PGP, “Pretty Good Privacy” (supposedly named after a fictional “Ralph’s Pretty Good Grocery” from a comedy skit) is both a program for encryption and a standard (OpenPGP) in encryption (more specifically, two: the OpenPGP Message Format and MIME Security with OpenPGP). While it was created back in 1991 by Philip R. Zimmermann, PGP itself is still being maintained, and so is at least one of its open-source counterparts, GPG (“GNU Privacy Guard”). It was created with the intention for fellow anti-nuclear activists to exchange messages and files securely on BBSs, and from there it made its way to Usenet, and later on to the Internet. PGP has an interesting history, including Zimmermann being target of criminal investigation in Feb ’93.
Uses of PGP
PGP and similar software have many uses, including:
Digital signing: useful for press releases, formal messages, backing, etc.
- Ensures authenticity of a message (i.e. no tampering has occurred)
- Provides trustworthiness (for various reasons, such as people being able to vouch for each other)
Encryption (useful for business intelligence such as storing your S.I.N. and tax information, research data, etc.)
- Secures data and can be used to hide it (e.g. with steganography to provide plausible deniability), which can be individual files or entire disks
- Allows safe and secure communication (which is not limited to e-mails, though this is probably its primary medium now)
Secure deletion (“shredding”) is also often associated with such software
Or any other use you see fit. For as Philip R. Zimmermann says: “It’s personal. It’s private. And it’s no one’s business but yours.”
Where to Get PGP and Related Software
Below is a list of OpenPGP compliant software and the operating systems they run on (This list is by no means exhaustive):
- PGP (Windows)
- GPG (Linux, Windows as GPG4Win, Mac as MacGPG)
- TrueCrypt on-the-fly partition/drive encryption (Windows, Mac OS X, Linux)
- eCryptfs / Qryptix / etc. encrypted filesystems (Linux)
- ZRTP / Zfone / PGPfone for encrypted VoIP calls
- Miscellaneous support software
- The Qooxdoo JavaScript GUI framework has an OpenPGP project
- Various mail clients have plug-ins to support PGP/GPG (e.g. Enigmail)
How PGP Works
Part of PGP is based on the public/private key algorithm. A public “key” (technically a misnomer and could be called a “lock”) that is shared with everyone to encrypt data; and a private key (which is kept secret) to decrypt data. At the time the keys are generated, a revocation certificate is also generated to allow de-validation of the keys. In other words, anyone who has a copy of a person’s public key can encrypt data that only that person can then decrypt, but if someone were to steal that person’s private key, they can use the revocation certificate to indicate that those keys are no longer to be trusted.
The keys can be shared in a variety of ways. You can put them on a diskette, disc, USB key or any other such media and personally hand them to those who will be using it (one of the safest methods), or post it on public “key servers” which hold public keys for anyone to download (which also facilitates revocation). Then again, the method you share your public key is not as important so long as the recipients have a secure way to verify the “fingerprint” (the key’s unique identifier).
Quality of Security
But just how secure is PGP?
One might wonder if it is open source couldn’t anyone figure out and break the encryption? Actually, encryption is more complicated than that. Although early versions of PGP and its early algorithms (such as IDEA) have theoretical vulnerabilities, no one is known to have broken the encryption of any later version of PGP.
Thus, a malicious user wanting to crack your encrypted files is more likely to use other methods to break the security, such as social engineering (trickery), rubber hose cryptanalysis (coercion), or black bag cryptanalysis (stealing/monitoring/spying). The reason for this is that the vulnerability exists not in the software nor the method of encryption, but in the user.
Related posts: