<< PGP uses (i should say used to the last time i checked) IDEA for encryption, RSA for key management and MD5 for hashing.
RSA math:
find two random large prime numbers p and q.
compute n = pq
find encryption key e, such that e and (p-1)(q-1) are relatively prime.
using the extended euclidean algorithm, compute the decryption key d, such that e and d are inverses of each other modulo (p-1)(q-1).
if message m is to be encrypted, then the encrypted message
c = (m ^ e) mod n
to decrypt the message,
m = (c ^ d) mod n
e and d are, in a manner of speaking, opposites of each other. what e can do, d can undo and vice versa. the decryption key d is kept private. the encryption key e is made available to the public. given d and n, if one was to figure out p and q, the algorithm would be considered broken. all these numbers are large - 1024 bits and more. factoring such large numbers is very slow by the standards of computing hardware available to the masses.
if i remember PGP correctly, the sender generates a symmetric key for the IDEA algorithm and uses it to encrypt the message. the sender then encrypts the IDEA key with the receiver's public key. optionally, the sender generates a hash of the entire message using MD5 and encrypts it with his private key. this last step is called signing. the receiver verifys the signature first, if it is present. he uses the sender's public key to decrypt the hash. then he independently generates a hash of the entire message and compares the two. if they match, he knows that the message actually came from the sender and not just anyone. then the receiver uses his private key to decrypt the IDEA key. the IDEA key is then used to decrypt the actual message.
PGP uses both symmetric and asymmetric crypto for performance reasons. asymmetric crypto is slow because of the exponentiation. symmetric crypto usually goes much faster because it uses bit permutation and substitution. >>
Boolerboy: I understand the RSA idea. However, can you explain to me how the MD5 hash works so that one can identify the signature of the message and how it prevents from being tampered with so that I don't have a problem where I THINK I'm getting a message from someone, but I'm not. I just want to have that clarified since I've always wondered how it works. Thanks.