PGP, abbreviation for Pretty Good Privacy, is a computer program/framework. It puts known cryptographic algorithms to use. Providing users with authentication, privacy and integrity of transmitted data. Developed in 1991 by computer scientist Philip Zimmermann, who later got in trouble with the US government after PGP found its way outside the US to other countries.
Today, PGP is being used all around the globe by people seeking to defend themselves against prying eyes and malicious actors. One common use is securing e-mails and messages exchanged between communicating parties.
A basic understanding of encryption is essential for gaining a strong grasp of how PGP works. Encryption is the process of encoding data. Only intended recipients can access the data while unintended ones cannot. In cryptography jargon readable data referred to as plaintext. And encrypted data (unreadable) referred to as ciphertext.
Encryption lets us exchange data without the worry of third parties intercepting it. If our encrypted data fell into the hands of adversaries they will not be able to comprehend it, since we've made it unintelligible. Only those we shared the decryption technique with, can understand what our data says. One of the oldest examples of encryption is Julius Caesar's encryption technique. In messages to his troops, Julius replaced every letter with a letter three positions away through the alphabet. In other words, he replaced every A with a D and every B with an E and so on. Only his troops informed about the decryption process can understand the messages.
Encryption evolved since the time of Caesar and the advent of computers took things to a whole new level. The concept of keys is essential in today's computer cryptography. An encryption key can be letters, numbers or a mixtures of both.
There are two general types of encryption: Symmetric and Asymmetric key encryption.
Symmetric Key Encryption
Symmetric encryption (aka conventional encryption) uses the same key for encryption and decryption. This means communicating parties must share the key before the data transmission. This is problematic as the key may get intercepted during the exchange.
Asymmetric encryption (aka Public Key Encryption) works out the inconveniences of symmetric encryption. The dilemma of key distribution is resolved by assigning two keys to each party: a public and a private key.
After creation of key pairs, we share the public key and keep the private key to ourselves. Copy of your public key is used to encrypt data which only you can decrypt using your related private key. This is possible because your private key and public key are mathematically related. While public key derives from private key, this derivation process can't be reversed. Although asymmetric encryption resolves the key distribution problem, it's found to be about 1000 times slower than symmetric encryption.
How PGP Works
PGP combines features of the two discussed encryption types. While mitigating the downsides of both; it's a hybrid of the two with extra features of its own. When encrypting data using a PGPclient the data is compresses to cut transmission time, disk space and to add an extra layer of security.
Then, the PGP program creates a one time session key. This key is used to encrypt the data. Then the session key is encrypted using the recipient's public key and sent along with encrypted data.
This might seem weird, but remember that asymmetric encryption is slower. Instead of encrypting a large message asymmetrically, which would take longer, the PGP program creates a key to encrypt the data symmetrically. It then uses asymmetric encryption on the small session key. This process takes less time than asymmetric encryption if used on a large message/data.
As for the processes at the recipient's end. The PGP program uses the recipient's private key to decrypt the session key. Then the program decrypts the message with the decrypted session key.
Integrity and Authenticity
PGP is also used to verify the authenticity and integrity of received messages. It ascertains whether the received messages originate from whom it's thought they do. As well as whether somebody altered them during transmission.
This assertion is attainable by using the key pairs in a different way. Instead of encrypting using public keys, you encrypt messages using your private key. If these messages decrypt using your public key it means they have originated from you.
Advantages of PGP
- Privacy: only the sender and the receiver of the encrypted message can see what it says.
- Integrity: one can verify whether data was altered or not.
- Authenticity: one can be sure about the origin of messages.
- There are many PGP implementations/software and most of them are free and easy to use.