Home » Java » Core Java » Java Pretty Good Privacy (PGP)

About Luis Atencio

Luis Atencio

Java Pretty Good Privacy (PGP)

Public-Key Encryption

This post talks about PGP or “Pretty Good Privacy.” PGP is a hybrid implementation of conventional cryptography as well as public key encryption. Before going into the details of PGP, let’s talk a little about public-key encryption.

Like any other cryptographic technology, public-key encryption solves the problem of transmitting secure data over an insecure medium; namely, the internet. As a result, the purpose of this scheme is to send data so that only intended recipients could read.

It accomplishes this by using asymmetric key encryption. It uses a pair of keys for encryption: a public key which encrypts the data from the sender and a “corresponding” private key which decrypts the data on the receiving end. These public/private keys are mathematically linked yet generated so that neither is derivable (computationally feasible) from knowledge of the other; at least not until the end of time with the fastest computers out there. The keys are based on mathematical relationships (most notably the integer factorization and discrete logarithm problems). However, as computation becomes faster, encryption algorithms will always need to become more sophisticated.

To sum up, the public key is published and made available. It empowers anyone to encrypt data using the public key, but only the party in possession of the private key can decrypt the data. A big benefit of public key cryptography is that it enables parties who have no preexisting security arrangement to exchange messages in a secure manner since all communications involve only public keys, and no private key is ever transmitted or shared. Some common examples of public-key systems are RSA (Rivest, Shamir and Adleman )and DSA (Digital Signature Algorithm).

PGP

Created by Phil Zimmermann in 1991, PGP is a hybrid public-key encryption/conventional scheme, and does things a little different. The body of the message in clear text or plain text is first compressed and then encrypted. This compression not only does it make files easier to transmit but also strengthens security. Currently, there is standards body who maintain this project: OpenPGP Alliance.

After compression, PGP then creates a session key. This session key is a one-time secret key generated from movements of your mouse and keystrokes you type. With this session key, the data is encrypted to form the ciphertext. Once encrypted, the session key is then encrypted to the recipient’s public key, which is bound to a username and/or an email address (more on this later). This public key is transmitted along with the ciphertext to the recepient.

Decryption works in reverse. The recipient’s copy of PGP uses the users private key to recover the session key generated above in order to decrypt the ciphertext.

In addition to encryption, PGP uses a cryptographically strong hash function for message signatures if the need is to provide some form of verification. A hash function is a process that takes a variable-length input (a message) and produces a fixed length output; say 160-bits. This is called a message digest which can be different with the slightest change on the input. Then PGP uses the digest and the private key to create the “signature.” Furthermore, this signature and the plain text are transmitted to receiver who will need to recompute the digest and verify the signature. Again, the slightest alteration of this message will change the signed document and cause the verification process to fail.

In Java, perhaps the most popular encryption library provider is the “Legion of the Bouncy Castle”.

// insert code here
public class PGPExample {
    public static void encrypt()  {

         Security.addProvider(new BouncyCastleProvider());
         
         //Load Public Key File
         FileInputStream key = new FileInputStream("res/keys/public.bpg");
         PGPPublicKey pubKey = KeyBasedFileProcessorUtil.readPublicKey(key);
         
         //Output file
         FileOutputStream out = new FileOutputStream("target/enc.bpg");

         //Input file
         String inputFilename = "src/main/resources/plaintext.txt";

        //Other settings
        boolean armor = false;
        boolean integrityCheck = false;
        KeyBasedFileProcessorUtil.encryptFile(out, inputFilename, 
           pubKey, armor, integrityCheck);   
    }
}

Resources

  1. http://www.pgpi.org/doc/pgpintro/
  2. http://en.wikipedia.org/wiki/Pretty_Good_Privacy
  3. http://www.rossde.com/PGP/index.html#links
  4. http://www.openpgp.org/
  5. http://www.bouncycastle.org/java.html

Reference: Java and Pretty Good Privacy (PGP) from our JCG partner at Reflective Thought.net.

Related Articles :

Do you want to know how to develop your skillset to become a Java Rockstar?

Subscribe to our newsletter to start Rocking right now!

To get you started we give you our best selling eBooks for FREE!

1. JPA Mini Book

2. JVM Troubleshooting Guide

3. JUnit Tutorial for Unit Testing

4. Java Annotations Tutorial

5. Java Interview Questions

6. Spring Interview Questions

7. Android UI Design

and many more ....

 

Leave a Reply

Your email address will not be published. Required fields are marked *

*


eight + 6 =

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Want to take your Java Skills to the next level?
Grab our programming books for FREE!
  • Save time by leveraging our field-tested solutions to common problems.
  • The books cover a wide range of topics, from JPA and JUnit, to JMeter and Android.
  • Each book comes as a standalone guide (with source code provided), so that you use it as reference.
Last Step ...

Where should we send the free eBooks?

Good Work!
To download the books, please verify your email address by following the instructions found on the email we just sent you.