In 1991, Phil Zimmermann created Pretty Good Privacy (PGP), a cryptographic program that first provided the average person with near-military-grade encryption. Over time, the PGP source code was released, and eventually the open standard, OpenPGP, was born. This paved the way for many open source products that still offer some of the best cryptography available.
Who Should Use OpenPGP
Throughout the history of PGP and encryption in general, there have been countless critics promoting the theory that only those who hide something nefarious have a reason to use such strong encryption. In fact, shortly after its initial development, Zimmermann came under investigation by the US government when PGP went outside the US, violating laws prohibiting the export of such powerful encryption.
In fact, there are many reasons a person should use encryption, especially in the context of digital communications. While many people consider email to be relatively private and secure, with few exceptions, nothing could be further from the truth.
Email is more like a postcard than a private sealed letter. Just like a postcard travels through several warehouses, post offices, mail trucks, and individual hands – with an obvious message – an email travels through many separate servers on its way from sender to final recipient.
Along the way, an unscrupulous server operator could view the contents of such letters, while neither the sender nor the recipient knew that their confidentiality was violated.
While it’s not a big deal when you share a video of a cute pet or your favorite new recipe, the stakes are much higher when family members discuss financial or health issues, a manager discusses internal corporate policies, a programmer shares source code with another developer. or any number of legal situations where it is important to be able to communicate and share information or even files in a secure and confidential manner.
It is these situations that make OpenPGP an essential tool for anyone concerned with privacy and security.
How it works
At its core, OpenPGP is a public key cryptography system. This type of cryptography uses a public / private key pair to encrypt and decrypt data. With public key cryptography, after data is encrypted with the public key, only the corresponding private key can decrypt it.
When you first install the OpenPGP client, you will be prompted to create a set of key pairs and upload your public key to key servers so people can search for it by your name or associated email address.
In addition, OpenPGP also helps people verify the authenticity and integrity of a message or encrypted file thanks to the included digital signature. Many software companies will include a PGP digital signature along with their software installer so that customers can verify the integrity of the downloaded file and make sure it hasn’t been tampered with or tampered with to include malicious code.
How to use it
Despite the value of OpenPGP, the only thing holding back its widespread adoption is its ease of use. As with many other powerful apps, its entry threshold can be higher than many users want to deal with.
While there are many OpenPGP clients out there – much more than this article can cover – the steps below should provide a general guide to installing and using OpenPGP.
When downloading an OpenPGP client, the first step is to decide whether to download the commercial PGP from Symantec or use one of the free open source clients.
Typically, a commercial application offers the most streamlined and flawless interface with options for Mac, Windows, and iOS, while open source clients add Linux and Android support, not to mention they are free.
Create the keys
The next step is to create your public / private keys. You will be prompted for your name and email address, and the password that you will enter to encrypt and decrypt data.
While there are several algorithm options to use for generating keys, for most people, choosing the default RSA algorithm for both signing and encryption is the best option. The larger the key size, the stronger the encryption. At the time of publication, 2048-bit keys have been factorized or cracked, although the resources required were far beyond practical, so a 2048-bit key is still suitable for moderate security requirements.
Since a 4096-bit key is almost exponentially stronger than a 2048-bit key, a 4096-bit key is considered unbreakable for the foreseeable future.
Load the key
Download the key
After creating your keys, the next step is to upload your public key so that other people can find it. Once your key is downloaded, anyone with an OpenPGP client can look up your key from your email address and use it to encrypt emails and files that only you can open.
You can also send your public key directly to people you regularly communicate with so they can use it to encrypt files and emails destined for you.
Integration with your email application
Integration with your email application
Since email encryption is one of the primary uses of OpenPGP encryption, the next step is to integrate with your email program of choice. Many packages, such as the GPG Suite by GPGTools, automatically install the plug-in for popular email clients including Apple Mail, Microsoft Outlook, or Mozilla Thunderbird.
When you send email to someone whose PGP key you have, your OpenPGP software must provide the ability to encrypt and / or sign the email. Likewise, when you receive an email encrypted with your public key, the program will prompt you to decrypt the message.
Without a doubt, OpenPGP encryption is a powerful tool for both consumers and professionals. While the learning curve may be a little steeper than many people are used to, the benefits are well worth it.
Whether it’s a journalist working in a dangerous environment, a businessman discussing confidential internal policies, developers sharing code, or family members sending each other personal information via email, OpenPGP provides its users with the peace of mind that comes with near-military-grade encryption.