Why does pgp generate a signature before applying compression

Network Security Essentials Fifth Edition by William Stallings Chapter 8 Electronic Mail Security “Despite the refusal of VADM Poindexter and LtCol North to appear, the Board's access to other sources of information filled much of this gap. The FBI provided documents taken from the files of the National Security Advisor and relevant NSC staff members, including messages from the PROF system between VADM Poindexter and LtCol North. The PROF messages were conversations by computer, written at the time events occurred and presumed by the writers to be protected from disclosure. In this sense, they provide a firsthand, contemporaneous account of events.” —The Tower Commission Report to President Reagan on the Iran-Contra Affair, 1987 Pretty Good Privacy (PGP) • Provides a confidentiality and authentication service that can be used for electronic mail and file storage applications • Developed by Phil Zimmermann • Selected the best available cryptographic algorithms as building blocks • Integrated these algorithms into a general-purpose application that is independent of operating system and processor and that is based on a small set of easy-to-use commands • Made the package and its documentation, including the source code, freely available via the Internet, bulletin boards, and commercial networks • Entered into an agreement with a company to provide a fully compatible, low-cost commercial version of PGP PGP Growth It is available free worldwide in versions that run on a variety of platforms The commercial version satisfies users who want a product that comes with vendor support It is based on algorithms that have survived extensive public review and are considered extremely secure It has a wide range of applicability It was not developed by, nor is it controlled by, any governmental or standards organization Is now on an Internet standards track, however it still has an aura of an antiestablishment endeavor Table 8.1 Summary of PGP Services PGP Authentication • Combination of SHA-1 and RSA provides an effective digital signature scheme • Because of the strength of RSA the recipient is assured that only the possessor of the matching private key can generate the signature • Because of the strength of SHA-1 the recipient is assured that no one else could generate a new message that matches the hash code • As an alternative, signatures can be generated using DSS/SHA-1 • Detached signatures are supported • Each person’s signature is independent and therefore applied only to the document PGP Confidentiality • Provided by encrypting messages to be transmitted or to be stored locally as files • In both cases the symmetric encryption algorithm CAST-128 may be used • Alternatively IDEA or 3DES may be used • The 64-bit cipher feedback (CFB) mode is used In PGP each symmetric key is used only once • Although referred to as a session key, it is in reality a one-time key • Session key is bound to the message and transmitted with it • To protect the key, it is encrypted with the receiver’s public key • As an alternative to the use of RSA for key encryption, PGP uses ElGamal, a variant of Diffie-Hellman that provides encryption/decryption PGP Confidentiality and Authentication • Both services may be used for the same message • First a signature is generated for the plaintext message and prepended to the message • Then the plaintext message plus signature is encrypted using CAST-128 (or IDEA or 3DES) and the session key is encrypted using RSA (or ElGamal) • When both services are used: The sender first signs the message with its own private key Then encrypts the message with a session key And finally encrypts the session key with the recipient’s public key PGP Compression • As a default, PGP compresses the message after applying the signature but before encryption • This has the benefit of saving space both for e-mail transmission and for file storage • The placement of the compression algorithm is critical • Applying the hash function and signature after compression would constrain all PGP implementations to the same version of the compression algorithm • Message encryption is applied after compression to strengthen cryptographic security • The compression algorithm used is ZIP PGP E-mail Compatibility • Many electronic mail systems only permit the use of blocks consisting of ASCII text • To accommodate this restriction, PGP provides the service of converting the raw 8-bit binary stream to a stream of printable ASCII characters • The scheme used for this purpose is radix-64 conversion • Each group of three octets of binary data is mapped into four ASCII characters • This format also appends a CRC to detect transmission errors Secure/Multipurpose Internet Mail Extension (S/MIME) • A security enhancement to the MIME Internet e-mail format standard based on technology from RSA Data Security • Defined in: • RFCs 3370, 3850, 3851, 3852 RFC 5322 • Defines a format for text messages that are sent using electronic mail • Messages are viewed as having an envelope and contents • The envelope contains whatever information is needed to accomplish transmission and delivery • The contents compose the object to be delivered to the recipient • RFC 5322 standard applies only to the contents •