Pretty Good Privacy

A quick look into the world of PGP


Public Keys

You can think of public keys like a jewellery box with an automatic lock that you can share with your friends. You give your friends this box and, after confirming with you and only you that you are the owner of that box, they begin to put things in it. This is basically what is happening with PGP encryption. Your public key is the key you give out to everyone. People encrypt files using your public key (placing files in the box), and send you those encrypted files. Once they encrypt the files using your public key (closing the lid on the box), only the person with the associated private key can decrypt that file, or open the box. You can upload your keys to a public "keyserver" which will allow others to "sign" and verify the integrity of your key.

Private Keys

Private keys go hand in hand with public keys. For every public key, there is at least one associated private key. Never hand out your private key. Ever. To anyone. Your private key is yours and yours alone as it is associated with your person and your person only. When you create your public key, your private key is generated. You should keep this file in a safe place, away from any online sources. Make backups of your private key on flash drives and/or compact disks. A common practice is to print out a QR code of your private key, however this is unadvised due to the legal technicalities that can ensue resulting in the seizure or spread of your private key. If your private key is compromised in any way, you may generate a revocation certificate that, when uploaded to a keyserver, will inform any user attempting to encrypt using your public key that your key is no longer secure. Only your private key can generate this certificate.

History

PGP actually had kind of a dark past. It was essentially born when Zimmermann discovered that most people had all their files out in the open - it wasn't safe. There was no real way of knowing if who you were talking to was really that person. In 1991 he created a system that did just that. Thus we have "Pretty Good Privacy", a method of encryption that's based mostly on trust and backed by reliability. It worked off of an algorithm he had designed himself, "BassOmatic", and each non-commercial copy of PGP shipped with a complete copy of the source code.

Everything was going well for a while. PGP left the US borders, gaining worldwide popularity - which was a problem. Cryptography was (and still is) a grey area in US law, and having a key that was larger than 40 bits was considered illegal by the United States. PGP uses keys that are larger than 128 bits. Zimmermann was put on trial for "munitions export without a license". Munitions being defined as guns, explosives, other weapons, and software. After years of trials, the case was finally closed with no charges.

Funny enough, Zimmermann thought of a way around getting charged with violating anything "munitions" again by publishing the source code. For $60 you can buy the source to PGP in a hardcover book, shipped anywhere around the world. This made his work protected under the United State's first amendment.

Uses and Practicality

There are many uses for PGP. Whether you just want to ensure your safety amongst friends and family, or if you're hiding yourself from third parties peeking over your shoulder, PGP is a good way to keep yourself safe. Some very common mediums for PGP include emails, instant messaging, message boards, and even pen and paper! No matter how you're sharing, you can have peace of mind that what you're making is only going to be seen by you and its intended recipient.

With the use of GUI applications such as Cryptophane (for Windows), PGP has become easier than ever to use. It's as simple as selecting the name of the person, and typing in your message. Many popular mail applications, such as Mozilla Thunderbird and Flipdog's MailDroid will automatically use your keys to protect your messages from being intercepted.