| • Science | • People | • Locations | • Timeline |
This article discusses the nature of crypto systems using as an illustrative example the design and implementation an influential modern cryptosystem— PGP. PGP is computer software, as essentially all practical cryptographic systems now are. It is more complex than earlier hand or mechanical rotor systems, but was chosen because it is far more typical of modern cryptographic practice. Version 2.6x is used as an example rather than say the OpenPGP standard, as it is conceptually similar, but has fewer algorithm choices.
encryption, integrity, non-repudiation, key exchange
MD5, RSA, IDEA, hybrid use of encryption for efficiency purposes, key distribution, digital signature of certificates / messages, key vetting, open source, use of publicly known and examined primitives
RSA/IDEA key choices, random inputs
format and content of certificates, choice of certificate vetting mechanism, lack of truly secure channels for key distribution and vetting,
Cryptography