The singular, most important piece of software on the Internet today is free. These same lines of code also fall under the heading of "munitions", according to the U.S. Government, and are subject to similar export restrictions. You may have heard of this little ditty. It's called PGP (Pretty Good Privacy) and it was written by a guy named Phil Zimmerman.
As you can imagine, Mr. Zimmerman caught the attention of our government in
a big way. You
see, Uncle Sam is OK with security as long as he has a way to break it.
Envelopes are cool, they
can be steamed open. The Clipper chip would have been just peachy, too. The
big guy has a
master key to decrypt that. But it seems there is just no way to break a PGP
encrypted file. No
choice but to start a criminal investigation against Mr. Zimmerman.
Fortunately for all of us, this investigation was finally dropped a few
weeks ago and the door is
now open for PGP to gain the popularity it deserves. The neat thing about
PGP is that it is based
on the public key encryption scheme. Let's take a look at basic cryptography
to see what all of
this is about:Conventional single key cryptography involves encrypting a message (known as "plaintext" in cryptography circles) using a "key" or code. The key transforms the message into an unreadable mishmash of letters and symbols known as "cyphertext." The message is then sent to its destination where the recipient can decrypt it using the same key, returning it to it's original plaintext state. The problem with this is finding a secure means of getting that key from point A to point B. And if you do find a secure channel, why not just use it to send your messages and not worry about encryption at all?
Public key encryption resolves these issues by allowing each user to create
two keys, a
public key and a private key. The public key can be distributed to all of
your friends and
correspondents without any fear of security being compromised. The private
key you guard like
you would your bank card PIN or network password. Nobody knows it but you.
The two keys
are complimentary in that (due to some arcane mathematical algorithms) what
is encrypted with
one can be decrypted with the other. Suppose I want to send you a top
secret, 007 type message. I
would encrypt it using your public key (which you gave to me because you
like getting top
secret, 007 messages) and send it to you in it's cyphertext form. You can
then decrypt it with
your private key. Likewise, when you are ready to respond to my message you
would encrypt
your response using my public key. When I received the cyphertext I would
convert it back to
plaintext using my private key.
This relationship between public and private keys can also be used for
"signing" or
authenticating messages. Since you are the only person who can encrypt
messages using your
private key, I know that if I can decrypt a message with your public key it
has to be from you. So
if you want to send me a signed message you would first encrypt it with your
private key, then
encrypt it again using my public key. When I received your message I would
decrypt it first with
my private key, then use your public key to verify that it is in fact from
you and not some
worthless scoundrel posing as you. If all of this encrypting and decrypting
seems like a lot of
trouble, not to worry. PGP takes care of all of that for you.
Once you have PGP installed on your computer you can use it to generate your
own public and
private keys. When you do this PGP will create two files known as
"keyrings". The pubring file
holds your public key, as well as any public keys you acquire from other
people. Your private
key is kept in a file called secring. PGP will now handle the tasks of
encrypting and decrypting
files (with or without your "signature"), adding other public keys to your
keyring, and extracting
your own public key so that you can send it to others.
Here's an example of what my public key looks like when I extract it in
ascii form:-----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.1 mQBtAy+WTS0AAAEDAO8dusURRnP8oxleSZfo5VKbtnkOPi65zTONQK7U8ERAZe4c pKt/h0p09QBbjwemLkP5/p2EUIuZgyfm5xqB10S7Nxi9RbDKCVVHuI0nJBhya7h/ w99P7xdYIDmoMA3XmQAFEbQlQm9iIExvbmcgPHJsMDAwMUBlcGZsMi5lcGZsYmFs dG8ub3JnPg== =YTwM -----END PGP PUBLIC KEY BLOCK-----
Think you might need PGP? Consider these words from Phil Zimmerman:
It's personal. It's private. And it's no one's business but yours. You may be planning a political campaign, discussing your taxes, or having an illicit affair. Or you may be doing something that you feel shouldn't be illegal, but is. Whatever it is, you don't want your private electronic mail (E-mail) or confidential documents read by anyone else. There's nothing wrong with asserting your privacy. Privacy is as apple-pie as the Constitution.
We are moving toward a future when the nation will be crisscrossed with
high capacity fiber optic data networks linking together all our
increasingly ubiquitous personal computers. E-mail will be the norm for
everyone, not the novelty it is today. The Government will protect our
E-mail with Government-designed encryption protocols. Probably most people
will acquiesce to that. But perhaps some people will prefer their own
protective measures.
PGP empowers people to take their privacy into their own hands. There's a
growing social need for it. That's why I wrote it.If you think you would be interested in learning more about PGP, the World Wide Web is a good place to start. Here are two links to get you going:
http://www.ifi.uio.no/~staalesc/ PGP/
http://web.mit.edu/network/pgp.ht ml
Copyright © 1996 Bob Long. All Rights Reserved.
Send Bob your "private" thoughts.