobust and efficient.Next lecture: PGP Key ManagementLecture 68: 6 PGP Services
View Full Document