By: Rafe Zetasci

Created by Phil Zimmermann in 1991, PGP has been commonly used since for signing, enciphering and decrypting text files, electronic mails, digital documents, folders and whole disk partitions to enhance the security of digital communication. In definition, Pretty good privacy (PGP) is a data encryption and decryption computer system that offers cryptologic confidentiality and validation for data communication.

Phil Zimmerman

Phil Zimmerman

How Does PGP Encryption Work?

In PGP encryption, a sequential blend of data contraction, hash functions, secret key algorithms and public key cryptography or asymmetric cryptography is employed. Each of these measures uses one of several endorsed algorithms. A username and/or an email address are secured to every public key.

In order to encrypt files using PGP Security and send messages in confidence, PGP employs a combination of symmetric key encryption and asymmetric encryption. The data is then coded with the help of asymmetric encryption algorithm that involves a symmetric key. Every one of these symmetric keys is employed only once and is also referred to as a session key. The digital data and the session key are transmitted to the receiver, but for the receiver to access the data, the session key must also be given to the receiver in order to decrypt the message. This ensures that the message is protected throughout its transmission and can be accessed only when the session key is used by the receiver. The private key that goes to the receiver can be used to decode the session key.

In addition to securing digital data, PGP also supports integrity examination and authentication. Integrity examination is used to trace whether any contents in the data have been altered since it was completed, while authentication is used to determine whether the file or data was actually sent by the original sender or the individual claiming to be the original creator of the file. Since matter in the file is encrypted, any alterations in the content will result in defeat of the decryption or the relevant key. The original creator of the file utilises PGP to produce a digital signature for the file with the help of RSA or DSA algorithmic programs. In order to create the algorithms, PGP formulates a message digest aka hash from the un-coded text and builds a digital signature from that hash with the help of the original creator’s private key.

It is important to note that when digital data is being encrypted and at the time of verifying digital signatures, it is extremely vital that the public key employed in sending the digital files to the intended recipient, actually belongs to the individual who should be receiving the file. In many cases, inadvertent or intentional deceit can take place and hence merely downloading a public key from any location is not an irrefutable surety that the file has been secured.

From its first version, PGP solutions have always incorporated an integral certificate ‘scrutiny system’, which is known as a web of trust. This web of trust code of behaviour was first initiated by Zimmermann in 1992.

Right from when it was first introduced, a user’s public key was always distributed in an identity certificate as an integral inclusion in PGP. This identity certificate is built in a cryptographic manner so that any meddling or inadvertent distortion is instantaneously noticeable. Nonetheless, simply ensuring a certificate that is not possible to alter without being discovered is not enough; distortion can be prevented only after the certificate has been produced, not before. It is also important that users ensure, through verified means, that the public key in the certificate, in reality, belongs to the original creator or the individual claiming to have created it.

Article By: Rafe Zetasci

We hope you have enjoyed this overview of PGP security and encryption. If you would like to learn more about cybersecurity training and certification options- please visit SecureNinja