|Subject||Computer and Network Security|
|NU Year||Set: 3.(c) Marks: 5 Year: 2015|
First of all, PGP is often referred to as an example of public-key cryptography, but it isn't exactly that. It's actually a hybrid cryptosystem that combines the best features of both asymmetric and conventional (symmetric, a.k.a. private key) cryptography.
PGP doesn't only generate asymmetric pairs of keys - public and private - it also compresses plaintext(the readable information) before encryption. Data compression saves improves transmission time, saves disk space and, more importantly, strengthens cryptographic security. Otherwise, cryptanalysts could exploit patterns found in the plaintext to crack the cipher.
After compression, PGP creates a session key, which is a one-time-only secret key. It works with a very secure, fast conventional encryption algorithm to encrypt the plaintext into ciphertext.
Then, the session key itself is encrypted with the recipient's public key. This public-key-encrypted session key is transmitted along with the ciphertext to the recipient.
Decryption works in the reverse. The recipient's copy of PGP uses his/her private key to recover the session key, which PGP then uses to decrypt the conventionally-encrypted ciphertext.