Pretty Good Privacy or PGP is a popular program used to encrypt and decrypt email over the Internet, as well as authenticate messages with digital signatures and encrypted stored files. 
Download this free guide
5 Ways to Prevent Ransomware: Download Now
Ransomware attacks are not only becoming more common, they're becoming more creative. In this guide, industry expert Kevin Beaver uncovers 5 ways to prevent a ransomware infection through network security.
Start Download
Previously available as freeware and now only available as a low-cost commercial version, PGP was once the most widely used privacy-ensuring program by individuals and is also used by many corporations. It was developed by Philip R. Zimmermann in 1991 and has become a de facto standard for email security.
How PGP works
Pretty Good Privacy uses a variation of the public key system. In this system, each user has an encryption key that is publicly known and a private key that is known only to that user. You encrypt a message you send to someone else using their public key. When they receive it, they decrypt it using their private key. Since encrypting an entire message can be time-consuming, PGP uses a faster encryption algorithm to encrypt the message and then uses the public key to encrypt the shorter key that was used to encrypt the entire message. Both the encrypted message and the short key are sent to the receiver who first uses the receiver's private key to decrypt the short key and then uses that key to decrypt the message.
PGP comes in two public key versions -- Rivest-Shamir-Adleman (RSA) and Diffie-Hellman. The RSA version, for which PGP must pay a license fee to RSA, uses the IDEA algorithm to generate a short key for the entire message and RSA to encrypt the short key. The Diffie-Hellman version uses the CAST algorithm for the short key to encrypt the message and the Diffie-Hellman algorithm to encrypt the short key.
When sending digital signatures, PGP uses an efficient algorithm that generates a hash (a mathematical summary) from the user's name and other signature information. This hash code is then encrypted with the sender's private key. The receiver uses the sender's public key to decrypt the hash code. If it matches the hash code sent as the digital signature for the message, the receiver is sure that the message has arrived securely from the stated sender. PGP's RSA version uses the MD5 algorithm to generate the hash code. PGP's Diffie-Hellman version uses the SHA-1 algorithm to generate the hash code.
Getting PGP
To use Pretty Good Privacy, download or purchase it and install it on your computer system. It typically contains a user interface that works with your customary email program. You may also need to register the public key that your PGP program gives you with a PGP public-key server so that people you exchange messages with will be able to find your public key.
PRO+
Content
Find more PRO+ content and other member only offers, here.
E-Handbook
Get the details on Office 365 advanced security management
E-Handbook
Recent ransomware attacks got you? Don't cry; fight back!
E-Zine
Cloud access security brokers: Hard to tell what's real
PGP freeware is available for older versions of Windows, Mac, DOS, Unix and other operating systems. In 2010, Symantec Corp. acquired PGP Corp., which held the rights to the PGP code, and soon stopped offering a freeware version of the technology. The vendor currently offers PGP technology in a variety of its encryption products, such as Symantec Encryption Desktop, Symantec Desktop Email Encryption and Symantec Encryption Desktop Storage. Symantec also makes the Symantec Encryption Desktop source code available for peer review.
Though Symantec ended PGP freeware, there are other non-proprietary versions of the technology that are available. OpenPGP is an open source version of PGP that's supported by the Internet Engineering Task Force (IETF). OpenPGP is used by several software vendors, including as Coviant Software, which offers a free tool for OpenPGP encryption, and HushMail, which offers a Web-based encrypted email service powered by OpenPGP. In addition, the Free Software Foundation developed GNU Privacy Guard (GPG), an OpenPGG-compliant encryption software.
Where can you use PGP?
Pretty Good Privacy can be used to authenticate digital certificates and encrypt/decrypt texts, emails, files, directories and whole disk partitions. Symantec, for example, offers PGP-based products such as Symantec File Share Encryption for encrypting files shared across a network and Symantec Endpoint Encryption for full disk encryption on desktops, mobile devices and removable storage. In the case of using PGP technology for files and drives instead of messages, the Symantec products allows users to decrypt and re-encrypt data via a single sign-on.
Margaret Rouse asks:
Do open source versions of PGP still serve a useful purpose, or have other encryption methods superseded it?
Join the Discussion
Originally, the U.S. government restricted the exportation of PGP technology and even launched a criminal investigation against Zimmermann for putting the technology in the public domain (the investigation was later dropped). Network Associates Inc. (NAI) acquired Zimmermann's company, PGP Inc., in 1997 and was able to legally publish the source code (NAI later sold the PGP assets and IP to ex-PGP developers that joined together to form PGP Corp. in 2002, which was acquired by Symantec in 2010).
Today, PGP encrypted email can be exchanged with users outside the U.S if you have the correct versions of PGP at both ends.
There are several versions of PGP in use. Add-ons can be purchased that allow backwards compatibility for newer RSA versions with older versions. However, the Diffie-Hellman and RSA versions of PGP do not work with each other since they use different algorithms. There are also a number of technology companies that have released tools or services supporting PGP. Google this year introduced an OpenPGP email encryption plug-in for Chrome, while Yahoo also began offering PGP encryption for its email service.
This was last updated in November 2014
Next Steps
Expert Karen Scarfone provides an in-depth explanation of why enterprises need email encryption technology and reviews the different business cases for protecting emails in transit and storage.
With so many email encryption products available on the market, selecting the right one is a challenge. Read our expert advice on what to look for when evaluating email encryption software and find advice on determining which product is the right fit for your organization.
Continue Reading About Pretty Good Privacy (PGP)
Learn more about encrypting email
Is messaging in symmetric encryption better than PGP email security?
Find out where to get PGP
Discover the difference between PGP and SSL
Get more info on PGP and its history
Related Terms
Advanced Encryption Standard (AES)
The Advanced Encryption Standard, or AES, is a symmetric block cipher used by the U.S. government to protect classified ... See complete definition
email spam
Email spam, or junk email, is unsolicited bulk messages sent through email with commercial, fraudulent or malicious intent. See complete definition
private key (secret key)
A private (secret) key is an encryption key whose value should never be made public. The term may refer to the private key of an ... See complete definition
Dig Deeper on Email Security Guidelines, Encryption and Appliances
ALL
NEWS
GET STARTED
MANAGE
Advanced Encryption Standard (AES)
Internet Key Exchange (IKE)
Cisco brings email security appliances closer to SaaS
Diffie-Hellman key exchange (exponential key exchange)
Load More
Join the conversation 8 comments
Send me notifications when other members comment.
Add My Comment
Oldest
[-] jonla56 - 2 Mar 2014 2:07 PM
If your using PGP can the NSA (Feds) get into your computer and
monitor your emails?
Reply
[-] Margaret Rouse - 24 Nov 2014 10:37 AM
Do open source versions of PGP still serve a useful purpose, or have other encryption methods superseded it?
Reply
[-] Ken Harthun - 11 Dec 2014 12:49 PM
I have always been an advocate of Open Source software; it's the first place I look for solutions. The open source versions of PGP are as valid as they ever were especially as now embraced by Google in their End-to-End email encryption plugin for the Chrome browser, and I see quite a few third-part developers working with it.
Like anything else, open source PGP will evolve and possibly eventually become obsolete; for now, it's alive and well.
Reply
[-] Carlindo - 10 Mar 2016 5:29 PM
Other encryption methods haven't superseded it. However there is a basic fallacy in PGP. By using long key pairs, typically 2048+ bits and passphrases, typically 100+ characters, it gives the user a false sense of protection. The truth is that the key length used to encrypt messages is 256 bits which is NO protection to government agencies sponsored attacks. Such agencies, like NSA, have annual budgets around $10 Billion, enough money to buy enough processing power to break 256 bit keys on a brute force attack.
Reply
[-] abuell - 11 Mar 2016 2:18 PM
Sure, we still use it. It works for our purposes.
Reply
[-] Carlindo - 10 Mar 2016 5:19 PM
Absolutely YES. Although PGP uses 2048+ bit key pairs and 100+ character passphrases, it uses 256 bit keys in the encryption of the message. 256 bit keys are no hurdle to brute force attacks sponsored by NSA. Think about something better if you want to preserve your Constitutional right to privacy.
Reply
[-] Genderhayes - 22 Dec 2016 8:36 PM
You want to send a secret message to Aarav which has a private key put connected public key on web page download public key encrypt the message using it send it that person will decode it cause that person has the corresponding private key
Reply
[-] ajjmatt - 3 Apr 2017 10:51 PM
You must be asymmetrical eleptical cylindrical encrypted to have any hope not having you data opened. It is less complicated if you have end to end hardware or you can do this with the highest level intel processors and time via software. Good luck....
Reply
-ADS BY GOOGLE
Dateiendungen und Dateiformate
ABCDEFGHIJKLMNOPQRSTUVWXYZ#
Gesponsert von:
Latest TechTarget resources
CLOUD SECURITY
NETWORKING
CIO
CONSUMERIZATION
ENTERPRISE DESKTOP
CLOUD COMPUTING
COMPUTER WEEKLY
SearchCloudSecurity
What a CPU cache exploit means for multi-tenant cloud security
Researchers recently proved that it's possible to steal cloud data from a CPU cache. Expert Rob Shapland discusses how this works...
How to ensure a secure data transport of information in the cloud
A secure data transport of information stored in the cloud can be challenging. Expert Frank Siemons explains the options ...
Is a malicious hypervisor a real security threat to enterprises?
It's possible for hackers to use a malicious hypervisor to access data on virtual machines. Expert Ed Moyle discusses how this ...
About UsMeet The EditorsContact UsPrivacy PolicyVideosPhoto StoriesGuidesAdvertisersBusiness PartnersMedia KitCorporate SiteContributorsCPE and CISSP TrainingReprintsArchiveSite MapEventsE-Products
All Rights Reserved, Copyright 2000 - 2017, TechTarget
Download this free guide
5 Ways to Prevent Ransomware: Download Now
Ransomware attacks are not only becoming more common, they're becoming more creative. In this guide, industry expert Kevin Beaver uncovers 5 ways to prevent a ransomware infection through network security.
Start Download
Previously available as freeware and now only available as a low-cost commercial version, PGP was once the most widely used privacy-ensuring program by individuals and is also used by many corporations. It was developed by Philip R. Zimmermann in 1991 and has become a de facto standard for email security.
How PGP works
Pretty Good Privacy uses a variation of the public key system. In this system, each user has an encryption key that is publicly known and a private key that is known only to that user. You encrypt a message you send to someone else using their public key. When they receive it, they decrypt it using their private key. Since encrypting an entire message can be time-consuming, PGP uses a faster encryption algorithm to encrypt the message and then uses the public key to encrypt the shorter key that was used to encrypt the entire message. Both the encrypted message and the short key are sent to the receiver who first uses the receiver's private key to decrypt the short key and then uses that key to decrypt the message.
PGP comes in two public key versions -- Rivest-Shamir-Adleman (RSA) and Diffie-Hellman. The RSA version, for which PGP must pay a license fee to RSA, uses the IDEA algorithm to generate a short key for the entire message and RSA to encrypt the short key. The Diffie-Hellman version uses the CAST algorithm for the short key to encrypt the message and the Diffie-Hellman algorithm to encrypt the short key.
When sending digital signatures, PGP uses an efficient algorithm that generates a hash (a mathematical summary) from the user's name and other signature information. This hash code is then encrypted with the sender's private key. The receiver uses the sender's public key to decrypt the hash code. If it matches the hash code sent as the digital signature for the message, the receiver is sure that the message has arrived securely from the stated sender. PGP's RSA version uses the MD5 algorithm to generate the hash code. PGP's Diffie-Hellman version uses the SHA-1 algorithm to generate the hash code.
Getting PGP
To use Pretty Good Privacy, download or purchase it and install it on your computer system. It typically contains a user interface that works with your customary email program. You may also need to register the public key that your PGP program gives you with a PGP public-key server so that people you exchange messages with will be able to find your public key.
PRO+
Content
Find more PRO+ content and other member only offers, here.
E-Handbook
Get the details on Office 365 advanced security management
E-Handbook
Recent ransomware attacks got you? Don't cry; fight back!
E-Zine
Cloud access security brokers: Hard to tell what's real
PGP freeware is available for older versions of Windows, Mac, DOS, Unix and other operating systems. In 2010, Symantec Corp. acquired PGP Corp., which held the rights to the PGP code, and soon stopped offering a freeware version of the technology. The vendor currently offers PGP technology in a variety of its encryption products, such as Symantec Encryption Desktop, Symantec Desktop Email Encryption and Symantec Encryption Desktop Storage. Symantec also makes the Symantec Encryption Desktop source code available for peer review.
Though Symantec ended PGP freeware, there are other non-proprietary versions of the technology that are available. OpenPGP is an open source version of PGP that's supported by the Internet Engineering Task Force (IETF). OpenPGP is used by several software vendors, including as Coviant Software, which offers a free tool for OpenPGP encryption, and HushMail, which offers a Web-based encrypted email service powered by OpenPGP. In addition, the Free Software Foundation developed GNU Privacy Guard (GPG), an OpenPGG-compliant encryption software.
Where can you use PGP?
Pretty Good Privacy can be used to authenticate digital certificates and encrypt/decrypt texts, emails, files, directories and whole disk partitions. Symantec, for example, offers PGP-based products such as Symantec File Share Encryption for encrypting files shared across a network and Symantec Endpoint Encryption for full disk encryption on desktops, mobile devices and removable storage. In the case of using PGP technology for files and drives instead of messages, the Symantec products allows users to decrypt and re-encrypt data via a single sign-on.
Margaret Rouse asks:
Do open source versions of PGP still serve a useful purpose, or have other encryption methods superseded it?
Join the Discussion
Originally, the U.S. government restricted the exportation of PGP technology and even launched a criminal investigation against Zimmermann for putting the technology in the public domain (the investigation was later dropped). Network Associates Inc. (NAI) acquired Zimmermann's company, PGP Inc., in 1997 and was able to legally publish the source code (NAI later sold the PGP assets and IP to ex-PGP developers that joined together to form PGP Corp. in 2002, which was acquired by Symantec in 2010).
Today, PGP encrypted email can be exchanged with users outside the U.S if you have the correct versions of PGP at both ends.
There are several versions of PGP in use. Add-ons can be purchased that allow backwards compatibility for newer RSA versions with older versions. However, the Diffie-Hellman and RSA versions of PGP do not work with each other since they use different algorithms. There are also a number of technology companies that have released tools or services supporting PGP. Google this year introduced an OpenPGP email encryption plug-in for Chrome, while Yahoo also began offering PGP encryption for its email service.
This was last updated in November 2014
Next Steps
Expert Karen Scarfone provides an in-depth explanation of why enterprises need email encryption technology and reviews the different business cases for protecting emails in transit and storage.
With so many email encryption products available on the market, selecting the right one is a challenge. Read our expert advice on what to look for when evaluating email encryption software and find advice on determining which product is the right fit for your organization.
Continue Reading About Pretty Good Privacy (PGP)
Learn more about encrypting email
Is messaging in symmetric encryption better than PGP email security?
Find out where to get PGP
Discover the difference between PGP and SSL
Get more info on PGP and its history
Related Terms
Advanced Encryption Standard (AES)
The Advanced Encryption Standard, or AES, is a symmetric block cipher used by the U.S. government to protect classified ... See complete definition
email spam
Email spam, or junk email, is unsolicited bulk messages sent through email with commercial, fraudulent or malicious intent. See complete definition
private key (secret key)
A private (secret) key is an encryption key whose value should never be made public. The term may refer to the private key of an ... See complete definition
Dig Deeper on Email Security Guidelines, Encryption and Appliances
ALL
NEWS
GET STARTED
MANAGE
Advanced Encryption Standard (AES)
Internet Key Exchange (IKE)
Cisco brings email security appliances closer to SaaS
Diffie-Hellman key exchange (exponential key exchange)
Load More
Join the conversation 8 comments
Send me notifications when other members comment.
Add My Comment
Oldest
[-] jonla56 - 2 Mar 2014 2:07 PM
If your using PGP can the NSA (Feds) get into your computer and
monitor your emails?
Reply
[-] Margaret Rouse - 24 Nov 2014 10:37 AM
Do open source versions of PGP still serve a useful purpose, or have other encryption methods superseded it?
Reply
[-] Ken Harthun - 11 Dec 2014 12:49 PM
I have always been an advocate of Open Source software; it's the first place I look for solutions. The open source versions of PGP are as valid as they ever were especially as now embraced by Google in their End-to-End email encryption plugin for the Chrome browser, and I see quite a few third-part developers working with it.
Like anything else, open source PGP will evolve and possibly eventually become obsolete; for now, it's alive and well.
Reply
[-] Carlindo - 10 Mar 2016 5:29 PM
Other encryption methods haven't superseded it. However there is a basic fallacy in PGP. By using long key pairs, typically 2048+ bits and passphrases, typically 100+ characters, it gives the user a false sense of protection. The truth is that the key length used to encrypt messages is 256 bits which is NO protection to government agencies sponsored attacks. Such agencies, like NSA, have annual budgets around $10 Billion, enough money to buy enough processing power to break 256 bit keys on a brute force attack.
Reply
[-] abuell - 11 Mar 2016 2:18 PM
Sure, we still use it. It works for our purposes.
Reply
[-] Carlindo - 10 Mar 2016 5:19 PM
Absolutely YES. Although PGP uses 2048+ bit key pairs and 100+ character passphrases, it uses 256 bit keys in the encryption of the message. 256 bit keys are no hurdle to brute force attacks sponsored by NSA. Think about something better if you want to preserve your Constitutional right to privacy.
Reply
[-] Genderhayes - 22 Dec 2016 8:36 PM
You want to send a secret message to Aarav which has a private key put connected public key on web page download public key encrypt the message using it send it that person will decode it cause that person has the corresponding private key
Reply
[-] ajjmatt - 3 Apr 2017 10:51 PM
You must be asymmetrical eleptical cylindrical encrypted to have any hope not having you data opened. It is less complicated if you have end to end hardware or you can do this with the highest level intel processors and time via software. Good luck....
Reply
-ADS BY GOOGLE
Dateiendungen und Dateiformate
ABCDEFGHIJKLMNOPQRSTUVWXYZ#
Gesponsert von:
Latest TechTarget resources
CLOUD SECURITY
NETWORKING
CIO
CONSUMERIZATION
ENTERPRISE DESKTOP
CLOUD COMPUTING
COMPUTER WEEKLY
SearchCloudSecurity
What a CPU cache exploit means for multi-tenant cloud security
Researchers recently proved that it's possible to steal cloud data from a CPU cache. Expert Rob Shapland discusses how this works...
How to ensure a secure data transport of information in the cloud
A secure data transport of information stored in the cloud can be challenging. Expert Frank Siemons explains the options ...
Is a malicious hypervisor a real security threat to enterprises?
It's possible for hackers to use a malicious hypervisor to access data on virtual machines. Expert Ed Moyle discusses how this ...
About UsMeet The EditorsContact UsPrivacy PolicyVideosPhoto StoriesGuidesAdvertisersBusiness PartnersMedia KitCorporate SiteContributorsCPE and CISSP TrainingReprintsArchiveSite MapEventsE-Products
All Rights Reserved, Copyright 2000 - 2017, TechTarget
No comments:
Post a Comment