Pretty Good Privacy

Rachiyta JainCyber Forensics, Cyber Security

PGP stands for Pretty Good Privacy. It is an encryption and decryption standard used widely these days. This post will tell you what exactly a PGP is and how it works. In my next post I will tell you how to set up a PGP. PGP is also called hybridcryptography as it makes use of hashing, data compression, symmetric key and public key cryptography. Developed in 1991 by Phil Zimmerman, PGP is used for encrypting and decrypting texts, emails, directories, files and whole disk partitions. It is implemented in authentication of digital signatures too.

A common question that pops in every human mind is what makes PGP better than others? When a hacker tries to do cryptanalysis[1] he notices the pattern of the encrypted text. PGP compresses the data making it impossible to study the correct patterns. Compressing the data also reduces the size thus making it easier and faster to transport the data. A session key is generated after this based on your pattern of keyboard and mouse movements. It is a onetime key and unique to all. This session key is used to encrypt the compressed data. After this the session key that was used is encrypted using RSA algorithm. For this encryption the receiver’s public key is used. The encrypted data and key is then sent to the receiver. This is the encryption process.

PGP

The decryption is an exactly similar process following a reverse approach. The receiver receives this and uses its private key to decrypt the session key. This session key is then used to decrypt the encrypted ciphertext. The convenience of public key encryption along with speed of conventional key encryption makes PGP stand out without compromising on security.

PGP was not Open Source and was subjected to patent issues. Zimmerman convinced IETFT[2] and it soon set an OpenPgp standard and opened an OpenPGP Work Group. Today there are several developers and companies developing their unique PGP based on these standard which are proving beneficial for the society.

[1] trying to study the encrypted data

[2]Internet Engineering Task Force