What is PGP?
Pretty Good Privacy for applying cryptographic privacy and authentication to online communications
PGP stands for Pretty Good Privacy. It’s an encryption program that applies cryptographic privacy and authentication to online communications. PGP is most commonly used for keeping contents of emails encrypted and private. OpenPGP is an open source version of PGP that has become widely used.
How Does PGP Work?
PGP encrypts the contents of an email, so that unwanted third parties aren’t able to view your email messages. Typically, a user will install a program on their computer that will work with an email client, like Gmail or Outlook, and apply the PGP encryption to the emails they send.
Google lets Chrome users implement PGP with a browser extension for Chrome. Yahoo also offers an encrypted version of its email service, that uses Pretty Good Privacy.
PGP uses a public key and a private key. The public key allows anyone to encrypt the contents of their messages before they send it. The private key is what lets the recipient of a message decrypt the contents of that message.
There are currently multiple versions of PGP in production. The Diffie-Hellman and RSA versions are both PGP, but they don’t work with each other, since the encryption algorithms are unique.
PGP keeps the contents of your email messages encrypted, but it does not encrypt the subject line of your emails. It’s vital that you don’t include sensitive information in the subject line of your email.
PGP encryption uses a combination of hashing, data compression, symmetric-key cryptography, and finally public key cryptography. Each step in the process uses one supported algorithm
Example of PGP Encrypted Message
— — -BEGIN PGP MESSAGE — — —
Version: PGPfreeware 6.5.8 for non-commercial use
hQEMA+C7envFYmALAQf/YMlqlvE7jYFqNyTMQXAv6p2PrGc94Nyrbviva+OJJxUBdzfCqCgvBN6k07O/lDdSXXfS4hibsviNizr3iAe4AfmjERbQTyT4OzfILLOB9Wrk6Fvq3W035p+rHF9gTcflA1F0oxymwGF22J9QXHsoFUdkU43rfCFkp/nuBWAMY5dU3Snlq403WionmLqbzMK6uZ6ItbKncPWYE62P2x44WUFdBi82TI8E126YLztwtotOK0Tam+Ew5t9g0CS9+cU9gJV+GdTWFiCVs+Gt3EvbrE2suIL6jCOPGL3OrB/pQbV7mtlZ8360i7OoxpT7ShCB4yGCVMpjG7EW+j080Mx5+KUBiOpXa7WFvbg5HWC5iIWmiauq+UG2WUz+53NauJqcCp/LAHyw4inVuAbYojKjKjCJodv5O6KPtg86e3rCoe7AKMorDefZd+Uuu3bLzCQgZQYabEalJN+QLa8N4axdvlcF4ZLF9CciOZXWcBL33wI+wLMIwR06/bUllUw+rPJzFYU0qXpaUkbEpAFgz2ocGsgQ1ORwtZX/qqGMfzleyW+6oWdLZSM2VhYw1gVuPCcg1sf1RXEAQ/AwI9JWITRgwDUXY+7QE/nAkd0AGGoJkF//ZlsQVyDMRyK6zkzNWM8b00AxtXshAEgEvulhdm13g/aiMzgCzTWBSjm2F5/7N5Xb AGUPQW76IEOM4XUaBbAzC8i4nLEfvccO50urUIzt8OC/JkR4haCdtMFswQUuzZ36UesUCXpoQTGE89hPW3CSd41ddCOc5IllQZVqwVuIG8XkwzBsXIpG1lIe+5AA+dK2FyvGBbSkdwh72gPzXRYc9AFT4Rqr8tK1rsod0+tho2DzZZW2gVS0wHrB =FfuE
— — -END PGP MESSAGE — — -
Limits to PGP
As other applications of cryptography have advanced, certain aspects of PGP have faced criticism. The long, complex PGP public keys make using PGP slightly more complicated. Mixing up just a single character in these long series of characters makes the key useless.
Pretty Good Privacy itself is quite simple, but users with introductory knowledge to computers and technology will have a hard time using the technology.
Although PGP is a well-respected cryptographic protocol for protecting emails, it’s yet to be adopted on a broader scale. Finally, PGP lacks perfect forward secrecy, because if someone comes across a user’s private key at any point, they can decrypt that user’s communications.