The history of PGP is outside
the scope of our unit, but is well documented.
PGP is a free, "clean room" implementation of the original RSA
public key cryptosystem, created with the honourable intention of
facilitating encrypted email. It has become the most widely used
public key software in the world.
PGP can operate in two modes: either encrypting a
message where both authentication and secrecy are required, or
simply signing a message if only authentication
and message integrity are required.
PGP encryption is actually a hybrid symmetric/public
key system. A new session key is created for each
encryption, and is used to encrypt the document, using a standard
algorithm such as IDEA. The session key is then encrypted with the
recipient's public key, and the two items are
rolled together into a single package. The receiver can use his
private key to decrypt the session key, and thus recover the
original message:
This approach combines the best features of symmetric and public
key encryption.