Core Java

Java Pretty Good Privacy (PGP)

Public-Key Encryption

This post talks about PGP or “Pretty Good Privacy.” PGP is a hybrid implementation of conventional cryptography as well as public key encryption. Before going into the details of PGP, let’s talk a little about public-key encryption.

Like any other cryptographic technology, public-key encryption solves the problem of transmitting secure data over an insecure medium; namely, the internet. As a result, the purpose of this scheme is to send data so that only intended recipients could read.

It accomplishes this by using asymmetric key encryption. It uses a pair of keys for encryption: a public key which encrypts the data from the sender and a “corresponding” private key which decrypts the data on the receiving end. These public/private keys are mathematically linked yet generated so that neither is derivable (computationally feasible) from knowledge of the other; at least not until the end of time with the fastest computers out there. The keys are based on mathematical relationships (most notably the integer factorization and discrete logarithm problems). However, as computation becomes faster, encryption algorithms will always need to become more sophisticated.

To sum up, the public key is published and made available. It empowers anyone to encrypt data using the public key, but only the party in possession of the private key can decrypt the data. A big benefit of public key cryptography is that it enables parties who have no preexisting security arrangement to exchange messages in a secure manner since all communications involve only public keys, and no private key is ever transmitted or shared. Some common examples of public-key systems are RSA (Rivest, Shamir and Adleman )and DSA (Digital Signature Algorithm).

PGP

Created by Phil Zimmermann in 1991, PGP is a hybrid public-key encryption/conventional scheme, and does things a little different. The body of the message in clear text or plain text is first compressed and then encrypted. This compression not only does it make files easier to transmit but also strengthens security. Currently, there is standards body who maintain this project: OpenPGP Alliance.

After compression, PGP then creates a session key. This session key is a one-time secret key generated from movements of your mouse and keystrokes you type. With this session key, the data is encrypted to form the ciphertext. Once encrypted, the session key is then encrypted to the recipient’s public key, which is bound to a username and/or an email address (more on this later). This public key is transmitted along with the ciphertext to the recepient.

Decryption works in reverse. The recipient’s copy of PGP uses the users private key to recover the session key generated above in order to decrypt the ciphertext.

In addition to encryption, PGP uses a cryptographically strong hash function for message signatures if the need is to provide some form of verification. A hash function is a process that takes a variable-length input (a message) and produces a fixed length output; say 160-bits. This is called a message digest which can be different with the slightest change on the input. Then PGP uses the digest and the private key to create the “signature.” Furthermore, this signature and the plain text are transmitted to receiver who will need to recompute the digest and verify the signature. Again, the slightest alteration of this message will change the signed document and cause the verification process to fail.

In Java, perhaps the most popular encryption library provider is the “Legion of the Bouncy Castle”.

// insert code here
public class PGPExample {
    public static void encrypt()  {

         Security.addProvider(new BouncyCastleProvider());
         
         //Load Public Key File
         FileInputStream key = new FileInputStream("res/keys/public.bpg");
         PGPPublicKey pubKey = KeyBasedFileProcessorUtil.readPublicKey(key);
         
         //Output file
         FileOutputStream out = new FileOutputStream("target/enc.bpg");

         //Input file
         String inputFilename = "src/main/resources/plaintext.txt";

        //Other settings
        boolean armor = false;
        boolean integrityCheck = false;
        KeyBasedFileProcessorUtil.encryptFile(out, inputFilename, 
           pubKey, armor, integrityCheck);   
    }
}

Resources

  1. http://www.pgpi.org/doc/pgpintro/
  2. http://en.wikipedia.org/wiki/Pretty_Good_Privacy
  3. http://www.rossde.com/PGP/index.html#links
  4. http://www.openpgp.org/
  5. http://www.bouncycastle.org/java.html

Reference: Java and Pretty Good Privacy (PGP) from our JCG partner at Reflective Thought.net.

Related Articles :
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

2 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Shahin bano
Shahin bano
7 years ago

Hi,
I need pgp encryption in android ,please provide me full source code…
please……………………………..

Lukas
Lukas
6 years ago
Reply to  Shahin bano

full source code only? I thought you would also asked for automated tests and documentation like people online have no better things to do than complete your work requests for you. You call yourself a software developer???

Back to top button