Don’t let the name “Pretty Good Privacy” mislead you. PGP encryption is the gold standard for encrypted communication and has been used by everyone from nuclear activists to criminals since its invention in 1991. While the execution is complex, the concept is simple: you can encrypt text, making it unreadable to anyone who doesn’t have the key to decode it.
- How Does PGP Encryption Work?
- What Can I Use PGP Encryption For?
- How Do I Get Started?
- Frequently Asked Questions
How Does PGP Encryption Work?
Imagine you want to send someone a letter but don’t want anyone except the recipient to be able to read it. The best way to do this is to write the letter in code, but you can’t send the code key along with the letter, as that’s not very secure.
PGP encryption gets around this problem using public key encryption. Everyone is assigned two keys: a public one that you can share with everyone and a private one, which you keep to yourself. What makes this system possible is that the codes only work one way. If Key A encrypts a file, Key A cannot reverse the process and decrypt it. Only its pair, Key B, can do that. Here’s how it usually works:
- Write down your message.
- Find your friend’s public key. He can email it to you, have it listed on a site, etc.
- Run a computer program that uses the public key to convert the message to code.
- Send the message. Anyone who intercepts it will only see gibberish.
- Your friend receives the message and runs it through his private key to decode it, restoring it to plain text.
This is a vastly simplified explanation of the process, but it covers the basics behind PGP encryption. If you want a more technical, mathematical explanation, Hackernoon breaks it down in much more detail.
What Can I Use PGP Encryption For?
PGP is most often used for encrypting emails, and there are many services to help you do that. ProtonMail is one great example of an encrypted email service that uses full end-to-end encryption. Beyond that, you can use your imagination: PGP can encrypt any text you need and can even be used on whole directories and drives. Investigative journalists often list their public keys online to make it easier for anonymous sources to get in touch with them, and sellers on darknet markets often use it to ensure their customers’ personal information stays secret.
How Do I Get Started?
Getting your own key pair is actually much easier than it sounds. You don’t need to understand anything at all about cryptography. You just have to figure out a few simple programs.
Install Encryption Program
- Download Gpg4win. This is a free (though you can donate or just choose $0 when prompted) set of encryption packages and tools. For macOS, check out GPG Suite. You can also add PGP to Linux. As I use Windows, I’ll go through the Windows process.
- Install Gpg4win. Make sure GnuPG (the actual encryption package) and Kleopatra (a nice user interface) are installed. The other components are optional, but it can’t hurt to have them.
How to Generate Encryption Keys
- Once everything is installed, find the Kleopatra program on your computer and open it.
- Go to the “File” tab and select “New Key Pair.” Or, choose “New Key Pair” under the “Certificates” tab. The second option is available only the first time you use the tool.
- Since you want PGP keys, select “Create a personal OpenPGP key pair.”
- If you want to attach your key to your identity, real or fake, you can enter that information here. Otherwise, you can skip this step. If you want to protect your key with a passphrase (which is more secure), check the “Protect the generated key with a passphrase” box.
- From the same dialog box, visit “Advanced Settings” and make sure “RSA” is selected. Change the default 2048 to 4096; this level of encoding makes your encryption pretty much impenetrable and doesn’t really slow you down during normal use.
- Click “OK” to exit this settings menu, then click “Create” to start creating your key. The program is now generating thousands of random characters to make your keys and will ask you for a passphrase. It’s unrecoverable, so don’t forget it! It’s best to use a password manager to back up the passphrase.
If you didn’t check the passphrase box in Step 4, you won’t be asked for a passphrase.
- You now have a public and private key! If you want, you can back these up in a separate file somewhere, or you can email/publicly upload your public key.
How to Back Up and View Your Keys
- You can generate a file with your public key in it by right-clicking the key and clicking “Export.” There are several ways to view your public key, but this makes it easy to access it whenever you want, without the need to use Kleopatra.
- Choose where to save the file (it will save as an .asc ASCII file.)
- Open any text-editing app, like Notepad. Any application that supports .asc files will work.
If you’re using Notepad, go to “File” and select “Open.” Navigate to your file to view it. You may need to select “All Files” at the bottom right. Alternately, navigate to your file in File Explorer, right-click it, and select “Open with.” Choose the application you want to use.
- Open the file with your text editor to see your public key! Beautiful, isn’t it?
- You can export your private key by following the same process, except select “Backup secret keys” instead of “Export” in Step 1. Make sure you store this in a safe location or just keep it inside Kleopatra; it’s perfectly accessible there.
These public and private keys can be used with any program that works with PGP, and Kleopatra itself can actually encrypt and decrypt files using your keys. If you want to take them for a test run, try encrypting a text file with your public key and decrypting it with your private key. Use the “Sign/Encrypt” and “Decrypt/Verify” options in Kleopatra.
Frequently Asked Questions
Can I change my passphrase once set?
Yes. You’ll need to know your original passphrase to do so. In Kleopatra, double-click the key you want to change and select “Change Passphrase.” You can also use this option to set a passphrase if you didn’t do so during the creation phase.
How do I revoke a key once created?
If your private key has somehow become public knowledge, you may want to revoke it so it can’t be used to access a file any longer. Double-click the key/certificate you want to revoke and select “Generate Revocation Certificate.” Once you do this, it can’t be undone.So, if you have an encrypted file you need to access with the key, make sure you decrypt it before revoking access. Otherwise, the file will remain encrypted unless you already have a decrypted backup.
How can I safely backup my key(s) once created?
Ideally, you’ll want to store them off your device. This ensures if anyone gains access to your device, they can’t access your keys. Plus, if your device becomes corrupted, you want a backup elsewhere. Consider using a secured USB device or external drive. For extra security, encrypt or password protect the drive.
Can I encrypt files to store in the cloud?
Yes. You can manually encrypt files using the method above. You can also use something specifically designed to encrypt cloud drives, such as Rclone.
Image credit: geralt via Pixabay
Crystal Crowder has spent over 15 years working in the tech industry, first as an IT technician and then as a writer. She works to help teach others how to get the most from their devices, systems, and apps. She stays on top of the latest trends and is always finding solutions to common tech problems.
Subscribe to our newsletter!
Our latest tutorials delivered straight to your inbox
Pretty Good Privacy (PGP) is a security program used to decrypt and encrypt email and authenticate email messages through digital signatures and file encryption. PGP was first designed and developed in 1991 by Paul Zimmerman, a political activist.How do you generate and use PGP? ›
- Open a command shell or DOS prompt.
- On the command line, enter: pgp --gen-key [user ID] --key-type [key type] --bits [bits #] --passphrase [passphrase] ...
- Press "Enter" when the command is complete. ...
- PGP Command line will now generate your keypair.
Is PGP Encryption Secure? PGP encryption is almost impossible to hack. That's why it's still used by entities that send and receive sensitive information, such as journalists and hacktivists. Though PGP encryption cannot be hacked, OpenPGP does have a vulnerability that disrupts PGP encrypted messages when exploited.What are 3 types of PGP? ›
PGP makes use of four types of keys: one-time session symmetric keys, public keys, private keys, passphrase-based symmetric keys. A single user can have multiple public/private key pairs. Each session key is associated with a single message and used only once.What are the 5 principles of PGP? ›
PGP was designed to provide all four aspects of security, i.e., privacy, integrity, authentication, and non-repudiation in the sending of email. PGP uses a digital signature (a combination of hashing and public key encryption) to provide integrity, authentication, and non-repudiation.What are the advantages of PGP? ›
- Your secure emails and messages cannot be penetrated by hackers or infected by email attacks.
- Others cannot recover sensitive messages or files once you have deleted them.
Pretty Good Privacy (PGP) is an encryption system used for both sending encrypted emails and encrypting sensitive files. Since its invention back in 1991, PGP has become the de facto standard for email security.Which encryption method is used in PGP? ›
PGP most often uses either RSA to encrypt its public key, or a method called Diffie-Hellman. Either way, it provides the extra layer of protection that comes from asymmetrical encryption.Does Gmail use PGP? ›
To send a truly secure, private email in Gmail, you have two different options: Use a browser extension. Use manual PGP/GPG encryption.Is PGP the same as RSA? ›
PGP uses the RSA cryptosystem to deliver the session key; it simply encrypts the randomly-generated session key with Bob's public key and then appends the RSA-encrypted session key to the beginning of Alice's session-key-encrypted document.
PGP, Pretty Good Privacy, is a "public key cryptosystem." (Also known as PKC.) In PGP, each person has two "keys": a "public key" that you give to other people, and a "private key" that only you know. You use public keys to encrypt messages and files for others or to add users to PGP Virtual Disk volumes.How do I decrypt a PGP message? ›
Highlight the block of ciphertext. Open the PGP Tray. Select Current Window. Choose Decrypt & Verify.