How PGP Works
So, how does it work? Lets first look at the common cryptography example of person A and person B. Person A wants to send a message to person B, however, there is a third party in the way, person C. Person C wants to see the message that person A is trying to send privately to person B, so person C intercepts the message before it gets to person B, reads it, then sends it back on its way. With PGP we can prevent person C from reading the message, even if they get a hold of the message. In this situation, both person A and person B have a private and public key. They’ve agreed they want to exchange messages, and both share their public keys with each other. Person A creates another key called a session key, which is never used again after the message is decrypted by person B. The message is encrypted using this session key. This session key is then also encrypted using person B’s public key so that they will be able to decrypt the message once they receive the encrypted session key and message. The session key and message is sent, and person C intercepts both. However, person C only has an encrypted session key and doesn’t have the means to decrypt the key. So, person C has to send on the message without having read it. Once person B receives the session key and message, they decrypt the session key using their private key and use the session key to decrypt the message. This method allows messages to be sent between two parties without a potential third party interfering.
How PGP Is Used
There are many different ways PGP is implemented into private messaging. Commonly, people will download a program that generates the appropriate keys. Once these keys are generated they’ll save their private key in a secure area, and share their public key with whoever they want to communicate with.
Signing Messages
You can use PGP to sign messages, which prove the authenticity of the message being received. This method is solely to prove who the sender of the message is. It’s like an electronic signature. It proves that the message could only possibly come from you. This works similarly to the above example. However, instead of the entire message being encrypted, person A would sign their message using their private key. Person B would then use person A’s public key to check that the message was sent from them.
Encrypting Messages
Many email services use PGP as a way to encrypt emails being sent through their platform. One commonly thought of email service that relies heavily on PGP is ProtonMail. They claim that PGP is the “backbone” of their services. This is done using the method explained in the first half of this article.
The Future Of PGP
Although not many people use PGP to verify messages casually, it’a commonly used medium of sending sensitive information securely. Recently, however, vulnerabilities in this encryption method have come to light. With PGP having the potential to not be as secure as it used to be, and it’s difficult to use, people are moving to other methods of secure communication. There are multiple articles on this site that discuss secure messaging systems, which is what most people are moving to instead of PGP based systems. Apps such as Signal and Whatsapp are good examples of secure messaging apps you can use to send sensitive information. Now that you understand what exactly PGP is and how it works, you may be able to understand why it’s not an incredibly effective system. Many people that use PGP don’t use it correctly (as there are many steps to take to use it properly). Also, if the wrong person gets a key they shouldn’t have access to, it can defeat the entire purpose. In the end, it’s all about being safe and making sure any sensitive information is sent securely. Be safe out there!