Version 1.5

# The comp.security.pgp FAQ

## Appendix I - The functionality behind PGP

This part is largely based on a post made by J. Kelly Cunningham
<deviate@lipschitz.sfasu.edu>.

### 0) Background

PGP uses three cryptographic components: RSA, IDEA, and md5.
**RSA** is a public key cipher. That is, there is not one key,
but two components, which are used for specific purposes. In this text,
P0() is your public key
and S0() is your private key. Anything encrypted by one can be decrypted
by the other, and it is considered impossible to determine S0() from P0().

Suppose X is a message. P0(X) is meaningless gibberish, however
S0(P0(X)) = X. Similarly, S0(X) is gibberish, but P0(S0(X)) = X.

**IDEA** is a symmetric key cipher. This is "normal"
cryptography: the same key encrypts and decrypts the message.
IDEA uses a 128 bit key to transform a
message into meaningless gibberish. The same key, when applied to the
meaningless gibberish, will produce the original message.

Suppose X is a message and k is a key. Then IDEA(X,k) is
meaningless gibberish, but IDEA(IDEA(X,k),k) = X.

**MD5** will produce an essentially unique 128 bit one way
hash of any input. It is considered impossible to determine the input
when given the hash, and the chance of two different inputs having the
same hash is extremely small. Think of a hash as a very good checksum.

md5(X) is a 128 bit representation of X.

### 1) Encryption

You wish to encrypt the message X to a recipient whose public key is P1().
PGP randomly generates a 128 bit key k. IDEA( ,k) is applied to X to produce
meaningless gibberish IDEA(X,k). P1() is applied to k to produce meaningless
gibberish P1(k). (IDEA(X,k), P1(k)) is sent to recipient. Since k is random
X will never be encrypted the same way twice.
In the case that you want to encrypt the message to two recipients, the
random key k is encrypted with the public keys of each recipient, but the
actual message is only encrypted once. Now (IDEA(X,k), P1(k), P2(k), ...)
is sent to each recipient, who has to pick out the bit which is encrypted
with his public key himself.

### 2) Decryption

You have received (IDEA(X,k), P0(k)). PGP applies S0() to P0(k) to retrieve
k = S0(P0(k)). Now that you have k, PGP applies IDEA( ,k) to IDEA(X,k) to
obtain X = (IDEA(X,k),k).
### 3) Signing

You wish to sign a message X. MD5 is applied to X to obtain MD5(X). S0() is
applied to MD5(X) to obtain the 'signature' S0(MD5(X)). (X,S0(MD5(X))) is sent
to recipient.
Normally, the signature is put *before* the actual message you
are sending, but if you use the "clearsign" option, the signature will
be put below the message. Additionally, when you "clearsign" a message,
spaces and tabs after a line are stripped off first, and newlines are
converted to carriage return/newline pairs. This ensures that mail and
news transport programs will not mangle the message in such a way that
the signature becomes invalid.

### 4) Authentication

Recipient, who has your public key, wishes to verify that a signed message,
(X,S0(MD5(X))), came from you. PGP applies P0() to S0(MD5(X)) to retrieve
MD5(X) = P0(S0(MD5(X)). Next, MD5() is applied to X to obtain MD5(X) directly
from X. If the two match, then the message is the one you sent.
Of course, you have to be sure that the public key you use to check the
signature *really* belongs to the person it claims to be from.

### 5) Encryption & Signing

You wish to encrypt a signed message to a recipient whose public key is
P1(). PGP forms (X,S0(MD5(X))) as in 3). PGP then forms
(IDEA((X,S0(MD5(X))),k), P1(k)) as in 1). This is sent to the recipient.
### 6) Decryption & Authentication

You receive (IDEA((X,S1(MD5(X))),k), P0(k)) formed as in 5). PGP retrieves
IDEA((X,S1(MD5(X))) as in 2). IDEA((X,S1(MD5(X))) is authenticated as in 4).
[
Table of Contents |
About this FAQ |
Glossary ]

**Copyright © 1996 by Arnoud Engelfriet.**

**Last updated:** 22 Oct 1998.

Comments, additions and suggestions can be sent to <faq-admin@mail.pgp.net>.

This FAQ was generated by Orb v1.3 for OS/2.