Page 156 - StudyBook.pdf
P. 156

140    Chapter 3 • Communication Security: Remote Access and Messaging

             PGP


             Like S/MIME, PGP is encryption software used to encrypt e-mail messages and
             files. Commercial and trial versions of the latest version of PGP (9.5) can be down-
             loaded from the PGP Corporation at www.pgp.com.When the software is
             installed, plug-ins for Microsoft Outlook, Outlook Express, and other programs can
             be installed, allowing users to encrypt, decrypt, and sign messages sent through
             these e-mail packages.The latest versions of the PGP product now comes as part of
             a full application that manage the use of PGP functionality at the desktop level for
             the encrypting hard disks, mail, and even IM traffic. Freeware vendors like Mozilla,
             who provides the Thunderbird mail client, have also designed and released clients
             specifically designed to enable the support for inline-PGP (RFC 2440) and
             PGP/MIME (RFC 3156).

                A Note About Phil Zimmermann, the Creator of PGP

                Philip R. Zimmermann created PGP in 1991. According to his home page,
           Head of the Class…  became the most widely used e-mail encryption software in the world.
                despite the lack of funding, staff, or a company to stand behind it, PGP

                After settling some issues with the US Government, Mr. Zimmerman
                founded his company in 1996; Network Associates Inc. (NAI) eventually
                acquired PGP Inc. in December 1997.Mr. Zimmerman was asked to stay
                on with NAI until 2000 as Senior Fellow. In August 2002, PGP was
                acquired by PGP Corporation, where Mr. Zimmermann is a consultant.
                Before founding PGP Inc., Mr. Zimmermann was a software engineer
                with more than 20 years of experience, specializing in cryptography and
                data security, data communications, and real-time embedded systems.
                You can learn more about Mr. Zimmerman and his work with PGP at
                www.philzimmermann.com.


             How PGP Works

             PGP uses a combination of public and private keys to secure e-mail. It uses public
             key cryptography, which uses a “secret key” to encrypt and decrypt a message.The
             sender uses a public key to encrypt the message, while the recipient deciphers it
             using another version of the key. PGP encryption and key exchange is designed in
             the “Web of trust” model, meaning that the reliability of PGP is directly related to
             how much you trust the other users whom you hold keys for.
                 When PGP is run on Microsoft Outlook, for example, Outlook compares a
             digital signature with public keys that are stored on a key ring.This is a collection of



          www.syngress.com
   151   152   153   154   155   156   157   158   159   160   161