PGP provides cryptographic privacy and authentication when communicating or transferring data over the Internet. How does it do so? By using public-key cryptography, symmetric-key cryptography and digital signatures.
We share a lot of data in our daily lives, both professionally and personally, and privacy is a top priority. On this matter, PGP is one the most widely used encryption systems worldwide. Let’s see what PGP is and how it can help improve data protection and privacy on the Internet.
What is PGP encryption?
PGP or Pretty Good Privacy is an encryption software combining data compression, hashing, symmetric-key cryptography and public-key cryptography. PGP was developed and published by Philip Zimmermann, a North American computer scientist and cryptographer, in 1991. It was initially made available for download via public FTP, before going international via the Internet.
PGP provides cryptographic authentication and privacy for data communication and transfer. It also supports digital signatures; message authentication — to verify the sender — and integrity checking — to verify that the message has not been altered.
Symmetric-key and public-key encryption
In symmetric-key encryption, both the sender and the recipient have the same key. However, when sending the encryption key between them, the symmetric key must be encrypted using an asymmetric or public-key cryptography system.
Using PGP, data is encrypted so that it can only be decrypted using a public key, which is associated with a username or email address. When PGP compresses the data, a random private key is automatically generated. This public-private key pair keeps data safe, as data can only be decrypted using the private key matching the public key. Although it might seem complex, many current email applications offering PGP make the encryption and decryption process simpler for users.
If you are interested in public-key authentication, our guide to set up SSH keys on Linux might also be helpful.
What is PGP encryption used for?
PGP encryption is used for:
- Signing, encrypting and decrypting texts, emails, files, directories, etc.
- Increasing security in email communications.
- Digitally signing messages as a way of verifying its authenticity.
- Generating website security certificates.
Due to the importance of PGP encryption, in 1997, the Internet Engineering Task Force (IETF) started a working group to create the OpenPGP standard.
OpenPGP: email encryption standard
OpenPGP is a non-proprietary format for authenticating and encrypting data, and an open email encryption standard, based on the PGP software. It combines symmetric-key cryptography and public-key cryptography to provide security services for communications and data storage.
OpenPGP is available for all major platforms — GNU/Linux, Windows, Mac OS, Android and iOS. It is used for:
- Email communications and messages encryption.
- Identity verification using digital signatures.
- Passwords management.
GPG or GNU Privacy Guard
GPG, GnuPG or GNU Privacy Guard is a free-software encryption program. It is a complete implementation of the OpenPGP standard, compliant with the RFC 4880 standard. As OpenPGP, GNU Privacy Guard combines symmetric-key cryptography and public-key cryptography. GnuPG is part of the GNU Project and available under the GNU General Public License. It was originally developed by Werner Koch, a German free-software developer.
Versions of GNU Privacy Guard
|GnuPG 1.0||September 1999|
|GnuPG 1.2||September 2002|
|GnuPG 1.4 (Legacy version)||December 2004|
|GnuPG 2.0||November 2006|
|GnuPG 2.2 (LTS version)||November 2014|
|GnuPG 2.2.21||July 2020|
|GnuPG 2.2.22||August 2020|
|GnuPG 2.2.23||September 2020|
|GnuPG 2.2.24||November 2020|
|GnuPG 2.2.25||November 2020|
|GnuPG 2.2.26||December 2020|
|GnuPG 2.2.27||January 2021|
|GnuPG 2.2.33 (LTS version)||November 2021|
|GnuPG 2.3.0||April 2021|
|GnuPG 2.3.1||April 2021|
|GnuPG 2.3.2||August 2021|
|GnuPG 2.3.3||October 2021|
|GnuPG 2.3.4 (Stable version)||December 2021|