PGP stands for Pretty Good Privacy. It is an encryption program that applies cryptographic privacy and authentication to online communications. PGP is most commonly used for keeping contents of emails encrypted and private. OpenPGP is an open-source version of PGP that has become widely used.
How does PGP Work?
PGP encrypts the contents of an email so that unwanted third-parties aren’t able to view your email messages. Typically a user will install a program on their computer that will work with an email client, like Gmail or Outlook, and apply the PGP encryption to the emails they send. Google lets Chrome users implement PGP with a browser extension for Chrome. Yahoo also offers an encrypted version of its email service that uses Pretty Good Privacy.
PGP uses a public key and a private key. The public key allows anyone to encrypt the contents of their messages before they send it. The private key is what lets the recipient of a message decrypt the contents of that message. There are currently multiple versions of PGP in production. The Diffie-Hellman and RSA versions are both PGP, but do not work with each other since the encryption algorithms are unique.
PGP keeps the contents of your email messages encrypted, but it does not encrypt the subject line of your emails. It’s vital that you don’t include sensitive information in the subject line of your email.
PGP encryption uses a combination of hashing, data compression, symmetric-key cryptography, and finally public-key cryptography. Each step in the process uses one supported algorithm
Example of PGP Encrypted Message:
-----BEGIN PGP MESSAGE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> hQEMA+C7envFYmALAQf/YMlqlvE7jYFqNyTMQXAv6p2PrGc94Nyrbviva+OJJxUB dzfCqCgvBN6k07O/lDdSXXfS4hibsviNizr3iAe4AfmjERbQTyT4OzfILLOB9Wrk 6Fvq3W035p+rHF9gTcflA1F0oxymwGF22J9QXHsoFUdkU43rfCFkp/nuBWAMY5dU 3Snlq403WionmLqbzMK6uZ6ItbKncPWYE62P2x44WUFdBi82TI8E126YLztwtotO K0Tam+Ew5t9g0CS9+cU9gJV+GdTWFiCVs+Gt3EvbrE2suIL6jCOPGL3OrB/pQbV7 mtlZ8360i7OoxpT7ShCB4yGCVMpjG7EW+j080Mx5+KUBiOpXa7WFvbg5HWC5iIWm iauq+UG2WUz+53NauJqcCp/LAHyw4inVuAbYojKjKjCJodv5O6KPtg86e3rCoe7A KMorDefZd+Uuu3bLzCQgZQYabEalJN+QLa8N4axdvlcF4ZLF9CciOZXWcBL33wI+ wLMIwR06/bUllUw+rPJzFYU0qXpaUkbEpAFgz2ocGsgQ1ORwtZX/qqGMfzleyW+6 oWdLZSM2VhYw1gVuPCcg1sf1RXEAQ/AwI9JWITRgwDUXY+7QE/nAkd0AGGoJkF// ZlsQVyDMRyK6zkzNWM8b00AxtXshAEgEvulhdm13g/aiMzgCzTWBSjm2F5/7N5Xb AGUPQW76IEOM4XUaBbAzC8i4nLEfvccO50urUIzt8OC/JkR4haCdtMFswQUuzZ36 UesUCXpoQTGE89hPW3CSd41ddCOc5IllQZVqwVuIG8XkwzBsXIpG1lIe+5AA+dK2 FyvGBbSkdwh72gPzXRYc9AFT4Rqr8tK1rsod0+tho2DzZZW2gVS0wHrB =FfuE -----END PGP MESSAGE-----
Limits to PGP
As other applications of cryptography have advanced, certain aspects of PGP have faced criticism. The long, complex PGP public keys makes using PGP slightly more complicated. Mixing up just a single character in these long series of characters makes the key useless. Pretty Good Privacy itself is quite simple, but for users with introductory knowledge to computers and technology will have a hard time using the technology. Although PGP is a well-respected cryptographic protocol for protecting emails, it’s yet to be adopted on a broader scale. Finally, PGP lacks perfect forward secrecy, because if someone comes across a user’s private key at any point, they can decrypt that user’s communications.