PGP overhead


Is there any way to determine experimental analysis on the  actual overhead(s)
produced by PGP during the file exchange process?

Is there any tool that I can use to calculate the overhead during the transmissions or any other method to find. To elaborate more I want to know that when I transmit my message without encryption what time, size it goes with to the destination. However if I apply PGP then what is the overhead in terms of time and size of the packets.

Kindly help me ASAP.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rich RumbleSecurity SamuraiCommented:
If you Fully encrypt your hard-drive, once the OS is booted and you've put in your password, or used your token, the OS has no idea it's encrypted. Copying a file from the hard-drive of the encrypted machine to another machine or share or even attaching to email, makes no real difference, once copied the file is just like all others, unencrypted. Full disk encryption only protects from offline attacks, if your laptop is stolen/lost and someone tries to read the HD, they can't. Once the OS is booted and your logged in, no one can tell the difference between any other computer's HD.
If you are going to encrypt a file using PGP, the encryption takes little extra time, even on large files. PGP has the SDA (self decrypting archive) which is basically an encrypted file, stored in an executable so that who ever you send it to, if they are running the same OS (windows to windows, mac to mac, linux to linux) they can decrypt it with the proper password, without having to install PGP.
Which feature of PGP are you specifically concerned about?
Not sure what you need, you can use the raw experiment having a file of size X and then encrypt it. This will be the impact on the size of the message.
What OS are you on?
What email client is in use?
searchsanjaysharmaAuthor Commented:
I am using PGP 8.0 on Windows-XP.

I want to experiment on simple file rather then any disk or emil client. Please advice.
Hey MSSPs! What's your total cost of ownership?

WEBINAR: Managed security service providers often deploy & manage products from a variety of solution vendors. But is this really the best approach when it comes to saving time AND money? Join us on Aug. 15th to learn how you can improve your total cost of ownership today!

Rich RumbleSecurity SamuraiCommented:
I would say it's as fast as zipping a file with default settings, depending on the size of the file, it takes no time to a lot of time. CPU isn't that much a factor, it won't rob you of your computer resources.
Dave HoweSoftware and Hardware EngineerCommented:
Email PGP encrypts fast enough on a modern machine that the time isn't an issue.

However, it requires that you have a key for each recipient, and the message can be larger after encryption, as the actual message is first compressed, then encrypted, then prepended with a pki block (per recipient!) that is the same size as the user's public key.

so, if you send a message with a (say) 1k attachment, then normally the attachment will be encoded for email transmission (increasing its size by 50%) and attached to the message (a typical html message body is around 1k) giving around 2.5K of content; add a few lines of header data to that, and around 3K seems reasonable.

Now, the same message from pgp would be first compressed (lets say down to 1K total) then encrypted with a random key. the random key is then encrypted to each recipient (lets say 2x recipients each with a 2k pgp key) giving [2k recipient 1][2K recipient 2][1 K encrypted message] for a total of 5K. with only one recipient, that would only be 3K of course.

so, there is no easy answer to your question - the resulting size depends so heavily on the compression achieved by the program, and the size of the recipient's keys, that you would need to test on a per-case basis.
searchsanjaysharmaAuthor Commented:
Please suggest me about any tool or method that I can perform to carry out this experiment during the file exchange process. Help ASAP will be appreciable.
Rich RumbleSecurity SamuraiCommented:
Use pgp 8... encrypt the file, look at the file... look at task manager's CPU load.  The overhead is going to be next to nothing. The file won't increase much in size, and using PGP's SDA (self decrypting archive) you can actually decrease the file size. Your file won't change size much, maybe a few kilobytes, even a very large file won't change much.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
searchsanjaysharmaAuthor Commented:
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.