Monday, 29 June 2015

Whats So Good About Pretty Good Privacy (PGP)?

Whats So Good About Pretty Good Privacy (PGP)?

Pretty good privacy a program developed by Philips R.zimmermann in 1991 gained its popularity in encryption-decryption of email over the internet and also to authenticate messages with digital signatures, and is now widely used by many corporations to ensure privacy.

What is PGP ?

Pretty Good Privacy (PGP) is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications.

How it works?  

Pretty good privacy uses a variation of asymmetric cryptography hence, requires two separate keys public key (known to all) and private key (known to the user only) per user. These keys may be different but this key pair is mathematically linked. You  encrypt a message you send to someone else using their public key. When they receive it , they decrypt it using their private key.

When a user encrypts plaintext with PGP, PGP first compresses the plaintext. PGP then creates a session key, which is a one-time-only secret key. This key is a random number generated from the random movements of your mouse and the keystrokes you type. This session key can work with two public key versions i.e. RSA and Diffie-Hellman algorithms to encrypt plain text ; result is cipher text. Once the data is encrypted, the session key is then encrypted to the recipient's public key. This public key-encrypted session key is transmitted along with the cipher text to the recipient.

Decryption works in the reverse. The recipient's copy of PGP uses his or her private key to recover the temporary session key, which PGP then uses to decrypt the conventionally-encrypted ciphertext.

Where we can use pretty good privacy?

Pretty good privacy can be used to authenticate digital certificates and encrypt/decrypt texts, emails, files, directories and whole disk partitions.

For mobile email encryption Symantec gives add-ons mobile encryption application for android and apple IOS

For windows users : 
Gpg4win for file and email encryption.

For Linux users: 
Seahorse is a graphical interface for managing and using encryption keys. Currently it supports PGP keys (using GPG/GPGME) and SSH keys.

About The Author: 
Kaushal Jangid, I am a computer enthusiast, VAPT, Security Researcher. Also working with HOC to contribute as security research articles.


Post a Comment

Toggle Footer