Back in 1993 before the Internet had attained any degree of popularity or affordability by us peasants, I first came across PGP (Pretty Good Privacy) written for the Amiga. Basically it is an encryption programme that will encrypt text or binary files that are 100% secure against being broken.
The question has often been asked why do we, the normal guy in the street, need an encryption programme? The answer is simple. When we write a letter we usually put it in an envelope so that no one can read it whilst it is en-route from sender to receiver without tearing open the envelope. We like the privacy of it. In the new electronic age of e-mails and data transfer over telephone lines the data is encrypted but by necessity it is encrypted in a standard way so that everyone can decrypt the message should they so desire. A bit like sending a postcard through the snail mail system. PGP is the envelope but unlike its paper counterpart it cannot be ripped open to reveal what is inside.
In November 1976 Martin Hellman and Whitfield Diffie announced their discovery of public key cryptography, which was immediately taken over by the armed forces as it made obsolete all the various coding machines in existence.
Concerned by the ease at which e-mails could be intercepted and read by anyone, Philip Zimmerman encoded and released the most successful programme to flow from that discovery and in doing so left himself open to the wrath of the US government being charged with violating statute 22 USC 2778 of the US Code, ’’Control of arms exports and imports.’’ This is the federal statute behind the regulation known as ITAR, ’’International Traffic in Arms Regulations, ’’ 22 CFR 120.1 et seq. of the Code of Federal Regulations. Specifically, the indictment would allege that Phil violated 22 USC 2778 by exporting an item listed as a ’’munition’’ in 22 CFR 120.1 et seq. without having a license to do so. That item is cryptographic software -- PGP.
I don’t know how he got round that problem other than to say that there ended up two versions of PGP one for use in the USA and one for most of the other world wide countries but both were compatible with each other.
PGP is the bees knees of encryption programmes and after a couple of years of trying, the tens of thousands of computers world wide have been unable to find the password to an encrypted test message and thus have been unable to decrypt that message. Put simply if the Germans had had PGP during the war instead of Enigma we would probably have lost the war.
Originally derived from the US forces version, which the US government tried to stop people from using, PGP gives users total protection from snooping eyes. PGP was released to the world up to version 2.6.3i (2.6.3 for the USA). Thereafter a version 5 came on the scene that was also written by Phil Zimmerman who first gave the world PGP 2.6.xx.
Although I have complete confidence in versions up to 2.6.3i, version 5 came AFTER the US government tried to stop the spread of PGP to us mortals. It is not beyond the realms of possibility that Phil Zimmerman was coerced into writing version 5 which has a back door in it, in order to save his neck, as the US government was threatening him with a law suit carrying a life sentence and a multi million dollar fine. In America life means life. I understand that my supposition has been confirmed that there is indeed a back door to PGP 5 and probably above known only to the programmers. But who is to say that the backdoor knowledge has not found its way into the arms of government surveillance organisations such as CIA, FBI, MI5 and MI6
PGP is very simple to use and no specialised knowledge of encryption techniques are required, only a computer. A 7 or 8 years old could use it.
The user runs PGP to make a PUBLIC KEY and a SECRET KEY. The PUBLIC KEY is sent to whoever needs it and they use that key to encrypt a text message or binary file. The PUBLIC KEY will NOT decrypt the message it has just encrypted.
Decryption can only be done by using the SECRET KEY which of course will have been retained by the person making the two keys. The SECRET KEY is generated from information gained whilst the user types in a number of random phrases and words where the time, in microseconds, between keystrokes is measured as well as the actual keys pressed. Now no one in the world can type a series of words in EXACTLY the same speed twice, thus a set of keys generated using the same keystrokes as before will generate an entirely different set of keys.
Even if someone is able to get hold of the SECRET KEY they would also have to know the password. The password can be of any length and using every key press available on a standard keyboard except the reserved keys, about 225 in all. The password is case conscious and accepts spaces. Try to imagine a password of just 26 characters where each character can be any one of 225.
That would be: 14346483754816040000000000000000000000000000000000000000000000 different combinations. If a computer could check 1 trillion (American) combinations per second it would take billions of years to try every combination. A daunting task for a would be de-coder and he would still have to get hold of the secret key.
Although the documentation lists three levels of security there are in fact four. The lowest level of security will encrypt/decrypt the fastest. 1, 000 words in a few seconds on an average speed machine. The highest level of security would take a few minutes. But with today’s high-speed machines using the highest level of security should not cause a problem.
The sophistication of PGP is such that you can have a ‘key ring’ holding hundreds of your friend’s public keys that you can select to encrypt a message. You can ‘sign’ a plain text message or binary file using PGP so that the recipient can verify that it was you who sent it and not someone else pretending to be you. You can validate other people’s public keys so that those who trust you will be able to trust the keys that you validate.
If the British government manages to get the Regulation of Investigatory Powers Bill through Parliament it will have the legal power to intercept any e-mail that it chooses so PGP would be the answer to keeping your mail private. But if a message is found to be encrypted the government would be able force the sender to reveal their secret key and password under pain of imprisonment. However making a new set of keys and choosing a new password only takes a few minutes. PGP will even prepare a message that when sent to those who have your
public key, will replace your original public key with your new one.
PGP is available for all three platforms and public keys produced on one platform are usable on another.