
How PGP Works Under the Hood - marcomanzoni
http://marcomanzoni.me/blog/how-pgp-works-under-the-hood/
======
Zash
> 384 bits [RSA key] for normal security, 512 bits for a medium security, 1024
> bits for a strong security

Um, this doesn't sound up to date. 1024 bit RSA isn't considered safe for a
long term key. In fact, public (SSL) CAs aren't allowed to issue 1024 bit RSA
certificates anymore.

~~~
toomuchtodo
Agreed. I thought 2048 bits was the minimum RSA key size.

~~~
dheera
I think I'll just stick with my 4096 bit key.

------
hawkharris
Interesting post. As someone who thought GPG (more or less) encrypted messages
with public keys and decrypted them with private ones, I enjoyed learning how
the software actually works at a high level.

As an aside, I recently set up encrypted email for my Mac's desktop Mail
client using the GPG Suite. I want to set up my friends with secure email,
too, but none of us really use Mail; we prefer web mail. I haven't been able
to find good browser plugins for GPG. (WebPG for Chrome looks promising except
for a major bug that prevents messages from being sent; I reported this
issue.)

Can anyone recommend good solutions for bringing GPG to Gmail in the browser?
I want something that's easy enough my non-technical friends will be willing
to use it for everyday conversations.

~~~
lozf
Do people who encrypt their Gmail get targeted ads for
MjJlNzE4ZTNlMTA2NWE0ZjBlODk5MTMyNDY2NGJiYjg3ODFkYmY0NDk4MzY0MTQ1ODZhNzM0NjVlOGQwOTI2ZA?

~~~
Istof
Google keeps the key, but only for advertising purposes...

~~~
Istof
the down-votes won't change my mind since this is their business model

------
onnoonno
Does anyone know why P-/GPG is still using MD5?

~~~
feld
It supports it for historical reasons but you should not use it. Here is the
recommended configuration:

[https://help.riseup.net/en/security/message-
security/openpgp...](https://help.riseup.net/en/security/message-
security/openpgp/best-practices)

~~~
onnoonno
Thanks! So if I do make a signature using GPG, it might still silently sign
just an MD5 digest, if I didn't (re-)configure it properly? That sounds
scary...

------
click170
My firewall reports suspicious activity on this site.

It reports the 'virus' Sus/FBJack-A.

Still trying to find out exactly what that is...

Edit: [http://www.sophos.com/en-us/threat-center/threat-
analyses/su...](http://www.sophos.com/en-us/threat-center/threat-
analyses/suspicious-behavior-and-files/Sus~FBJack-A.aspx)

~~~
DINKDINK
Seems safe:
[https://www.virustotal.com/en/url/c9c5514fd72fa2824a60ea0a67...](https://www.virustotal.com/en/url/c9c5514fd72fa2824a60ea0a67c1eb556c6e09b7c7406d9e9042b2eeb3f0f986/analysis/1406410808/)

What firewall are you using?

------
benwaffle
So if we have a pair of keys, can a message be decrypted with one key if
encrypted by the other? And then we just designate 1 as public and the other
as private?

~~~
brl
RSA has this property, but the public and private keys are not chosen
arbitrarily. The public key can easily be derived from the private key, but
there is no obvious way to determine the private key from the public key.

~~~
yuubi
Nitpick: in RSA implementations using the speed optimization of a small public
exponent (sometimes even always the same small number, like 3 or 65537), the
private exponent has to be derived from the public one. This derivation uses
some secret information (the factors of the modulus), so not just anyone can
do it. The standard private key file format includes the factors of the
modulus to enable some speedups for private key operations; however, the math
doesn't require this, and both public and private key operations could be done
with just an exponent and a modulus. Someone with just a private exponent and
modulus wouldn't be able to compute the matching public exponent, unless it
were small and easy to guess.

------
cordite
What about when Alice wants to send to Bob, Sam, and Joe? (But not outside
observer James)

~~~
koto1sa
Symmetric encryption key (Km in the article) get encrypted separately with
Alice, Bob, Sam and Joe public keys and then all those encrypted keys get
concatenated with the message.

------
guelo
This article mentions that asymmetric encryption is slow, but I think the more
important reason you can't use RSA directly is that it can only encrypt a
small message, smaller then the size of the key.

I don't know if these same considerations apply to elliptic curve asymmetric
encryption.

