Learn about PGP encryption as well as the benefits of using it to secure your private messages in Data Protection 101, our series on the fundamentals of information security.
Definition of PGP Encryption
PGP encryption or Pretty Good Privacy encryption, is a data encryption computer program that gives cryptographic privacy and authentication for online communication. It is often used to encrypt and decrypt texts, emails, and files to increase the security of emails. PGP encryption uses a mix of data compression, hashing, and public-key cryptography. It also uses symmetric and asymmetric keys to encrypt data that is transferred across networks. It combines features of private and public key cryptography. Each step uses a different algorithm, and each public key is associated with a username and an email address
When plaintext is encrypted with PGP, it first compresses the plaintext. Data compression saves transmission time, disk space, and reinforces cryptographic security. Most cryptanalysis methods exploit patterns that are found in the plaintext. However, the asymmetry of PGP encryption allows for authentication. After public keys have been traded among partners, the private keys are used to digitally sign the encrypted content. This allows the decryptor to confirm the sender.
Uses of PGP Encryption
One use of PGP encryption is to confidentially send messages. To do this, PGP combines private-key and public-key encryption. The sender encrypts the message using a public encryption algorithm provided by the receiver. The receiver provides their personal public-key to whomever they would like to receive messages from. This is done to protect the message during transmission. Once the recipient receives the message, they use their own private-key to decode the message, while keeping their personal private-key a secret from outsiders.
Another aspect of PGP is message authentication and integrity checking. Integrity checking is used to detect if a message has been altered after it was written and to determine if it was actually sent by the claimed sender. Because the email is encrypted, changes in the message will make it unable to be decrypted with the key. PGP is used to create a digital signature for the message by computing a hash from the plaintext and producing a digital signature using the sender’s private key. A person can add their signature to another person’s public-key to show that it is truly that rightful owner.
PGP also ensures that the message belongs to the intended recipient. PGP includes requirements for distributing user’s public keys in an identity certificate. These certificates are constructed so that tampering can be easily detected. The certificates can only prevent corruption after they have been made, but not before. PGP products also help to determine if a certificate belongs to the person that is claiming it, often referred to as a web of trust.
Benefits of PGP Encryption
- Sensitive information is always protected. It cannot be stolen or viewed by others on the internet. It assures that the information that is sent or received was not modified in transmission and that files were not changed without your knowledge.
- Information can be shared securely with others including groups of users and entire departments.
- You can be certain who the email is from and who it is for. PGP verifies the sender of the information to ensure that the email was not intercepted by a third party.
- Your secure emails and messages cannot be penetrated by hackers or infected by email attacks.
- Others cannot recover sensitive messages or files once you have deleted them.
- PGP encryption software is very easy to learn how to use. With virtually no training, users are able to learn how to use it right away.