what is PGP

Want Very Good Privacy? We'd Say Go with PGP

Publish date March 26, 2020 Comments: 0
If you’re worried about online privacy, encryption is the best way to put your mind at ease. When using powerful encryption protocols, you will be able to ensure that your online data is secure from prying eyes. While it is common knowledge that government agencies, ISPs, and third parties have a tendency to monitor unsuspecting users online, a good encryption protocol can put an end to that.

Pretty Good Privacy or PGP is one of the most popular programs used to encrypt and decrypt emails sent via the internet. So, what is PGP, and what benefits does it bring? Keep reading to find out.

What is PGP?

PGP or Pretty Good Privacy is an encryption computer program that is most often used between two people sending messages online.

Back in the 1980s, a number of people realized that email would be a convenient way of the future but at the time, there were no internet mail protocols in effect to protect the content of transmitted messages. Back then, email transited the internet in cleartext which would most often come to rest in a very badly secured mails pool.

Phil Zimmermann was the brains behind PGP, a tool that has users’ access to public-key cryptography that you could install on any standard PC. The best part was that PGP was compatible with email systems at the time. It quickly became popular over the Usenet, especially amongst peace and political activists, essentially becoming a tool for any individual looking to keep online communications secure.

How Does PGP Work?

You might not know this, but using an emailing platform isn’t a very secure way to communicate. When you hit send, your email leaves your account and gets sent across the internet, traveling through networks that are very much beyond your control.

So, how does PGP work? A user creates a public key and shares it. This key doesn’t have to be secret, but can even be posted publicly. The private key is the one that needs to be protected. The user leverages the private key in order to decrypt information that has been encrypted using the public key.

Digital Guardian explains,

“PGP encryption is a data encryption computer program that gives cryptographic privacy and authentication for online communication. It is often used to encrypt and decrypt texts, emails, and files to increase the security of emails. PGP encryption uses a mix of data compression, hashing, and public-key cryptography. It also uses symmetric and asymmetric keys to encrypt data that is transferred across networks. It combines features of private and public-key cryptography. Each step uses a different algorithm, and each public key is associated with a username and an email address

When plaintext is encrypted with PGP, it first compresses the plaintext. Data compression saves transmission time, disk space, and reinforces cryptographic security. Most cryptanalysis methods exploit patterns that are found in the plaintext. However, the asymmetry of PGP encryption allows for authentication. After public keys have been traded among partners, the private keys are used to digitally sign the encrypted content. This allows the decryptor to confirm the sender.”

Why is PGP so Beneficial? How Does the PGP Key Help?

There are many benefits of using PGP encryption. It ensures that sensitive information is secured and it cannot be v8iewed by other users on the internet. The PGP key also assures that your information is not modified when in transition.

You are able to share information with groups of users, so it is beneficial for businesses. The great thing about PGP is that it verifies the sender of the information to make sure that the email in question hasn’t been intercepted by a third party.

Secure emails and other communications cannot be penetrated by hackers or any third parties via email attacks, and once any files have been deleted others are unable to recover sensitive information.

According to the Guardian,

“PGP has two uses. First, it is an encryption system that uses public-key cryptography. Each user has a public key and a private key. In simple terms, you can encrypt a message using someone’s public key and they can decrypt it using their private key. (A one-off session key is actually involved.) If the private key has been kept truly private, no one else can read the message.

More commonly, PGP is used to create a digital signature based on the contents of an email. This enables the recipient to verify that the message has not been changed, using the sender’s public key.”

What Does PGP Prevent?

PGP encryption will help prevent your resting data from being stolen. This is any information that has been encrypted that is sitting in your email account. Additionally, it will prevent your transiting data from being monitored or stolen whenever you send an email that has been secured with a PGP key.

Man in the middle attacks are becoming an increasingly popular way of stealing data by hackers, which many users remain unaware of, even when it happens to them until it is too late.

“Another threat to SSL comes in the form of so-called “man in the middle” attacks, in which the attacker intercepts messages and then retransmits them. This is done in such a way that the two original parties still appear to be communicating with each other. Pop-up warnings normally caution users when this might be happening, but users often dismiss such warnings without realizing the consequences.”

How Secure is PGP encryption?

While PGP encryption isn’t 100% secure, the current versions of PGP are virtually airtight if they are used correctly. There are some vulnerabilities within older versions, however current ones are not known to have vulnerabilities. The likelihood that someone has a secret way of hacking PGP is insignificant, so it is pretty safe to use this encryption method with confidence if you use it properly.

Since its development, PGP encryption has had many more encryption algorithms and elements added to it in order to bolster its security. During that time, whenever any vulnerabilities have been discovered, those have also been patched by developers. The biggest problem with PGP encryption is not that it would be broken by an individual or a nation-state, as it would be incredibly difficult to do so.

Rather, it is much more possible that a cybercriminal is able to use other means to break into your communications. This might mean that a keylogger is able to uncover your private key, or even break into your home to find your private key written down somewhere.

PGP users need to understand that this encryption method doesn’t encrypt all aspects of their email communications. While it will encrypt the content, or rather the body of the text, anyone that intercepts a PGP email will be able to read to the subject line as well as message details and information regarding both the sender and the receiver.

Although the message itself is private, there is obvious information that can be viewed regarding the interaction. To keep communications as anonymous as possible, the subject line should be kept as vague as possible.

When using PGP, users should remember to change their settings within their email client in order to prevent automatic loading or any external images or other content. You should also turn off JavaScript as well as HTML when you view encrypted emails.

How to Get Started with PGP

1. Download PGP Tools

Getting started will require users to download the right PGP framework for their particular operating systems. You can find the open-source framework here. You will also have to make sure that you have all the proper tools for your email client.

2. Generate Public and Private Keys

Depending on the type of software you wish to use, you will have different ways of generating new keys, as well as the option of whether or not you want to upload your public key to a key server. Usually, this is a good idea, as it allows people to find your public key and use it to send you encrypted messages regardless of whether you have communicated previously or not.

If this is your first rodeo, you might want to hold off on uploading as you will not be able to change your name or your email address once the PGP key has been uploaded.

3. Enable PGP in Your Email Client

This step depends largely on your email client, but in most cases, PGP information is automatically detected by the client as soon as you have downloaded the appropriate set of tools for your operating system.

4. Get Public Keys for Your Contacts

You are pretty much ready to send PGP encrypted emails, but there is also the need to send other users your public key, as this will be needed to decrypt your email. The simplest way to do this is either via email or social media. You can even have the information posted on your website as it poses no threat to your email communications.

Conclusion

Understanding what is PGP and how it works is an essential element of secure communication via email, otherwise, it can be pretty easy to make presumptions and consequently use it improperly. This can lead to leaks of sensitive information, endangering message contents or even lives.

OpenPGP is a free tool, which has helped make it the most popular form of email encryption. Although it isn’t perfect in encrypting your whole email, it will encrypt the body of the email itself making it one of the safest ways of communicating online.

Article comments