74 Chapter 3 ■ Cryptography
PGP was designed to provide the privacy and security measures that are not currently
present in many forms of online communication. The e-mail or instant message travels to
the destination or recipient in this encrypted form. The recipient will use PGP to decrypt
the message back into plaintext.
The PGP system is a simple but innovative mechanism that uses a process similar to the
public and private key system we explored earlier in this chapter. The key pair consists of a
public key and a private key; the public key encrypts messages, and the private key decrypts
them.
A PGP user can also use their private key to digitally sign outgoing mail so that the
recipient knows the mail originated from the named sender. A third party would not have
access to the private key, so the digital signature authenticates the sender.
Sensitive data files stored on your hard drive or on removable media can also be pro-
tected using PGP. You can use your public key to encrypt the files and your private key to
decrypt them. Some versions also allow the user to encrypt an entire disk. This is especially
useful for laptop users in the event the laptop is lost or stolen.Secure Sockets Layer (SSL)
Another important mechanism for securing information is the Secure Sockets Layer (SSL).
The SSL protocol was developed by Netscape in the mid-1990s and rapidly became a stan-
dard mechanism for exchanging data securely over insecure channels such as the Internet.SSL is supported by all modern browsers and e-mail clients transparently.When a client connects to a location that requires an SSL connection, the server will
present the client with a digital certificate that allows the client to identify the server. The
client makes sure the domain name matches the name on the CA and that the CA has been
generated by a trusted authority and bears a valid digital signature.
Once the handshake is completed, the client will automatically encrypt all informa-
tion that is sent to the server before it leaves the computer. Encrypted information will be
unreadable en route. Once the information arrives at the secure server, it is decrypted using
a secret key. If the server sends information back to the client, this information will also be
encrypted on the server end before being transmitted.A mutual authentication situation could also take place where both ends
of the communication channel are authenticated—both the client and the
server.