隐私专家照片模拟还用调整

As the name suggests, Pretty Good Privacy (or PGP) is an encryption program that actually provides pretty good privacy. The “pretty good” bit is meant to be a bit of an ironic understatement. It has been one of the dominant forms of end-to-end encryption for email communications after its development by Phil Zimmermann in 1991. It became increasingly popular after its use by whistleblower Edward Snowden.

顾名思义，Pretty Good Privacy(PGP)是一个加密程序，实际上提供了很好的隐私。 “相当不错”的意思是有点讽刺的轻描淡写。 自1991年由Phil Zimmermann发明以来，它一直是电子邮件通信端到端加密的主要形式之一。在举报人Edward Snowden的使用下，它变得越来越流行。

PGP provides two things essential for a secured communication:

PGP提供了两点对安全通信至关重要：

1. Confidentiality: Provided through the use of symmetric block encryption, compression using the ZIP algorithm, and E-Mail compatibility using the radix64 encoding scheme

   机密性：通过使用对称块加密，使用ZIP算法的压缩以及使用radix64编码方案的电子邮件兼容性来提供

2. Authentication: Provided through the use of digital signatures

   身份验证：通过使用数字签名提供

Without further ado, let us get to the workings of PGP.

事不宜迟，让我们开始PGP的工作。

这个怎么运作 (How it works)

I will be explaining the concept of PGP from the point of view of the implementation in the context of Alice (the sender) and Bob (the receiver). We will be using the following algorithms:

我将从Alice(发送方)和Bob(接收方)的上下文中的实现角度解释PGP的概念。 我们将使用以下算法：

1. RSA as the asymmetric encryption algorithm
   RSA作为非对称加密算法
2. SHA-512 as the hashing algorithm
   SHA-512作为哈希算法
3. DES as the symmetric encryption algorithm and
   DES作为对称加密算法，
4. ZIP for compression
   ZIP压缩

You can use other algorithms as well. (I know DES is too old to be used but the goal here is to understand the concept of PGP.)

您也可以使用其他算法。 (我知道DES太旧了，无法使用，但是这里的目标是了解PGP的概念。)

Alice and Bob both generate their pair of keys (Public and Private Keys) using the RSA algorithm. Public keys of Alice and Bob should be known to each other.

Alice和Bob都使用RSA算法生成一对密钥(公共密钥和专用密钥)。 Alice和Bob的公钥应该是彼此已知的。

Alice’s / Sender’s Side:

爱丽丝(Alice)/发件人侧(Sender's Side)：

1. Alice writes a message M, which she intends to send to Bob.
   爱丽丝写了一条消息M，打算发送给鲍勃。
2. M is provided as an input to the SHA-512 algorithm to get the 512 bit binary hash (represented as 128 bits hexadecimal string) of it.
   提供M作为SHA-512算法的输入，以获取其中的512位二进制哈希(表示为128位十六进制字符串)。
3. This hash is digitally signed by using RSA algorithm i.e. the hash is encrypted by the private keys of Alice. The inputs to RSA are Private Keys of Alice and the hash. The output from RSA is the digitally signed hash or encrypted hash EH.
   通过使用RSA算法对该哈希进行数字签名，即使用Alice的私钥对哈希进行加密。 RSA的输入是Alice和哈希的私钥。 RSA的输出是数字签名的哈希或加密的哈希EH。
4. Now, M and EH are appended together. (Appended in the sense that they are put in an array of strings).
   现在，M和EH附加在一起。 (以将它们放入字符串数组的意义上附加)。
5. M and EH (which are in an array of strings) act as input to the ZIP compression algorithm to get the compressed M and compressed EH, again in an array of strings.
   M和EH(在字符串数组中)充当ZIP压缩算法的输入，以再次在字符串数组中获得压缩的M和EH。
6. The output of the above step is now encrypted using the DES symmetric encryption algorithm. For this, we will first generate the SecretKey for DES. This key and the output of step 5 will act as input to the DES encryption algorithm which will provide us an encrypted output (again in an array of strings).
   现在，使用DES对称加密算法对上述步骤的输出进行加密。 为此，我们将首先为DES生成SecretKey。 该密钥和步骤5的输出将用作DES加密算法的输入，该算法将为我们提供加密的输出(同样以字符串数组形式)。
7. Last but not the least, since M is encrypted using SecretKey, it also has to be sent to Bob. We will encrypt the SecretKey of DES algorithm with the Public Key of Bob. We will use RSA for this and the inputs to it will be the Public key of Bob and SecretKey.
   最后但并非最不重要的一点是，由于M是使用SecretKey加密的，因此也必须将其发送给Bob。 我们将使用Bob的公钥对DES算法的SecretKey进行加密。 我们将为此使用RSA，并将其输入作为Bob和SecretKey的公钥。
8. The outputs of steps 6 and 7 are now appended and sent as the final message to Bob.
   现在将步骤6和7的输出附加并作为最终消息发送给Bob。

The whole message is sent as an array of strings (String finalmessage[]) which contains the following at indices:

整个消息以字符串数组( String finalmessage[] )的形式发送，其中的索引处包含以下内容：

0: Compressed message M which is encrypted with the SecretKey

0：使用SecretKey加密的压缩消息M

1: Digitally signed hash EH which is then compressed and encrypted with the SecretKey

1：经过数字签名的哈希EH，然后使用SecretKey对其进行压缩和加密

2: Output of step 7

2：步骤7的输出

Bob’s / Receiver’s Side:

鲍勃/接收方：

1. Bob will first decrypt the SecretKey of DES with his Private Keys. The inputs to RSA algorithm for this will be Private Keys of Bob and finalmessage[2]. The output from RSA will give Bob the SecretKey.

   Bob首先将使用其私钥解密DES的SecretKey。 为此，RSA算法的输入将是Bob的finalmessage[2]和finalmessage[2] 。 RSA的输出将为Bob提供SecretKey。

2. This SecretKey will now act as one of the inputs to DES decryption algorithm for decryption of finalmessage[0] and finalmessage[1]. These two will also act as the inputs to DES decryption algorithm. The output of this step will be decrypted version of finalmessage[0] and finalmessage[1].

   现在，此SecretKey将充当DES解密算法的输入之一，以解密finalmessage[0]和finalmessage[1] 。 这两个也将充当DES解密算法的输入。 此步骤的输出将是finalmessage[0]和finalmessage[1] decrypted version 。

3. The outputs of the above step should be provided as input to the ZIP algorithm for decompression.
   上一步的输出应作为ZIP压缩算法的输入。

4. From the output of the above step, we will get the digitally signed hash and the original message M. We will verify whether the hash was signed by Alice. For this, we will calculate the hash of the original message M by using SHA-512 (calculated_hash). We will also decrypt the digitally signed hash with the public keys of Alice by using RSA.(Inputs to RSA: digitally signed hash and public keys of Alice and Output from RSA: decrypted_hash).

   从以上步骤的输出中，我们将获得经过数字签名的哈希和原始消息M。我们将验证哈希是否由Alice签名。 为此，我们将使用SHA-512( calculated_hash ) calculated_hash原始消息M的哈希。 我们还将使用RSA使用Alice的公钥来解密数字签名的哈希(RSA的输入：Alice的数字签名的哈希和Alice的公钥以及RSA的输出： decrypted_hash )。

5. Compare the decrypted_hash and calculated_hash. If they turn out to be the same, then authentication is achieved which means that the message was indeed sent by Alice.

   比较decrypted_hash和calculated_hash的decrypted_hash 。 如果结果相同，那么将实现身份验证，这意味着该消息确实是由爱丽丝发送的。

The following is the simulation of PGP done in the simplest way using Java.

以下是使用Java以最简单的方式对PGP进行的模拟。

import java.util.*;import java.math.*;import javax.crypto.Cipher;import java.security.*;import javax.crypto.KeyGenerator;import javax.crypto.SecretKey;import java.io.BufferedReader;import java.io.ByteArrayInputStream;import java.io.ByteArrayOutputStream;import java.io.IOException;import java.io.InputStreamReader;import java.util.zip.GZIPInputStream;import java.util.zip.GZIPOutputStream;import javax.crypto.spec.*;public class PGP{static Cipher ecipher, dcipher;//Required for DESpublic static void main(String args[]) throws Exception{	//Generating sender keys	KeyPair senderkeyPair = buildKeyPair();	PublicKey senderpubKey = senderkeyPair.getPublic();	PrivateKey senderprivateKey = senderkeyPair.getPrivate();	//Generating receiver keys	KeyPair receiverkeyPair = buildKeyPair();	PublicKey receiverpubKey = receiverkeyPair.getPublic();	PrivateKey receiverprivateKey = receiverkeyPair.getPrivate();	//Sending both public keys and private keys for choice of digital signature or normal assymetric encryption	String messagetoreceiver[] = senderside(senderpubKey, senderprivateKey, receiverpubKey, receiverprivateKey);	receiverside(messagetoreceiver, senderpubKey, senderprivateKey, receiverpubKey, receiverprivateKey);						}public static void receiverside(String messagetoreceiver[], PublicKey senderpubKey, PrivateKey senderprivateKey, PublicKey receiverpubKey, PrivateKey receiverprivateKey) throws Exception {		//Receiver receives the message messagetoreceiver[] with messagetoreceiver[2] as secret key encrypted with receiver pub key	//Receiver decrypts the messagetoreceiver[2] with his/her privatekey	String receiverencodedsecretkey = decrypt(receiverpubKey, receiverprivateKey, messagetoreceiver[2], 1);	//Key after decryption is in base64 encoded form	byte[] decodedKey = Base64.getDecoder().decode(receiverencodedsecretkey);	SecretKey originalKey = new SecretKeySpec(decodedKey, 0, decodedKey.length, "DES");	System.out.println("\nReceiver Side: Receiver SecretKey DES after Decryption with his/her Private Key=\n"+originalKey.toString());		//Decrypt the rest of the message in messagetoreceiver with SecretKey originalKey	String receiverdecryptedmessage[] = new String[messagetoreceiver.length-1];	System.out.println("\nReceiver Side: Message After Decryption with SecretKey=");	for (int i=0;i
    
      Digital Signature	String encryptedprivhash = encrypt(senderpubKey, senderprivateKey, hashout, 0);	System.out.println("\nSender Side: Hash Encrypted with Sender Private Key (Digital Signature)=\n"+ encryptedprivhash);     	//Append original message and encrypted hash	String beforezipstring[] = {rawinput, encryptedprivhash};	System.out.println("\nSender Side: Message before Compression=\n"+beforezipstring[0]+beforezipstring[1]);		//Apply zip to beforezipbytes[][]	String afterzipstring[] = new String[beforezipstring.length];	System.out.println("\nSender Side: Message after Compression=");	for (int i=0;i
     
      encryptwithprivatekey 1->encryptwithpublickeypublic static String encrypt(PublicKey publicKey, PrivateKey privateKey, String message, int ch) throws Exception {	Cipher cipher = Cipher.getInstance("RSA");	if (ch == 0) {		cipher.init(Cipher.ENCRYPT_MODE, privateKey);  		byte[] utf8 = cipher.doFinal(message.getBytes("UTF-8"));		return new sun.misc.BASE64Encoder().encode(utf8);	}	else {		cipher.init(Cipher.ENCRYPT_MODE, publicKey);  		byte[] utf8 = cipher.doFinal(message.getBytes("UTF-8"));		return new sun.misc.BASE64Encoder().encode(utf8);		}	}//n: 0->decryptwithpublickey 1->decryptwithprivatekeypublic static String decrypt(PublicKey publicKey,PrivateKey privateKey, String st, int ch) throws Exception {	Cipher cipher = Cipher.getInstance("RSA");	byte[] encrypted = new sun.misc.BASE64Decoder().decodeBuffer(st);	if (ch == 0) {		cipher.init(Cipher.DECRYPT_MODE, publicKey);		byte[] utf8 = cipher.doFinal(encrypted);		return new String(utf8, "UTF8");	}	else {		cipher.init(Cipher.DECRYPT_MODE, privateKey);		byte[] utf8 = cipher.doFinal(encrypted);		return new String(utf8, "UTF8");		}	}}
     
    

We have used the base64 encoding scheme which is similar to radix64 that is used in PGP.

我们使用了base64编码方案，该方案类似于PGP中使用的radix64。

Note:

注意：

1. We base64 encode the strings after encryption and compression so as to get a readable text form.
   我们在加密和压缩后对字符串进行base64编码，以便获得可读的文本形式。
2. For decryption and decompression, we send the base64 decoded inputs as the actual inputs to the decryption and decompression algorithms.
   对于解密和解压缩，我们将base64解码的输入作为实际输入发送给解密和解压缩算法。
3. The key has been base64 encoded and decoded since I have used Java for simulation of PGP, which requires encoded form at the receiver side so that it can be converted to SecretKey datatype for decryption process.
   自从我使用Java模拟PGP以来，密钥已经过base64编码和解码，这需要在接收方进行编码，以便可以将其转换为SecretKey数据类型以进行解密。

Please follow, clap and share. Comment for any mistakes or improvements or suggestions. You can even follow me on .

请关注，鼓掌和分享。 评论任何错误，改进或建议。 您甚至可以在关注我。

翻译自:

隐私专家照片模拟还用调整