The following text is taken from chapter 1 of the document Introduction to Cryptography in the PGP 6.5.1 documentation. Copyright © 1990-1999 Network Associates, Inc. and its Affiliated Companies. All Rights Reserved. Converted from PDF to HTML at http://access.adobe.com/ and then manually edited by hand. • The Basics of Cryptography o Encryption and decryption o What iscryptography? Strong cryptography How does cryptography work? o Conventional cryptography Caesar's Cipher Key management and conventional encryption o Public key cryptography o How PGP works o Keys o Digital signatures Hash functions o Digital certificates Certificate distribution Certificate formats o Validity and trust Checking validity Establishing trust Trust models o Certificate RevocationCommunicating that a certificate has been revoked o What is a passphrase? o Key splitting

The Basics of Cryptography When Julius Caesar sent messages to his generals, he didn't trust his messengers. So he replaced every A in his messages with a D, every B with an E, and so on through the alphabet. Only someone who knew the "shift by 3" rule could decipher his messages. And so we begin. Encryption anddecryption Data that can be read and understood without any special measures is called plaintext or cleartext. The method of disguising plaintext in such a way as to hide its substance is called encryption. Encrypting plaintext results in unreadable gibberish called ciphertext. You use encryption to ensure that information is hidden from anyone for whom it is not intended, even those who can see theencrypted data. The process of

reverting ciphertext to its original plaintext is called decryption. Figure 1-1 illustrates this process.

Figure 1-1. Encryption and decryption What is cryptography? Cryptography is the science of using mathematics to encrypt and decrypt data. Cryptography enables you to store sensitive information or transmit it across insecure networks (like the Internet) sothat it cannot be read by anyone except the intended recipient. While cryptography is the science of securing data, cryptanalysis is the science of analyzing and breaking secure communication. Classical cryptanalysis involves an interesting combination of analytical reasoning, application of mathematical tools, pattern finding, patience, determination, and luck. Cryptanalysts are also calledattackers. Cryptology embraces both cryptography and cryptanalysis. Strong cryptography "There are two kinds of cryptography in this world: cryptography that will stop your kid sister from reading your files, and cryptography that will stop major governments from reading your files. This book is about the latter." --Bruce Schneier, Applied Cryptography: Protocols, Algorithms, and Source Code in C. PGPis also about the latter sort of cryptography. Cryptography can be strong or weak, as explained above. Cryptographic strength is measured in the time and resources it would require to recover the plaintext. The result of strong cryptography is ciphertext that is very difficult to decipher without possession of the appropriate decoding tool. How difficult? Given all of today's computing power andavailable time — even a billion computers doing a billion checks a second — it is not possible to decipher the result of strong cryptography before the end of the universe. One would think, then, that strong cryptography would hold up rather well against even an extremely determined cryptanalyst. Who's really to say? No one has proven that the strongest encryption obtainable today will hold up undertomorrow's computing power. However, the strong cryptography employed by PGP is the best available today. Vigilance and conservatism will protect you better, however, than claims of impenetrability. How does cryptography work?

A cryptographic algorithm, or cipher, is a mathematical function used in the encryption and decryption process. A cryptographic algorithm works in combination with a...