# PGP (Pretty Good Privacy)

## Overview
PGP is a comprehensive cryptographic system designed by Phil Zimmermann in 1991 for secure email communication. It combines various cryptographic techniques to provide:
- **Authentication** and **Data Integrity** through digital signatures
- **Confidentiality** through encryption
- **Compression** for efficiency
- **Email compatibility** through encoding

PGP is a hybrid cryptosystem that uses both symmetric and asymmetric encryption.

In [None]:
import hashlib
import base64
from Crypto.Cipher import AES
from Crypto.Random import get_random_bytes
from Crypto.Util.Padding import pad, unpad

# Simulate PGP process components

def demonstrate_pgp_process():
    print("=== PGP Process Demonstration ===\n")
    
    # 1. Original Message
    message = b"This is a confidential message that needs to be securely transmitted."
    print(f"1. Original Message ({len(message)} bytes):")
    print(f"   {message.decode()}\n")
    
    # 2. Hash (for signature)
    hash_obj = hashlib.sha256(message)
    message_hash = hash_obj.digest()
    print(f"2. Message Hash (SHA-256):")
    print(f"   {message_hash.hex()[:64]}...\n")
    
    # 3. Compression (simulated - in real PGP this would use ZIP)
    print(f"3. Compression:")
    print(f"   Original size: {len(message)} bytes")
    print(f"   (ZIP compression would reduce size here)\n")
    
    # 4. Symmetric Encryption with Session Key
    session_key = get_random_bytes(16)  # 128-bit AES key
    cipher = AES.new(session_key, AES.MODE_CBC)
    iv = cipher.iv
    encrypted_message = cipher.encrypt(pad(message, AES.block_size))
    
    print(f"4. Symmetric Encryption:")
    print(f"   Session Key (hex): {session_key.hex()}")
    print(f"   Encrypted Message (hex): {encrypted_message.hex()[:64]}...\n")
    
    # 5. Radix-64 Encoding
    encoded_message = base64.b64encode(encrypted_message)
    print(f"5. Radix-64 (Base64) Encoding:")
    print(f"   Original binary: {len(encrypted_message)} bytes")
    print(f"   Encoded ASCII: {len(encoded_message)} characters")
    print(f"   Overhead: {((len(encoded_message) - len(encrypted_message)) / len(encrypted_message) * 100):.1f}%")
    print(f"   Encoded: {encoded_message[:80].decode()}...\n")
    
    # 6. Segmentation (simulated)
    max_segment_size = 50  # Simulate small email limit
    if len(encoded_message) > max_segment_size:
        num_segments = (len(encoded_message) + max_segment_size - 1) // max_segment_size
        print(f"6. Segmentation:")
        print(f"   Message size: {len(encoded_message)} bytes")
        print(f"   Max segment size: {max_segment_size} bytes")
        print(f"   Number of segments needed: {num_segments}\n")
        
        for i in range(num_segments):
            start = i * max_segment_size
            end = min((i + 1) * max_segment_size, len(encoded_message))
            segment = encoded_message[start:end]
            print(f"   Segment {i+1}/{num_segments}: {segment[:40].decode()}...")
    
    print("\n=== Decryption Process (Recipient) ===\n")
    
    # Reassembly (automatic)
    print("7. Reassembly: All segments combined\n")
    
    # Radix-64 Decode
    decoded_message = base64.b64decode(encoded_message)
    print(f"8. Radix-64 Decode: Binary data restored\n")
    
    # Symmetric Decryption
    decipher = AES.new(session_key, AES.MODE_CBC, iv)
    decrypted_message = unpad(decipher.decrypt(encrypted_message), AES.block_size)
    print(f"9. Symmetric Decryption:")
    print(f"   Using session key to decrypt message\n")
    
    # Decompression (simulated)
    print(f"10. Decompression: Restore original size\n")
    
    # Verify hash
    verify_hash = hashlib.sha256(decrypted_message).digest()
    print(f"11. Signature Verification:")
    print(f"    Original hash: {message_hash.hex()[:32]}...")
    print(f"    Computed hash: {verify_hash.hex()[:32]}...")
    print(f"    Match: {message_hash == verify_hash}\n")
    
    # Final message
    print(f"12. Final Decrypted Message:")
    print(f"    {decrypted_message.decode()}")
    print(f"\n✓ Message successfully transmitted and verified!")

# Run demonstration
demonstrate_pgp_process()

## Code Example: PGP Process Visualization

## Summary Table

| Component | Purpose | Algorithm/Method | Key Used |
|-----------|---------|------------------|----------|
| **Digital Signature** | Authentication & Integrity | RSA, DSA, ECDSA | Sender's Private Key (sign)<br>Sender's Public Key (verify) |
| **Hash Function** | Create message digest | SHA-256, SHA-512 | N/A |
| **Message Encryption** | Confidentiality | AES, 3DES, CAST | Session Key (symmetric) |
| **Session Key Encryption** | Secure key distribution | RSA, ElGamal | Recipient's Public Key (encrypt)<br>Recipient's Private Key (decrypt) |
| **Compression** | Reduce size, increase entropy | ZIP (LZ77 + Huffman) | N/A |
| **Encoding** | Email compatibility | Radix-64 (Base64) | N/A |
| **Segmentation** | Handle size limits | Split into parts | N/A |

## Key Security Properties

### Authentication
- Digital signature proves sender identity
- Only sender has private key to create valid signature
- Cannot be forged

### Integrity
- Hash function detects any modification
- Even 1-bit change results in completely different hash
- Cryptographically secure hash functions used

### Confidentiality
- Hybrid encryption protects message content
- Session key provides fast symmetric encryption
- Public key encryption secures session key distribution

### Non-Repudiation
- Sender cannot deny sending message
- Private key signature is unique proof
- Timestamp included in signature

## PGP Advantages

1. **Hybrid Approach**: Combines speed of symmetric with security of asymmetric
2. **Compression**: Reduces size and increases security
3. **Email Compatible**: Radix-64 encoding works with all email systems
4. **Flexible**: Handles messages of any size through segmentation
5. **Complete Solution**: Provides authentication, integrity, and confidentiality in one package
6. **Open Standard**: OpenPGP (RFC 4880) ensures interoperability

## Complete PGP Operation Flow

### Sending a Signed and Encrypted Message:

```
                    SENDER SIDE
                    
1. Original Message
         ↓
2. [Generate Hash] ──→ Hash Value
         ↓
3. [Sign with Sender's Private Key] ──→ Digital Signature
         ↓
4. [Attach Signature to Message]
         ↓
5. Signed Message
         ↓
6. [Compress with ZIP]
         ↓
7. Compressed Signed Message
         ↓
8. [Generate Random Session Key]
         ↓
9. [Encrypt Message with Session Key (AES/3DES)]
         ↓
10. Encrypted Message
         ↓
11. [Encrypt Session Key with Recipient's Public Key (RSA)]
         ↓
12. Encrypted Session Key + Encrypted Message
         ↓
13. [Apply Radix-64 Encoding]
         ↓
14. ASCII Armored Message
         ↓
15. [Check Size - Segment if Necessary]
         ↓
16. Final PGP Message(s) ready for Email
```

### Receiving and Verifying:

```
                    RECIPIENT SIDE

1. Receive Email Message(s)
         ↓
2. [Reassemble if Segmented]
         ↓
3. Complete ASCII Message
         ↓
4. [Radix-64 Decode]
         ↓
5. Binary Encrypted Data
         ↓
6. [Separate Encrypted Session Key and Encrypted Message]
         ↓
7. Encrypted Session Key ──→ [Decrypt with Recipient's Private Key]
         ↓                                    ↓
8. Encrypted Message                    Session Key
         ↓                                    ↓
9. [Decrypt Message with Session Key] ←──────┘
         ↓
10. Compressed Signed Message
         ↓
11. [Decompress with ZIP]
         ↓
12. Signed Message
         ↓
13. [Separate Signature and Message]
         ↓
14. Signature                        Message
         ↓                              ↓
15. [Decrypt Signature with       [Generate Hash]
     Sender's Public Key]              ↓
         ↓                         New Hash
    Original Hash                      ↓
         ↓                              ↓
16.      └──────[Compare Hashes]───────┘
                     ↓
17.            Valid/Invalid
                     ↓
18. If Valid: Authenticated Original Message
```

## 5. Segmentation and Reassembly for Email

### The Email Size Problem

Many email systems have limitations:
- **Maximum message size**: Often 50KB-100KB limit
- **Line length restrictions**: Maximum 1000 characters per line
- Large encrypted files exceed these limits

### PGP Segmentation Solution

PGP automatically **segments** (splits) large messages into smaller chunks that fit email system constraints.

### Segmentation Process:

```
Large PGP Message (e.g., 500 KB)
   ↓
[Check if exceeds size limit]
   ↓
[Split into multiple segments]
   ↓
Segment 1 | Segment 2 | Segment 3 | ... | Segment N
   ↓          ↓          ↓                  ↓
[Add segment headers to each]
   ↓
Part 1/N  | Part 2/N  | Part 3/N  | ... | Part N/N
```

### Segment Format:

```
-----BEGIN PGP MESSAGE, PART 01/04-----
Version: PGP 2.6

hQEMA5t7yXxS0gQxAQf+IKEwcB3I4u3e...
(Radix-64 encoded data chunk)
...
-----END PGP MESSAGE, PART 01/04-----

-----BEGIN PGP MESSAGE, PART 02/04-----
(continuation...)
-----END PGP MESSAGE, PART 02/04-----
```

### Key Features:

1. **Automatic Splitting**:
   - PGP detects message size
   - Automatically splits if needed
   - Each part sent as separate email

2. **Numbering System**:
   - Format: "PART XX/YY"
   - XX = current part number
   - YY = total number of parts

3. **Independent Transmission**:
   - Each segment sent as separate email
   - Can arrive out of order
   - Redundancy possible

### Reassembly Process:

```
Received Email Parts (possibly out of order)
   ↓
[PGP collects all parts]
   ↓
[Check for completeness: Have all parts 1/N through N/N?]
   ↓
[Sort by part number]
   ↓
[Concatenate segments in correct order]
   ↓
[Remove segment headers]
   ↓
Complete PGP Message
   ↓
[Proceed with normal decryption]
```

### Reassembly Requirements:

1. **All Parts Required**: Must have every segment (1 through N)
2. **Automatic Ordering**: PGP software reorders parts automatically
3. **Error Detection**: Missing parts detected before decryption attempt

### Benefits:

- **Compatibility**: Works with restrictive email systems
- **Reliability**: Each part can be retransmitted independently if lost
- **Transparency**: User sees single message after reassembly
- **Automatic**: No manual intervention needed

## 4. Radix-64 Encoding (Base64)

### Purpose of Radix-64 Encoding

Email systems were originally designed for **7-bit ASCII text**. Binary data (like encrypted messages) can cause problems:
- Email servers may corrupt binary data
- Some systems strip 8th bit
- Control characters may be misinterpreted

**Radix-64 (Base64) encoding** converts binary data to printable ASCII characters.

### Encoding Process

```
Binary Data (8-bit bytes)
   ↓
[Group into 24-bit chunks (3 bytes)]
   ↓
[Split into 4 groups of 6 bits each]
   ↓
[Map each 6-bit value to ASCII character]
   ↓
Radix-64 ASCII Text
```

### Character Set (64 characters):
- `A-Z` (26 characters) = values 0-25
- `a-z` (26 characters) = values 26-51
- `0-9` (10 characters) = values 52-61
- `+` = value 62
- `/` = value 63
- `=` (padding character)

### Example:

```
Binary Input (3 bytes = 24 bits):
01001101  01100001  01101110

Split into 4 groups of 6 bits:
010011 | 010110 | 000101 | 101110

Convert to decimal:
19     | 22     | 5      | 46

Map to Radix-64 characters:
T      | W      | F      | u

Result: "TWFu"
```

### Overhead:
- **33% size increase**: 3 bytes → 4 characters
- Every 3 bytes of binary data becomes 4 ASCII characters
- Small price for email compatibility

### Radix-64 Conversion Process in PGP:

```
Encrypted + Compressed Binary Data
   ↓
[Apply CRC (Cyclic Redundancy Check)]
   ↓
[Radix-64 Encode]
   ↓
ASCII Armored Text
   ↓
[Add PGP Headers/Footers]
   ↓
Email-Safe PGP Message
```

### PGP Message Format:

```
-----BEGIN PGP MESSAGE-----
Version: PGP 2.6

hQEMA5t7yXxS0gQxAQf+IKEwcB3I4u3e5t3lV5qr9+
xF2S8Jd9K4mZ2n8P6yH3T5W9Q2xV4L7B8N1K6fD3o
...
(Radix-64 encoded data)
...
=abcd (CRC checksum in Radix-64)
-----END PGP MESSAGE-----
```

### Decoding Process:

```
Received ASCII Message
   ↓
[Strip Headers/Footers]
   ↓
[Radix-64 Decode]
   ↓
[Verify CRC]
   ↓
Binary Encrypted Data
   ↓
[Proceed with Decryption]
```

## 3. Compression - ZIP Algorithm

### Why Compression?

PGP applies compression **before encryption** for several important reasons:

1. **Reduce Message Size**: Saves bandwidth and storage
2. **Increase Security**: 
   - Reduces redundancy and patterns in plaintext
   - Makes cryptanalysis more difficult
   - Compressed data has higher entropy
3. **Efficiency**: Smaller messages encrypt faster

### ZIP Compression Algorithm

PGP uses the **ZIP** compression algorithm (same as used in PKZIP):
- Based on **Lempel-Ziv (LZ77)** algorithm
- Combined with **Huffman coding**
- Lossless compression

### Compression Process:

```
Original Plaintext Message
   ↓
[Apply ZIP Compression]
   ↓
Compressed Data
   ↓
[Then Encrypt]
   ↓
Encrypted Compressed Data
```

### Key Points:

- **Compression BEFORE encryption**: 
  - Compressed first, then encrypted
  - Cannot compress encrypted data effectively (appears random)
  
- **Optional**: 
  - User can choose whether to compress
  - Small messages may not benefit from compression
  
- **Typical Compression Ratio**: 
  - Text files: 2:1 to 3:1 compression
  - Already compressed files (JPEG, MP3): minimal benefit

### Decompression:

```
Encrypted Message
   ↓
[Decrypt]
   ↓
Compressed Data
   ↓
[Decompress with ZIP]
   ↓
Original Message
```

## 2. Confidentiality using Symmetric Block Encryption

### Hybrid Encryption Approach

PGP uses a **hybrid cryptosystem** combining symmetric and asymmetric encryption for efficiency and security.

### Encryption Process:

```
Plaintext Message
   ↓
[Compress with ZIP]
   ↓
Compressed Message
   ↓
[Encrypt with Session Key using Symmetric Algorithm]
   ↓
Encrypted Message
   ↓
                    Session Key (one-time random key)
                         ↓
                    [Encrypt with Recipient's Public Key]
                         ↓
                    Encrypted Session Key
                         ↓
                    [Attach to Encrypted Message]
                         ↓
                    Final PGP Message
```

### Symmetric Encryption Algorithms Used:
- **AES** (Advanced Encryption Standard) - 128, 192, 256 bits
- **3DES** (Triple DES)
- **CAST-128**
- **Twofish**
- **IDEA** (older versions)

### Why Hybrid Approach?

1. **Speed**: Symmetric encryption (AES) is much faster than asymmetric encryption (RSA)
2. **Security**: Asymmetric encryption secures the session key distribution
3. **Efficiency**: Large messages encrypted with fast symmetric algorithm

### Process Details:

1. **Generate Session Key**: 
   - Random one-time symmetric key generated for each message
   - Typically 128-256 bits for AES

2. **Encrypt Message**:
   - Message encrypted with session key using symmetric block cipher (e.g., AES in CFB mode)
   - CFB (Cipher Feedback) mode commonly used in PGP

3. **Encrypt Session Key**:
   - Session key encrypted with recipient's **public key** (RSA/ElGamal)
   - This creates a "digital envelope"

4. **Package Together**:
   - Encrypted session key + encrypted message sent together

### Decryption Process:

```
Received PGP Message
   ↓
[Separate Encrypted Session Key and Encrypted Message]
   ↓
Encrypted Session Key          Encrypted Message
   ↓                                ↓
[Decrypt with Recipient's         [Wait]
 Private Key]                       ↓
   ↓                                ↓
Session Key ─────→ [Decrypt Message with Session Key]
                         ↓
                    Compressed Message
                         ↓
                    [Decompress]
                         ↓
                    Original Plaintext
```

## 1. Authentication and Data Integrity using Digital Signatures

### Digital Signature Process

Digital signatures in PGP provide:
- **Authentication**: Proves the message came from the claimed sender
- **Integrity**: Ensures the message hasn't been modified
- **Non-repudiation**: Sender cannot deny sending the message

### Signing Process:

```
Message
   ↓
[Hash Function (SHA-256/SHA-512)]
   ↓
Message Digest (Hash)
   ↓
[Encrypt with Sender's Private Key]
   ↓
Digital Signature
   ↓
[Concatenate with Message]
   ↓
Signed Message
```

### Steps:
1. **Generate Hash**: The sender applies a hash function (SHA-256, SHA-512, etc.) to the plaintext message
2. **Sign**: The hash is encrypted with the sender's **private key** using RSA or DSA
3. **Attach**: The signature is prepended or appended to the message
4. **Timestamp**: PGP includes a timestamp in the signature block

### Verification Process:

```
Signed Message
   ↓
[Separate Signature and Message]
   ↓
Signature              Message
   ↓                      ↓
[Decrypt with          [Hash Function]
Sender's Public Key]      ↓
   ↓                   New Hash
Received Hash             ↓
   ↓                      ↓
   └──────[Compare]───────┘
           ↓
    Valid/Invalid
```

### Key Points:
- Uses **sender's private key** for signing
- Uses **sender's public key** for verification
- Hash algorithms: SHA-256, SHA-512, SHA-1 (deprecated)
- Signature algorithms: RSA, DSA, ECDSA
- Provides integrity check through cryptographic hash

## PGP Operational Description

PGP combines the best features of both conventional and public-key cryptography:

### Five Services Provided by PGP:
1. **Authentication** - Verifies the sender's identity
2. **Confidentiality** - Ensures only intended recipient can read the message
3. **Compression** - Reduces message size
4. **Email Compatibility** - Converts binary to ASCII for email transmission
5. **Segmentation** - Splits large messages for email systems