What is PGP Encryption? Definition, Uses, & More
Learn about PGP encryption as well as the benefits of using it to secure your private messages in Data Protection 101, our series on the fundamentals of information security.
What is PGP Encryption?
PGP encryption or Pretty Good Privacy encryption, is a data encryption computer program that gives cryptographic privacy and authentication for online communication. It is often used to encrypt and decrypt texts, emails, and files to increase the security of emails. PGP encryption uses a mix of data compression, hashing, and public-key cryptography. It also uses symmetric and asymmetric keys to encrypt data that is transferred across networks. It combines features of private and public key cryptography. Each step uses a different algorithm, and each public key is associated with a username and an email address
When plaintext is encrypted with PGP, it first compresses the plaintext. Data compression saves transmission time, disk space, and reinforces cryptographic security. Most cryptanalysis methods exploit patterns that are found in the plaintext. However, the asymmetry of PGP encryption allows for authentication. After public keys have been traded among partners, the private keys are used to digitally sign the encrypted content. This allows the decryptor to confirm the sender.
Uses of PGP Encryption
One use of PGP encryption is to confidentially send messages. To do this, PGP combines private-key and public-key encryption. The sender encrypts the message using a public encryption algorithm provided by the receiver. The receiver provides their personal public-key to whomever they would like to receive messages from. This is done to protect the message during transmission. Once the recipient receives the message, they use their own private-key to decode the message, while keeping their personal private-key a secret from outsiders.
Another aspect of PGP is message authentication and integrity checking. Integrity checking is used to detect if a message has been altered after it was written and to determine if it was actually sent by the claimed sender. Because the email is encrypted, changes in the message will make it unable to be decrypted with the key. PGP is used to create a digital signature for the message by computing a hash from the plaintext and producing a digital signature using the sender’s private key. A person can add their signature to another person’s public-key to show that it is truly that rightful owner.
PGP also ensures that the message belongs to the intended recipient. PGP includes requirements for distributing user’s public keys in an identity certificate. These certificates are constructed so that tampering can be easily detected. The certificates can only prevent corruption after they have been made, but not before. PGP products also help to determine if a certificate belongs to the person that is claiming it, often referred to as a web of trust.
Benefits of PGP Encryption
- Sensitive information is always protected. It cannot be stolen or viewed by others on the internet. It assures that the information that is sent or received was not modified in transmission and that files were not changed without your knowledge.
- Information can be shared securely with others including groups of users and entire departments.
- You can be certain who the email is from and who it is for. PGP verifies the sender of the information to ensure that the email was not intercepted by a third party.
- Your secure emails and messages cannot be penetrated by hackers or infected by email attacks.
- Others cannot recover sensitive messages or files once you have deleted them.
- PGP encryption software is very easy to learn how to use. With virtually no training, users are able to learn how to use it right away.
Frequently Asked Questions
Is PGP encryption still used?
Yes, PGP encryption is still used and is considered an industry standard for protecting sensitive information. Both commercial and free, open-source implementations of PGP are available. Commercial solutions offer technical support that may be lacking in freeware tools.
How do I encrypt using PGP?
The specific details used to encrypt a message using PGP will vary based on the version of the tool you are using. The general procedure is similar with all PGP tools.
1. Install the PGP tool.
2. The message receiver creates a public and private key.
3. The receiver sends the public key to the user who will send the encrypted message.
4. The sending user encrypts the message using the public key and sends it.
5. The receiver decrypts the message with the private key.
Does PGP encrypt with private or public keys?
PGP uses a combination of public and private keys to protect sensitive communication. Users have unique public keys which are used to encrypt a message before it is sent over a public network. The message is then decrypted by a recipient using a private key. The private key should only be known by the individual user.
What are the disadvantages of PGP encryption?
Due to its complexity and computational requirements, PGP is slower than other types of encryption such as AES. This may make PGP a poor choice for use in applications where speed and performance are important. Compatibility issues can also exist as there are many different implementations of the software available and both sender and recipient need to be using compatible versions.
Is PGP better than AES?
PGP offers stronger encryption than AES by using both symmetric and asymmetric keys to encrypt data. AES only uses symmetric key encryption which allows the same key to be used for encryption and decryption. PGP’s strength requires more computational power and is, therefore, best suited to use on single files rather than databases that are frequently accessed.