I have been trying to find a good source to explain what PGP is and how it works. I think I have a basic handle on it but I would like some more information. I would also like to know how to go about implementing it.
If anyone knows of any good links for a beginner, please let me know.
Pardon my ignorance but what is PGP?
For those too lazy to read the entire Wikipedia article, but still curious, PGP is basically a system for using a Public Key Infrastructure (PKI) to encrypt e-mails, files, etc.
PKI is a category of assymetric encryption algorithms (such as RSA), where there are two encryption keys, a public and a private key.
A public key can only be used to encrypt data. And the corresponding private key can be used to decrypt(but not encrypt) said data. The keys are always in pairs. This allows me to give you just the public key, and you can securely send messages to me. This allows me to practically broadcast my public key without worrying about anything, since the public key can only be used to encrypt. The private key is typically symmetrically encrypted with a pass phrase for extra security, so that even if somebody gets their hands on your private key file, they would still need your pass phrase to decrypt your messages.
Most PKI’s can also be used for secure digital signatures as well.
I hope I didn’t screw anything up.
For the truly lazy, PGP stands for Pretty Good Privacy.
The following link shows the rsa algorithm. Which is used for encrypting the symmetric key which encripts the main message.
http://world.std.com/~franl/crypto/rsa-guts.html
A pretty good overview.
http://www.pgpi.org/doc/pgpintro/
As far as implemeniting it goes. You need a good library for doing math with really big numbers int and long are not going to cut it.
I forget to mention the most important fact about PGP, which is not in the Wikipedia article.
The creator of PGP, Phil Zimmerman, is the second most famous graduate of my alma mater, FAU.
The most famous? Carrot Top.
As far as implementing it goes, look at the source code for GPG, the GNU Privacy Guard. It is a Free Software (under the GNU General Public License) compatible re-implementation of PGP, and since it doesn’t use the patented IDEA algorithm you can learn from the source code without getting into legal trouble.
Aside from that, the book Applied Cryptography by Bruce Schneier is the one to buy. It goes into the theory and practice of modern cryptographic systems.