Pretty Good Privacy (PGP) is a data encryption protocol that uses a combination of symmetric and asymmetric encryption to allow two parties to confidentially exchange data. PGP also allows a receiver to authenticate the identity of a sender and verifies that the message was not altered in transit. Contrary to what its name might suggest, it actually provides very robust, time-tested protection.
PGP was developed to prevent email providers, Internet providers, hackers, and governments from reading emails and other sensitive communications and allow journalists, whistleblowers, political activists, and others to confidentially exchange information electronically without fear that a capable adversary will eavesdrop. Since first published in 1991 it has become the de facto standard for email encryption.
PGP uses a secure key exchange protocol that is very well established and used extensively for securing communications on the internet (e.g. SSL, TLS). Certain email clients support PGP encryption natively, which makes sending encrypted emails very straightforward for users. When not supported by the email client, PGP can be difficult to use, because it requires additional software to manually generate the encryption keys and exchange them between communicating parties.
The best way to understand how PGP works is through an example. Let’s assume a sender wants to securely send data to a receiver:
Why is the sequence described above secure? Why does it prevent someone other than the receiver from seeing the protected data?
Data encrypted with a robust symmetric key cipher (e.g. AES) and a sufficiently large encryption key (e.g. 512-bit key) is practically unbreakable, so only a receiver with the symmetric key can decipher the data. The encrypted data can be literally posted on the internet and freely accessible for download to anyone, and it will still be secure because, without the decryption key, there is no practical way to decrypt it.
PGP is a great way to securely exchange data, so long as the private keys are adequately protected and their owners have sole access to them. If the private keys are compromised, then someone can impersonate a sender and tamper with the data without the receiver knowing it.
Symmetric ciphers are a lot more efficient computationally than asymmetric ciphers, so they are a lot quicker at encrypting or decrypting a large amount of data. The problem however with symmetric ciphers is that for them to work, both parties – the sender and receiver – need to know the key and therefore need to come up with a secure way to exchange the key. The sender needs to know it so he can encrypt the data and the receiver needs to know it so he can decrypt the data.
This is where asymmetric private/public key pairs come into play. With asymmetric keys, one key (the private key) is used to encrypt things and the other (the public key) to decrypt. The public key, as its name suggests, can be publicly known, so there is no problem sending it in the clear to anyone that wants to know it. The private key needs to be closely guarded.
To securely exchange a symmetric key, the sender uses the receiver’s public key to encrypt the symmetric key, which means that only the receiver with the corresponding private key can decrypt the symmetric key and then access the data encrypted with it.
Asymmetric ciphers require a lot of computational power. Each encrypt/decrypt operation is very expensive computationally and takes a long time, which means that encrypting or decrypting a large amount of data is inefficient. The use of asymmetric ciphers is therefore limited to enabling the secure exchange of symmetric keys, after which the sender and the receiver can use the much more efficient symmetric cipher.
In addition to enabling the exchange of encrypted data, PGP can also be used to digitally sign data so its receiver can verify (i) the identity of the sender, and (ii) the integrity of the data – i.e. that it has not been tampered with.
To verify the identity of the sender, the receiver uses the sender’s public key to decrypt a message that only someone that has access to the corresponding private key could have encrypted. This verifies to the receiver that the owner of the public key is the one who sent the message and not someone else.
To verify the integrity of the data sent, the sender hashes the data sent and encrypts the hash with his private key. The receiver can verify that the data has not been tampered with by decrypting the sender’s hash of the data using his/her public key, independently hashing the data received and comparing its hash with the sender’s hash. If the two hashes match, then the data sent is exactly the same as the data received. If the hashes differ, then the data has been modified somewhere in transit.