-----BEGIN PGP SIGNED MESSAGE-----

What is Pretty Good Privacy?

PGP or Pretty Good Privacy is as the name suggest a package that
guarantees privacy or in other words it is an encryption package.
PGP was developed by Phil Zimmermann.

Conventional encryption (also known as symmetric cypher) uses a
single key.  The same key is used to encrypt and decrypt a
message.  This key has to be kept secret otherwise the scheme is
compromised.  The main problem is how to distribute the secret
key and ensure that it remains secret.

PGP is a dual key or public key cryptosystem (also known as
asymmetric cypher).  One key is kept secret, the other key is
made public.  To communicate with the owner of the secret key a
message is encrypted with the corresponding public key, this
message can only be decrypted using the secret key.

A dual key encryption system gets around the problem of key
distribution as anyone and everyone may have a copy of the public
key.  This though merely substitutes one problem with another. 
Unless the key is obtained direct in person from the owner of the
key one can never be certain as to the authenticity of the key.

Two methods exist to help verify the public key.  

All keys are signed, or at least they should be.  A key will be
signed by the owner of the key (using the secret key) and
possibly by third parties known to the key owner (using their
secret key).  If you have a key from one of these third parties
you will be able to verify the key. 

Each key has a unique 128 bit digital fingerprint.  By obtaining
the fingerprint through an alternative source (ideally tamper
proof - fax, printed copy, published in a book or magazine,
telephone conversation et cetera) it is possible to use the
fingerprint to validate the key.

Many public keys are obtainable from public key servers.  No
checks are made on whoever is uploading the key, the key server
itself could be attacked, the communication channel is not
secure. The keys should always be regarded as untrustworthy and
subjected to verification.

PGP can be used to sign messages.  This is the same process as
used to sign a key.  The presence of a digital signature can be
used to verify the authenticity of a document or file.  This can
be very useful for ensuring that a file downloaded off the net
has not been tampered with or infected by a virus.

PGP uses the RSA algorithm for encryption.  This relies on the
impossibility of factoring large prime numbers (using current
technology and factoring algorithms).  PGP is regarded as hard
encryption - that which is impossible to crack in the foreseeable
future. 

PGP is the de facto Internet standard for encryption and digital
signatures. 

Keith Parkins  September 1996

pub  1024/B09CC89D 1996/04/22 Keith Parkins <10 GU14 6QJ England>
Key fingerprint  2A 66 6A 8F 91 42 48 C8  48 98 38 AD 2F D3 45 08

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: cp850

iQCVAwUBMkL2f0XTJSWwnMidAQErOQP9E4Xrj0GIfupNBIv+VEt0UaBzeohi15q7
y+t2NKxs2NfFnZvfWcPkZsH3e9yqlUSKKJxaM69GRDqN1TVA0qR1nGexlxlGp8Ti
zFfmesLrFY/MGIOqAuBWYwPYTlsvojQePQ6qRot+h73/h6VatTfBu4q1GAXDU2dH
W8sSY7tWzMI=
=VFHV
-----END PGP SIGNATURE-----