Fin Al
Fin Al
In this scenario each user creates their own certificates and exchange between
themselves. After verification of the certificate a secure channel for communication is
establish. Here there is no CA (certificate authority) to verify and sign the user’s certificate.
This method is used in Pretty Good Privacy. The users taking part in the communication are
authenticated each other. For this method each user trusts the other user. We assume that each
user knows the public key of the other user to whom they are going to transmit.
1. A transmits a message to B.
Message = Public key of A (PUa) + Identifier of A (IDA)
2. B transmits an encrypted message to A.
Encrypted message = Public Key of A (PUa) + Secret key (Ks)
3. A decrypts the message with his private key (PVa) and recovers Ks.
4. A and B discards the key used for sharing the secret key.
5. Secure channel is created for communication between A and B.
4. Then A send the secret key (session key) with double encryption.
a. Session key (Ks) is encrypted with A’s private key
b. Then overall message is encrypted using B’s public key.
5. B decrypts the message and retrieves the session key.
6. A secure channel for communication is established in a safe way.
Pretty Good Privacy combines both conventional method and public key cryptography.
References:
1. http://flylib.com/books/en/3.190.1.90/1/
2. http://www.pgpi.org/doc/pgpintro/#p11
3. http://www.data-processing.hk/glossaries/pgp/