PGP: Defining Pretty Good Privacy & How PGP Encryption Works

Pretty good privacy (PGP) is an encryption program that uses a combination of public, private, and random keys to block data from prying eyes.

If you have sensitive data moving from one place to another, PGP could block it from view. And you could use the system to ensure you're dealing with a trusted communication partner that hasn't tampered with data. 

PGP was developed in 1991, and it was surrounded by plenty of controversy after its inception. The developer released the program as freeware, but a secondary company claimed ownership, and lawsuits were filed. 

Despite its inauspicious beginning, PGP took off within the security community. Since it was available for free, plenty of companies incorporated the concepts into their products. Now, PGP is the dominant method organisations use to ensure email security.

Pretty Good Privacy (PGP)

 

What Is PGP Used For? 

Any connected device sends and receives data throughout an average day. Security experts use all sorts of tools to keep communication secure. They lean on PGP for three very specific use cases. 

PGP is most often used for:

  • Digital signatures. Is the email in your inbox from someone you trust? Has the message been altered in transit?

    A digital signature (also known as authentication) answers those questions. PGP messages come with digital signatures, or a string of computer-generated bits the user can decode with a key.

  • Email encryption. Senders need a prior connection with a recipient to make this work. The two must exchange public keys, so the garbled message the recipient gets can be decoded and a proper response can come back. Protecting messages in transit is the goal.
  • File encryption. Protecting documents in transit is crucial, but sometimes, you must protect files at rest too. PGP functions, including some compatible with Microsoft products, allow users to protect single files, multiple documents, or all the items within a folder tree. 

Some people use PGP out of fear of government intrusion and spying. But as one blogger points out, plenty of average people lean on the technology to keep their communication safe. He cites:

  • Protected technology. A company building a million-dollar product might encrypt files to keep competitors away.
  • Surprises. A husband might encrypt an email about a wife's party, so she isn't alerted before the big day arrives.
  • Personal reasons. An employee might encrypt sensitive files stored on the public server.
  • Negotiations. Parties talking about costs, fees, and contracts might encrypt their discussions so the news doesn't leak. 

In general, PGP can be a great tool for anyone talking about sensitive, damaging, or secret items that could cause damage if released into wider consumption. 

How Does PGP Encryption Work?

As we mentioned, PGP can be used for all sorts of things, including file encryption. But since the technology is so closely associated with protecting email, that's the function we'll focus on here. 

Before getting started with a PGP-encrypted email, you'll need three things.

  1. A program: You can't make this work without some kind of technology. Some email programs have PGP built in, but if yours does not, you'll need to invest in the tool. (We'll talk about this in detail later.
  2. A public key: A string of numbers and letters, created by a computer, makes up your public key. Your communication partners need to know this information to send notes to you. Share it widely. You'll use this key to validate incoming messages and send encrypted messages.
  3. A private key: A string of numbers and letters related to your public key makes up your private key. Protect this carefully. You'll need it to work with PGP, but if the information is released, others can read your notes too. You'll use this key to sign outgoing messages and decrypt incoming messages.

When you're ready to send your first message, a predictable sequence begins.

  • Encryption: