What is PGP?
PGP (also known as Pretty Good Privacy) is an encryption system for encrypting sensitive files and data. PGP is the industry standard for email security and ensuring the authenticity of data users send and receive.
PGP can be used to encrypt and decrypt text, emails, files or entire disk partitions as well as to create digital signatures. PGP was developed in 1991 by Phil Zimmermann, who named it after a fictional grocery store, “Ralph’s Pretty Good Grocery.”
The Internet Engineering Task Force (IETF) later used PGP to create the OpenPGP standard. The new open-source standard allowed many more softwares to adapt PGP key encryption, including email service providers and web browsers.
How encryption works
To understand encryption, imagine that you want to send a love letter, but you don’t want anyone to read it except the intended recipient. You write your letter and then create a code (in cryptography terms a key) to encrypt your message. For example, if you choose that each letter of the alphabet correlates to a number, then your message ‘I love you’ would read like this: “9 12-15-22-5 25-15-21”.
With the encryption algorithm, your lover will be able to decipher the message and reply in the same manner. This type of cryptography had been used for many years, but it presents many vulnerabilities.
For your message to stay private, you need to communicate your key to the recipient privately as well. You can’t send the key together with the message. If you send it in a separate envelope or in plain sight over the internet, it can easily be stolen. You could, of course, communicate the key in person, but that’s also inconvenient, especially if you need to deliver a message to someone on the other side of the world. That’s where PGP comes into place.
PGP file encryption uses “public-key cryptography,” which means that you need two keys – a public and a private key – to encrypt and decrypt messages. The public key is used to encrypt the data and the private key to decrypt it.
Imagine that someone puts their message in a box before sending it to you. This ‘encryption’ box has two locks and the sender needs to use your public key to ‘lock the box.’ You can share your public key with an individual or you can upload it on a key sharing servers. The public key then encrypts the message in a way that no one snooping on the traffic can decipher it, not even the sender himself.
Your public and private keys are related in a way that only a combination of the two can now unlock the box (decrypt the message). You are the only one who holds the private key, so only you can decrypt the message. You should never share your private key with anyone.
Is PGP encryption secure?
PGP encryption uses 128-bit keys, which makes it pretty challenging to break. In other words, there are 2^128 possible combinations someone could try before they break the encryption and reads your message.
For a brute force attack to be successful, the hacker would need a computer capable of running a billion keys every second. Even if such a supercomputer existed, it would still take more than 10,000,000,000,000 years to try all the possibilities. Therefore, PGP users can feel pretty safe using this encryption standard.
Why use PGP?
1. To encrypt your emails
PGP is widely used to encrypt email communication. There are several plugins you can install on your Gmail account to encrypt your messages. PGP messages encrypt automatically while others will need manual configuration. However, these plugins do not encrypt your attachments or other sensitive information such as the subject line or your email address.
Instead, you can opt for a secure email service provider that has built-in PGP encryption. This means that your emails are encrypted automatically. Some will even offer extra features like anonymous registration, anonymous payment or even ‘burner email addresses.’ Beware that for the encryption to work, the receiver of your message will also need to use an email service provider that supports PGP.
2. To use digital signatures
Your PGP key can also be used to digitally sign documents you are sending over the internet and prove that they are authentically yours.
For example, imagine you’re sending a novel to your best friend. You encrypt the document with their public key and sign it with your private key. Once they receive the novel, they will know that it came from you and no one else. If for some reason someone intercepted the document and changed something – even just one letter or digit – your friend will see an invalid digital signature when they open the novel.
Bitcoin wallets can also be signed with the developer’s private key. A digital signature ensures that these pre-compiled wallets are not hiding any malicious code that could steal your cryptocurrency or other sensitive information.
3. To encrypt your files
You can also use PGP to encrypt your files, especially if you are sharing your device with someone else. To encrypt your files with PGP software, follow these steps:
- Download and install Gnu Privacy Guard (GPG) software. For Windows users, download Gpg4win here, and Mac users – GPG Suite here.
- Generate a new certificate, which is essentially how you get your PGP public key. It will include some extra data such as your name and email address so that others can verify that the key is actually yours.
- Share your public key with others. You can even upload it to public key servers such as the PGP Global Directory or the MIT Key Server.
- You can now use the software to encrypt your files.
How to use PGP
Advanced users will be able to set up their own PGP encryption, but most users should look for services that provide PGP encryption as a feature. Like most protocols, it isn’t available as a standalone app.
One of its most popular uses are for emails. Your best options would be to find an email provider that offers PGP encryption built-in. Fortunately, we’ve done a comprehensive review of the best privacy-oriented email providers that offer PGP and other encryption protocols to keep you secure.
The last piece of advice
Unfortunately, nothing is foolproof, and PGP-encrypted files have been broken before. However, this usually happens when the user fails to keep their private key genuinely private – not due to the encryption. Is PGP still secure? So long as you stay smart. Remember, your privacy is only as strong as your ability to remain vigilant.