What is PGP encryption and how does it work?

Sensitive information like the bank information sending through the internet is always taking at risk. What if anyone else can see the information that sending? Thank God, there’s a pretty good solution to stop this impermissible tracking and that is Pretty Good Privacy (PGP).

Let’s dive into the deep of PGP to know what it’s and how it works.

Back in 1991, PGP was created by a software engineer named Phil Zimmermann who was an anti-nuclear activist and wanted a way to transfer information securely over the Internet. Zimmermann got into trouble with the US government in 1993 because PGP travelled international waters and reached a vast number of countries around the globe, violating US export restrictions for cryptographic software. Today, PGP is “owned” by Symantec, but OpenPGP, an e-mail encryption standard, is implemented in multiple software.

To encrypting and decrypting email, PGP is used to sign messages so that the receiver can verify both the identity of the sender and the integrity of the content. PGP uses a private key that must be kept secret and a public key that sender and receiver must share. The technology is also known as GPG (Gnu Privacy Guard or GnuPG), which is a fully compatible GPL-licensed alternative.

So, we can say that PGP is an encryption program that provides cryptographic privacy and authentication for data communication. It's used for encrypting and decrypting texts, emails, files, directories, and whole disk partitions and to increase the security of e-mail communications, as well as authenticate messages with digital signatures and encrypted stored files. PGP and similar software follow the OpenPGP standard (RFC 4880) for encrypting and decrypting data.

Terminology

Key - In cryptography, a key is a variable value that is applied using an algorithm to a string or block of unencrypted text to produce encrypted text, or to decrypt encrypted text. The length of the key is a factor in considering how difficult it will be to decrypt the text in a given message.

Public key - In cryptography, a public key is a large numerical value that is used to encrypt data. The key can be generated by a software program, but more often, it is provided by a trusted, designated authority and made available to everyone through a publicly accessible repository or directory.

Private key - In cryptography, a private key (secret key) is a variable that is used with an algorithm to encrypt and decrypt code. Quality encryption always follows a fundamental rule: the algorithm doesn't need to be kept secret, but the key does. Private keys play important roles in both symmetric and asymmetric cryptography.

Algorithm - An algorithm is a procedure or formula for solving a problem, based on conducting a sequence of specified actions. A computer program can be viewed as an elaborate algorithm.

Let’s find out how does PGP work?

• PGP combines some of the best features of both conventional and public key cryptography. PGP is a hybrid cryptosystem.

• When a user encrypts plaintext with PGP, PGP first compresses the plaintext.

• Data compression can save modem transmission time and disk space and can strengthen cryptographic security.

• Most cryptanalysis techniques exploit patterns that found in the plaintext to crack the cipher.

• Compression can reduce the patterns in the plaintext, thereby greatly enhancing resistance to cryptanalysis. But the files that are too short to compress aren't compressed.

• PGP then creates a session key, which is a one-time-only secret key.

• A key is a random number generated from the random movements of your mouse and the keystrokes you type. This session key works with a very secure, fast conventional encryption algorithm to encrypt the plaintext; the result is ciphertext.

• Once the data is encrypted, the session key is then encrypted to the recipient's public key.

• The public key-encrypted session key is transmitted along with the ciphertext to the recipient.

• Decryption works in the reverse. The recipient's copy of PGP uses his or her private key to recover the temporary session key, which PGP then uses to decrypt the conventionally-encrypted ciphertext.

• The combination of the two encryption methods combines the convenience of public key encryption with the speed of conventional encryption.

• Conventional encryption is about 1,000 times faster than public key encryption.

• Public key encryption, in turn, provides a solution to key distribution and data transmission issues. Used together, performance and key distribution are improved without any sacrifice in security.

This is how PGP works. You have a public key to lock/encrypt the message and a private key to unlock/decrypt the message. You would send the public key to all your friends so that they can encrypt sensitive messages that they want to send to you. Once you receive an encrypted message, you use your private key to decrypt it.

Where can you use PGP?

Pretty Good Privacy can be used to authenticate digital certificates and encrypt/decrypt texts, emails, files, directories and whole disk partitions. Symantec, for example, offers PGP-based products such as Symantec File Share Encryption for encrypting files shared across a network and Symantec Endpoint Encryption for full disk encryption on desktops, mobile devices, and removable storage. In the case of using PGP technology for files and drives instead of messages, the Symantec products allow users to decrypt and re-encrypt data via a single sign-on.

To get PGP

To use Pretty Good Privacy, download or purchase it and install it on your computer system. It typically contains a user interface that works with your customary email program. You may also need to register the public key that your PGP program gives you with a PGP public-key server so that people you exchange messages with will be able to find your public key.