Communicating securely and privately online has never been more important than today where personal data is being harvested by governments and corporations to the detriment of the individual. Pretty Good Privacy (PGP) encryption is a technology that makes it possible to send and receive information securely and privately online.
PGP is a free and open encryption technology available to the public for encrypting, decrypting, signing, and verifying files and messages. So far, the technology has proven difficult to crack.
Below, you will find a simple guide to Pretty Good Privacy, including how it works, setting it up in a few minutes, and how to send your first encrypted message.
How Does PGP Encryption Work?
PGP helps to safeguard data on email systems, computers, hard drives, removable media, files, and even cloud-based applications.
This digital data encryption software was developed by Phil Zimmermann, a cryptographer and director at Computer Professionals for Social Responsibility (CPSR) from 1997-2000.
A simplified process of how PGP works for sending an encrypted email:
Grab the Digital Privacy Toolkit
Get your FREE copy of the Digital Privacy Toolkit and discover the latest apps you can use to protect yourself against the expanding surveillance apparatus.
- Create a message as a sender
- Encrypt your message using the public key of the recipient
- Send your encrypted message through whichever email server
- The recipient or receiver decrypts your encrypted message with a private key, which then enables them to read the message.
Now, the process outlined above is a general overview. The PGP software comes in several variations: OpenPGP, PGP, and GPG.
PGP: Pretty Good Privacy, the initial proprietary protocol, was released in 1991. It comes at a fee since Symantec Corp. acquired PGP Corp., the company who held the rights to the PGP code.
Symantec developed a variety of encryption products based on the PGP code including Symantec Information Centric Encryption, Endpoint Encryption, Symantec Desktop Email Encryption, File Share Encryption, and Gateway Email Encryption
OpenPGP: An open-source version which has become a universally-accepted PGP standard was developed in 1997.
GPG: GNU Privacy Guard (GPG) is an independent implementation of the OpenPGP standards. That means you can use it to send and receive encrypted messages from people using other OpenPGP applications.
However, what is standard in each of this encryption standard is the use of public and private keys. Though, the algorithm used to implement encryptions depends on the solution.
What is a Private And a Public Key?
A private key allows you to decrypt the messages sent to you. Private keys can also be used to generate file signatures. File signatures are used to authenticate identity and prove that a message is complete. A private key must never be shared with anyone.
A public key enables you to encrypt a message. Your public key can be made public so that others can send messages to your address.
How Do You Set Up PGP?
One of the most recommended PGP encryption software is Gpg4win. Gpg4win is the official distributor of GPG for Windows operating systems.
For MacOS, you can get GPGTools. It is a paid package that has an email plugin for Apple Mail, a service to use GPG in almost any application, a key manager and an engine to use GPG with the command line. Other options include Canary Mail, Mutt, and Enigmail.
To use PGP on Linux, you can opt for Seahorse, Kleopatra, Mutt or Enigmail.
To provide an example of how to send a private message using PGP, we will use Gpg4win to explain the process of creating public and private key pairs and sending an encrypted email.
Step 1: Download Gpg4win. Then double click the executable package and begin the installation. The installation procedure is similar to other software.
Step 2: During installation, you would be asked to choose the components you want to install. Using the default options is recommended here.
Step 3: After installing GPG4win, you need to launch Kleopatra, one of the components you installed in Step 2. It is the graphical front-end for the software. You can find the Kleopatra program inside the GPG4win installation file.
Step 4: Inside Kleopatra, click on ‘New Key Pair’ to create your public and private keys. A box would show for you to enter your name and email address.
Step 5: Click “Next” after inputting the required data in Step 4; you would be taken to another window to review the information for the key pairs (public and private keys). Press the ‘Create Key’ button after review. After that, you would be prompted to create a strong passphrase that would allow you to access your messages. Ensure you keep the passphrase safe.
Once you forget the passphrase, it cannot be recovered. That means encrypted data and emails will be inaccessible.
Step 6: The application would give you the opportunity to backup your public key, send it by email or upload it to a directory email service.
Step 7: To encrypt your first message: click on ‘Clipboard’, then ‘Encrypt in Kleopatra’. An empty box would pop up where you can paste your message and also add recipients.
You would need to add the public key of the recipient of your message. You could either check for the person’s public key on a key server by going to ‘File’ then ‘Lookup Certificates on Server’ or ask the recipient to send you their public key, which you could then import into Kleopatra.
Step 8: Once you have added a recipient, click ‘Next’, and the encryption process will take place. Copy and paste your message to a word processor after encryption; you would only see a bunch of gibberish. You can then send this encrypted message through any email server to the recipient.
Only the owner of that public key can decrypt your message with their own private key. The receiver would follow almost the same process for encryption to decrypt the message.
That is how you can send a secure, private message to anyone across the globe using PGP encryption!