Pretty Good Privacy (PGP )

Security service for email and file storage applications. Provides confidentiality,
integrity, authentication and non-repudiation for email and files.
Two types of cryptosystems are used:
 Public Key Cryptosystem
 Symmetric Key Cryptosystem
Each time an email message is sent, a new secret key is randomly generated at the
sender site.
1. Bob wants to send an email to alice, so passes the plaintext through a hash
algorithm and creates message digest.
2. Then the message digest is encrypted using bob’s private RSA key, by doing
this Bob creates the signature
3. Then the email is concatenated with the signature. This is called the signed
message(Email+Signature).
4. Then the signed message is encrypted using a one time secret key.
5. The one time secret key using Alice’s public RSA key.
6. The ESM(encrypted signed message) and the EK(encrypted one time secret
key) are concatenated and the message is sent
How alice decrypts the message:
1. Alice receives the ESM and EK
2. Alice decrypts EK using her private RSA key.
3. Then using the one time secret key ,decrypts the ESM and archives the
signed message
4. Take’s Bob’s signate and decrypts it using Bob’s public RSA key , gets
MD1(Message Digest 1)
5. Passes the email through the same hash algorithm to achieve MD2
6. Comapres MD1 with MD2 to check authenticity

So we can see that 1 email from bob to alice require 5 sectert keys
1. Bob’s Private RSA key
2. Bob’s Public RSA key
3. Alice’s Public RSA key
4. Alice’s Private RSA key
5. One time secret Key
Now, 1 email to bob to alice and getting an reply from alice to bob would
require 6 secret keys

Secure Electronic Transaction (SET)

Designed to provide secure credit card transactions over the Internet. Provides
Confidentiality, Integrity, Authenticity

1. You are sending your Order Info(OI) and Payment Info(PI) to the merchant
 2. The merchant forwards your OI and PI to the payment gateway and waits for
the approval
3. After getting the approval the merchat provides you with the requested goods
or services.
But there is a problem here, We are passing both PI and OI, the merchat doesn’t
require PI and we don’t want the merchant to see those details, the payment
gateway is also receiving OI, which isn’t necessary for the gateway to work

To solve all this a new system was introduced. It is called dual signature
The entire Process has 3 steps:

1. In step 1 of the procedure , the card holder sends purchase request

2. The card holder sends( PI+Dual Signature+OIMD) concatenated together,
Encrypted with a secret 1 time key
3. This same block(1 time secret key) is also encrypted using the bank’s public
key,
4. So the bank gets 2 encrypted blocks, PIMD ,OI and dual signature (Kist like
the image above)
Now lets see what the merchant does in the next step: