What is PGP?
PGP (Pretty good Privacy) is the most widely recognized public key encryption program in the world. It can be used to protect the privacy of email, data files, drives and instant messaging.
Traffic on the Internet is susceptible to snooping by third parties with a modicum of skill. Data packets can be captured and stored for years. Even mail servers will often indefinitely store messages, which can be read now or at a future point, sometimes long after the author has changed his or her point of view. Email, unlike a phone call or letter, is not legally protected as private communication, and can therefore be read by third parties, legal or otherwise, without permission or knowledge of the author. Many privacy watchdog groups advocate, if you aren't using encryption, don't include anything in an email you wouldn't want to see published. Ideally this includes personal information as well, such as name, address, phone number, passwords, and so on.
PGP encryption provides privacy missing from online communication. It changes plain, readable text into a complex code of characters that is completely unreadable. The email or instant message travels to the destination or recipient in this cyphered form. The recipient uses PGP to decrypt the message back into readable form. Whether you are concerned about protecting privacy rights, a corporate whistleblower, or a citizen that simply wants to chat with friends without allowing people to "listen in," PGP is the answer.
The simple but ingenious method behind public key encryption is based around the creation of a customized key pair. The key pair consists of a public key and a private key. The public key encrypts messages, while the private key decrypts them.
Using PGP, Mr. Wise would generate a key pair by entering a real name or nickname to be associated with the keys and a password. The two keys are interlocking algorithms that appear as small bits of text code. Mr. Wise can freely share the public key with anyone who wishes to send an encrypted message to him. For example, let's say Mr. Wise gives his public key to Ms. Geek. He can copy and paste it into an email and send it to her "in the clear."
Ms. Geek receives the public key and copies it to her public key ring in PGP. After she writes an email to Mr. Wise, the email is encrypted using the associated public key, obtained from the key ring. The encrypted email is now sent. If someone captures the email en route, or even if it is stored on a server, it will be unreadable.
When Mr. Wise receives the email, his private key decrypts the message. Thus the communication is kept private, even though it travels over public channels. The encryption and decryption can be done automatically, as PGP seamlessly interfaces with most major email clients.
To send an encrypted email to someone using PGP, you only need his or her public key. Each public key is unique and works with the associated private key as a key pair. If you encrypt a message with the public key of someone other than the recipient, the recipient will not be able to decrypt the message.
When creating a key pair in PGP, the option exists for your public key to be sent to a public key server. This makes it possible for strangers to send you encrypted mail by simply looking up your public key. To avoid spam, you may choose instead to email your public key discretely to handpicked friends. Others attach their public key as part of their signature on public posts to newsgroups and Web chat boards.
A PGP user can also use his or her private key to digitally sign outgoing mail so that the recipient knows that the mail originated from the named sender. A third party would not have access to the private key, so the digital signature authenticates the sender.
Sensitive data files stored on your hard drive or on removable media can also be protected using PGP. You can use your public key to encrypt the files and your private key to decrypt them. Some versions also allow the user to encrypt an entire disk. This is especially useful for laptop users in the event the laptop is lost or stolen.
Early versions of PGP were written by Philip Zimmermann and first offered to the public in 1991. The program is open source and has several different versions available with prevailing attitudes about which is best. Some versions are free for personal use, while the newest "official" incarnations offered through PGP Corporation are shareware. Beginning with PGP Personal Desktop v. 9.0, users are offered a fully functional free trial run before the software reverts to a lesser-featured version, minus a purchased license. The lesser-featured version still allows encryption of email but some of the automation is crippled.
Commercial versions of PGP are also available to use in networked multi-user environments.
I've been using PGP v8 Free for a long time, but it stopped working when I had to migrate from XP to Win7 (Pro 64). Does anyone know how to make it work in Win7 please?
Whatever kind of PGP or may I better say OpenPGP related product you use, sharing your public key bilateral or via a keyserver is inevitable if you want to receive encrypted mails from other people.
Since you can't send encrypted to anybody if you do not have his public key, you will need to obtain it first.
Don't forget to secure your private key properly. Most people store it on their computer and think hiding it somewhere in a file is enough.
To be truly secure you should have access to the file containing it password protected. If you're going to use PGP you may as well be careful on all counts.
@Acracadabra - At work we don't use PGP encryption freeware, but rather a paid service. I assume that it all works in similar ways though.
It's rare to send email using PGP to someone who doesn't have it installed. Actually the most time consuming part of the whole thing is the initial sharing and storing of key information.
I'm pretty sure that if you sent one to someone without the program they would be invited to download it, though they could be suspicious it is SPAM and not bother.
Why not try sending a mail to yourself at a second email address and see what happens?
I enjoyed reading this as Internet security is something that worries me quite a lot. I am not sure of one thing though. If I use PGP freeware to encrypt an email I am sending, what happens if the recipient doesn't have it installed on their computer?
Post your comments