Pretty Good Privacy (PGP) refers to a cryptographic program designed to protect the privacy of confidential emails against hackers and unintended recipients. PGP ensures that only the person you are sending the email to and no one else will be able to open it and lay eyes on its content.
PGP does its job by using two keys or mathematical equations that are typically used in cryptography. The first key, called a “public key,” translates the raw file or message into unintelligible code. The second key, called a “private key,” is known only to the recipient who uses it to open the file or message.
Read More about “Pretty Good Privacy”
To understand what PGP is, you must first learn about its components.
What Makes Up Pretty Good Privacy?
PGP uses a combination of four processes that you need to perform in the correct order.
Hashing means turning a given key into another value. You use a hash function to generate the new value depending on your mathematical algorithm. The result is called a “hash value” or “hash.” It works this way:
Data compression refers to encoding, restructuring, or modifying data to reduce its size. It involves reencoding information with fewer bits than when it was initially represented.
Symmetric-key cryptography or symmetric encryption occurs when you use a secret key to encrypt and decrypt data. It is the reverse of asymmetric encryption, where you use one key to encrypt data and another to decrypt it.
Public-key cryptography or asymmetric encryption, as mentioned above, uses two keys—a public key and a private key. The public key is known to others, while the private key is only known by its owner. If you are interested, you can learn more about public key encryption and private key encryption in this piece, where we explain both in simple terms.
How Pretty Good Privacy Works
PGP works by going through the steps mentioned in the previous section. But users on both sides (senders and recipients) need to ensure they use compatible systems, keep to agreed-upon confidentiality rules, and maintain the same level of security.
The PGP encryption process has two parts—encryption and decryption.
On the encryption side, the message senders first generate a random key. They then use that random key to encrypt the data and the recipients’ public key. The encrypted data and encrypted recipient key are put together, resulting in the encrypted message.
On the decryption side, meanwhile, the recipients decrypt the encrypted key. They then use the decrypted key to decrypt the data, which allows them to read the message.
Here’s a diagram to show how the PGP process works visually:
For a video tutorial of how PGP works, you can watch this:
Pretty Good Privacy-Related Terms You Should Know
Understanding how PGP works is just the beginning. Using it, though, may require understanding some terms related to the encryption. Here are some of them:
- PGP fingerprint: A shorter version of a public key that users can use to validate a public key. You can print it on business cards if you wish to distribute it to intended recipients of encrypted messages.
- Compatibility: For PGP to work, the sender and recipient must use the same or compatible versions of the program. An incompatible version will not allow recipients to decrypt an encrypted message even if they have the correct key.
- Confidentiality: PGP is used to ensure messages stay secret. That requires private key holders to keep their keys confidential at all times, otherwise encrypting messages won’t matter, as anyone with the private key can open and read encrypted messages if they aren’t the intended recipient.
There are several other PGP-related concepts you may wish to know about. And if you plan to read more on the subject, you can start with digital signatures, the Web of trust, digital certificates, and the security quality of different types of cryptography.
PGP was created by Phil Zimmermann in 1991. It has been in use ever since and, despite debates concerning its complexity, will likely continue being used.