Despite its humorous name, Pretty Good Privacy (PGP) encryption is quite a heavyweight in the cryptology industry. And although it stands alongside the heavy encryption used in government communications, PGP encryption is used commercially by most email providers.
Created by Phillip Zimmerman in 1991, it follows the Open PGP standard for the encryption and decryption of data. Using public-key cryptography and a specific system created by Zimmerman for the binding to a username or email address, encrypted data can be sent securely through the Internet and decrypted when it reaches its destination.
Public-key cryptography is perhaps the reason why PGP encryption is such a success. Here is how it works; let’s say an email is being delivered through the Internet, when it is sent, the message is encrypted into a random jumble of letters and numbers that won’t make sense. It is now a code. And for every code, you’ll need a key that can unlock the message and convert it back to its original form. So, even if you somehow intercept the email before it reaches its destination, all you will see are lines of nonsense. However, for the recipient, the password will be able to act as a key and decrypt the code.
A simple analogy is a mailbox in front of your house. Its location isn’t exactly a secret. You can only put letters into the slot, but you cannot unlock it without the key. A similar principle applies for public-key cryptography.
As an extra security measure, PGP encryption includes a digital signature support. This allows the authentication of messages and integrity checking. Using RSA or DSA signature algorithms, the sender can electronically ‘sign’ documents which can then be sent through email. Once it reaches its destination, the signature will be checked by the appropriate software, which compares it to a sample of your own signature. Once it matches, the document is considered legal and can be used in a court of law.
And although public-key cryptography and digital signatures may seem enough for most people, it isn’t to Zimmerman. When someone encrypts and sends a message to another public-key (username or email), it is important that the public-key actually exists and belongs to someone. Since most documents that have PGP encryption are mostly confidential, it would be bad if it ends up in the wrong hands. So, to overcome this problem, another feature is added, the ‘web of trust’, which is exactly what is sounds like.
It basically points out an error when you’re sending a message to a public-key that doesn’t exist. This is achieved by the identity certificate that is made available when you download the public-key. This ‘certificate’ only allows the sender to send to one specific public-key and prevent any you from typing out the wrong email address.
PGP encryption is the best way to ensure your data’s security due to its high quality. In fact, PGP encrypted data is so hard to be decoded that a leading cryptographer, Bruce Schneier once called it the ‘closest thing you can get to a military-grade encryption ‘.