- PGP, or Pretty Good Privacy, is a digital information encryption program created by Phil Zimmerman in 1991. PGP works by creating two encryption keys, one public and one private, which the sender and receiver use interchangeably to encode and decode messages sent between each other. The system is very effective, easy to use, and you can download it for free (see Resources section).
- Encryption is the process of encoding messages to conceal their original meaning. An encryption key is a block of different letters and numbers used to encrypt and decrypt messages. Without an encryption key, the message is just a bunch of gibberish. Therefore, if someone wanted to spy on you and read your encrypted emails, he or she would see just a garbled mess. This makes PGP a perfect technology for the information-flooded Internet.
- PGP creates two keys. One is the public key, which encrypts messages. The other is the private key, which decrypts messages. You can decrypt any messages created using your public key only by using your corresponding private key.
- To better comprehend how PGP works, consider the following example: Kelly and John want to communicate using email messages, and they will use PGP encryption to keep their communications secure. The first thing they do is provide each other with a copy of their public keys. Now Kelly will use her public key and John's public key to create a session key. This session key attaches to the email to John. John then uses his private key to decode the message that Kelly sent him. The PGP software knows that the email is for John because Kelly used his public key to encrypt it. This is why he is able to decode the message. If John wants to respond to Kelly, he just follows the same steps as she did.
- PGP's strength is not due to the secrecy of how it creates the keys; it is because the keys themselves are incredibly complex and extensive. In order for a hacker to decipher the private key of the intended message's recipient, he must use a brute-force attack. That means he has a software program to try every possible combination of letters and numbers until it successfully deciphers the key. With PGP, the amount of possible combinations is so astronomically high that the hacking process would take way too much time. The time spent trying to hack a PGP key greatly outweighs the reward of successfully doing so.
