What is PGP?

If you’re looking for a pretty good encryption standard, there are worse places to start

Pretty Good Privacy (PGP) is a highly-secure method of encrypting text-based data used by businesses and organisations all over the globe. It combines different cryptographic protocols such as hashing, data compression, symmetric and asymmetric key cryptography to provide users with a fast and easy method of secure communication.

Each user has a 'private key' and a 'public key' and the interaction between the two forms the basis of the method's security. Private keys remain with the user only, forming the only part of the system that can verify a user's true identity. If anyone else has access to a private key, they can decrypt any communication intended to the rightful holder, rendering the communication channel compromised.

Advertisement - Article continues below

You can think of public keys as telephone numbers, something you can freely give out so people know how to contact you. When encrypting a message, a user must do so with the intended recipient's public key, like calling the right phone to reach the right person. You can think of the private key as the phone's password, only the person with the password can answer the phone.

Because the public key is linked to the recipient's private key, only that user can decrypt the message. You encrypt with the public key to ensure it gets to the right person and decrypt with a private key so only the right person can see it.

Advertisement
Advertisement - Article continues below

Pretty Good Privacy was developed by computer scientist Phil Zimmerman in 1991, who wanted to create an open source encryption platform that could be used by anyone across the world, without having to pay huge fees.

Advertisement - Article continues below

It's now owned by security giant Symantec Group, and it is the antivirus developer that now is responsible for updating PGP to ensure it's sufficient to protect email communications. The company has also developed an open source variant - OpenPGP, which is used alongside the licensed version.

What is PGP used for?

Although PGP was initially built to encrypt emails, this technology can be used to safeguard a range of communications from text messages to files. PGP can be applied in many ways, including boosting privacy as well as securing digital certificates.

There are a number of different standards in use, but the most widely-adopted is OpenPGP, an open-source iteration that bypasses the licence arrangements tied to PGP.

It’s predominately used to secure desktop apps and email clients such as Apple Mail and Microsoft Outlook. Google Chrome also offers extensions that allow users to apply the standard to web browsing.

How does PGP work?

This security tool works by adding layers of encryption onto text-based content to safeguard the content, and raise the level of privacy. 

Advertisement - Article continues below

PGP relies on strong cryptography that renders encrypted text impossible to decipher without the requisite tool, or key. When applied to email clients, for example, the message content is protected through the use of an encoding algorithm that garbles the text so it’d be impossible to read if intercepted by a third-party. 

Anybody hoping to read the text would need the key to unlock the code, but the key itself is often encrypted as well. Both are sent to the recipient of the message, so it can be read as normal once opened. The key and message are deciphered through the recipient’s email application, through the use of a private key, almost instantly once it’s sent.

Related Resource

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Is PGP secure?

There has been some controversy over how secure PGP is. In 2011, researchers discovered that short encryption keys (32-bit or smaller) were unsafe to the extent some claimed they in effect offered no security at all.

Advertisement - Article continues below

This is because, with modern GPUs, it's easy for hackers to come up with a "colliding" (i.e. matching) key ID if the key in question is short. This doesn't mean PGP is fatally flawed, though - it just means a long key (greater than 32-bit) must always be used. If it is, then PGP works as intended and is secure - for now at least.

Most recently, hackers have discovered a hugely significant flaw in OpenPGP, the open-source variant of Symantec's licensed version. The flaw has been known to developers for over a decade and it could mean the end for the technology, according to those who built it. Hackers have found a way to flood keys with a huge amount of unnecessary data which will break the program (GnuPG) needed to use the technology.

"This is a mess, and it's a mess a long time coming," said Daniel Kahn Gillmor, a lead developer of OpenPGP. "The parts of the OpenPGP ecosystem that rely on the naive assumptions of the SKS keyserver can no longer be relied on, because people are deliberately abusing those keyservers. We need significantly more defensive programming, and a better set of protocols for thinking about how and when to retrieve OpenPGP certificates."

Nevertheless, the licensed version of PGP is still a secure method of communications that you can rely on to deliver sensitive information to individuals without having to worry about it being read if it were intercepted.

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement
Advertisement

Recommended

Visit/email-clients/26076/how-to-recover-deleted-emails-in-gmail
email delivery

How to recover deleted emails in Gmail

20 Jun 2019

Most Popular

Visit/development/application-programming-interface-api/355192/apple-buys-dark-sky-weather-app-and-leaves
application programming interface (API)

Apple buys Dark Sky weather app and leaves Android users in the cold

1 Apr 2020
Visit/security/cyber-crime/355171/fbi-warns-of-zoom-bombing-hackers-amidst-coronavirus-usage-spike
cyber crime

FBI warns of ‘Zoom-bombing’ hackers amid coronavirus usage spike

31 Mar 2020
Visit/data-insights/data-management/355170/oracle-cloud-courses-are-free-during-coronavirus-lockdown
data management

Oracle cloud courses are free during coronavirus lockdown

31 Mar 2020
Visit/security/cyber-security/355200/spacex-bans-the-use-of-zoom
cyber security

Elon Musk's SpaceX bans Zoom over security fears

2 Apr 2020