Java Pretty Good Privacy (PGP)

Public-Key Encryption

This post talks about PGP or “Pretty Good Privacy.” PGP is a hybrid implementation of conventional cryptography as well as public key encryption. Before going into the details of PGP, let’s talk a little about public-key encryption.

Like any other cryptographic technology, public-key encryption solves the problem of transmitting secure data over an insecure medium; namely, the internet. As a result, the purpose of this scheme is to send data so that only intended recipients could read.

It accomplishes this by using asymmetric key encryption. It uses a pair of keys for encryption: a public key which encrypts the data from the sender and a “corresponding” private key which decrypts the data on the receiving end. These public/private keys are mathematically linked yet generated so that neither is derivable (computationally feasible) from knowledge of the other; at least not until the end of time with the fastest computers out there. The keys are based on mathematical relationships (most notably the integer factorization and discrete logarithm problems). However, as computation becomes faster, encryption algorithms will always need to become more sophisticated.

To sum up, the public key is published and made available. It empowers anyone to encrypt data using the public key, but only the party in possession of the private key can decrypt the data. A big benefit of public key cryptography is that it enables parties who have no preexisting security arrangement to exchange messages in a secure manner since all communications involve only public keys, and no private key is ever transmitted or shared. Some common examples of public-key systems are RSA (Rivest, Shamir and Adleman )and DSA (Digital Signature Algorithm).

PGP

Created by Phil Zimmermann in 1991, PGP is a hybrid public-key encryption/conventional scheme, and does things a little different. The body of the message in clear text or plain text is first compressed and then encrypted. This compression not only does it make files easier to transmit but also strengthens security. Currently, there is standards body who maintain this project: OpenPGP Alliance.

After compression, PGP then creates a session key. This session key is a one-time secret key generated from movements of your mouse and keystrokes you type. With this session key, the data is encrypted to form the ciphertext. Once encrypted, the session key is then encrypted to the recipient’s public key, which is bound to a username and/or an email address (more on this later). This public key is transmitted along with the ciphertext to the recepient.

Decryption works in reverse. The recipient’s copy of PGP uses the users private key to recover the session key generated above in order to decrypt the ciphertext.

In addition to encryption, PGP uses a cryptographically strong hash function for message signatures if the need is to provide some form of verification. A hash function is a process that takes a variable-length input (a message) and produces a fixed length output; say 160-bits. This is called a message digest which can be different with the slightest change on the input. Then PGP uses the digest and the private key to create the “signature.” Furthermore, this signature and the plain text are transmitted to receiver who will need to recompute the digest and verify the signature. Again, the slightest alteration of this message will change the signed document and cause the verification process to fail.

In Java, perhaps the most popular encryption library provider is the “Legion of the Bouncy Castle”.

// insert code here
public class PGPExample {
    public static void encrypt()  {

         Security.addProvider(new BouncyCastleProvider());
         
         //Load Public Key File
         FileInputStream key = new FileInputStream("res/keys/public.bpg");
         PGPPublicKey pubKey = KeyBasedFileProcessorUtil.readPublicKey(key);
         
         //Output file
         FileOutputStream out = new FileOutputStream("target/enc.bpg");

         //Input file
         String inputFilename = "src/main/resources/plaintext.txt";

        //Other settings
        boolean armor = false;
        boolean integrityCheck = false;
        KeyBasedFileProcessorUtil.encryptFile(out, inputFilename, 
           pubKey, armor, integrityCheck);   
    }
}

Resources

  1. http://www.pgpi.org/doc/pgpintro/
  2. http://en.wikipedia.org/wiki/Pretty_Good_Privacy
  3. http://www.rossde.com/PGP/index.html#links
  4. http://www.openpgp.org/
  5. http://www.bouncycastle.org/java.html

Reference: Java and Pretty Good Privacy (PGP) from our JCG partner at Reflective Thought.net.

Related Articles :
Related Whitepaper:

Bulletproof Java Code: A Practical Strategy for Developing Functional, Reliable, and Secure Java Code

Use Java? If you do, you know that Java software can be used to drive application logic of Web services or Web applications. Perhaps you use it for desktop applications? Or, embedded devices? Whatever your use of Java code, functional errors are the enemy!

To combat this enemy, your team might already perform functional testing. Even so, you're taking significant risks if you have not yet implemented a comprehensive team-wide quality management strategy. Such a strategy alleviates reliability, security, and performance problems to ensure that your code is free of functionality errors.Read this article to learn about this simple four-step strategy that is proven to make Java code more reliable, more secure, and easier to maintain.

Get it Now!  

Leave a Reply


seven + 4 =



Java Code Geeks and all content copyright © 2010-2014, Exelixis Media Ltd | Terms of Use
All trademarks and registered trademarks appearing on Java Code Geeks are the property of their respective owners.
Java is a trademark or registered trademark of Oracle Corporation in the United States and other countries.
Java Code Geeks is not connected to Oracle Corporation and is not sponsored by Oracle Corporation.

Sign up for our Newsletter

15,153 insiders are already enjoying weekly updates and complimentary whitepapers! Join them now to gain exclusive access to the latest news in the Java world, as well as insights about Android, Scala, Groovy and other related technologies.

As an extra bonus, by joining you will get our brand new e-books, published by Java Code Geeks and their JCG partners for your reading pleasure! Enter your info and stay on top of things,

  • Fresh trends
  • Cases and examples
  • Research and insights
  • Two complimentary e-books