Pretty Good Privacy (PGP) is an encryption system used for both sending encrypted emails and encrypting sensitive files. Since its invention back in 1991, PGP has become the de facto standard for email security.
The popularity of PGP is based on two factors. The first is that the system was originally available as freeware, and so spread rapidly among users who wanted an extra level of security for their email messages. The second is that since PGP uses both symmetric encryption and public-key encryption, it allows users who have never met to send encrypted messages to each other without exchanging private encryption keys.
If you want to improve the security of your email messages, PGP offers a relatively easy and cost-effective way to do this. In this guide, well show you how.
PGP shares some features with other encryption systems you may have heard of, like Kerberos encryption (which is used to authenticate network users) and SSL encryption (which is used to secure websites).
At a basic level, PGP encryption uses a combination of two forms of encryption: symmetric key encryption, and public-key encryption.
In order to understand how PGP works, its useful to look at a diagram:
The mathematics behind encryption can get pretty complex (though you can take a look at the math if you like), so here well stick to the basic concepts. At the highest level, this is how PGP encryption works:
This might seem like a strange way to do things. Why would we encrypt the encryption key itself?
Well, the answer is pretty simple. Public key cryptography is much, much slower than symmetric encryption (where both the sender and recipient have the same key). Using symmetric encryption requires, though, that a sender share the encryption key with the recipient in plain text, and this would be insecure. So by encrypting the symmetric key using the (asymmetric) public-key system, PGP combines the efficiency of symmetric encryption with the security of public-key cryptography.
In practice, sending a message encrypted with PGP is simpler than the above explanation makes it sound. Lets take a look at ProtonMail as an example.
ProtonMail natively supports PGP, and all you have to do to encrypt your email is to select Sign Mail. You will see a padlock icon on the subject line of their emails. The email will look like this (the email addresses have been blurred for privacy reasons):
ProtonMail like most email clients that offer PGP hides all of the complexity of the encryption and decryption of the message. If you are communicating to users outside of ProtonMail, you need to send them your public key first.
And so, although the message was sent securely, the recipient does not have to worry about the complexities of how this was done.
There are, essentially, three main uses of PGP:
Of these three uses, the first sending secure email is by far the dominant application of PGP. But lets take a brief look at all three
As in the example above, most people use PGP to send encrypted emails. In the early years of PGP, it was mainly used by activists, journalists, and other people who deal with sensitive information. The PGP system was originally designed, in fact, by a peace and political activist named Phil Zimmermann, who recently joined Startpage, one of the most popular private search engines.
Today, the popularity of PGP has grown significantly. As more users have realized just how much information corporations and their governments are collecting on them, huge numbers of people now use the standard to keep their private information private.
A related use of PGP is that it can be used for email verification. If a journalist is unsure about the identity of a person sending them a message, for instance, they can use a Digital Signature alongside PGP to verify this.
Digital signatures work by using an algorithm to combine the senders key with the data they are sending. This generates a hash function, another algorithm that can convert a message to a block of data of fixed size. This is then encrypted using the senders private key.
The recipient of the message can then decrypt this data using the senders public key. If even one character of the message has been changed in transit, the recipient will know. This can indicate either the sender is not who they say they are, that they have tried to fake a Digital Signature, or that the message has been tampered with.
PGP is great for small tasks but to protect a network of data you need more. Varonis helps organizations secure their data across file servers, SaaS apps and source control systems. Find out more now.
A third use of PGP is to encrypt files. Because the algorithm used by PGP normally the RSA algorithm is essentially unbreakable, PGP offers a highly secure way of encrypting files at rest, especially when used alongside a Threat Detection and Response Solution. In fact, this algorithm is so secure that it has even been used in high-profile malware such as the CryptoLocker malware.
Back in 2010, Symantec acquired PGP Corp., which held the rights for the PGP system. Since then, Symantec has become the dominant vendor of PGP file-encryption software through such products as Symantec Encryption Desktop and Symantec Encryption Desktop Storage. This software offers PGP encryption for all your files, whilst also hiding the complexities of encryption and decryption processes.
Whether you need to use PGP encryption will depend on how secure you want your communications (or files) to be. As with any privacy or security software, using PGP requires that you do a little more work when sending and receiving messages, but can also dramatically improve the resilience of your systems to attack.
Lets take a closer look.
The major pro of PGP encryption is that it is essentially unbreakable. Thats why it is still used by journalists and activists, and why it is often regarded as the best way of improving cloud security. In short, it is essentially impossible for anyone be they a hacker or even the NSA to break PGP encryption.
Though there have been some news stories that point out security flaws in some implementations of PGP, such as the Efail vulnerability, its important to recognize that PGP itself is still very secure.
The biggest con of PGP encryption is that it is not that user-friendly. This is changing thanks to off-the-shelf solutions that we will come to shortly but using PGP can add significant extra work and time to your daily schedule. In addition, those using the system need to be aware of how it works, in case they introduce security holes by using it incorrectly. This means that businesses considering a move to PGP will need to provide training.
For that reason, many businesses might want to consider alternatives. There are encrypted messaging apps like Signal, for instance, that offer encryption that is more straightforward to use. In terms of storing data, anonymisation can be a good alternative to encryption and can be a more efficient use of resources.
Finally, you should be aware that PGP encrypts your messages, but it doesnt make you anonymous. Unlike anonymous browsers using proxy servers or working through a VPN to hide your true location, emails sent through PGP can be traced to a sender and recipient. Their subject lines are not encrypted either, so you shouldnt put any sensitive information there.
In the vast majority of cases, setting up PGP encryption involves downloading an add-on for your email program, and then following the installation instructions. There are add-ons like this available for Thunderbird, Outlook, and Apple Mail, and we will describe these below. In recent years we have also seen the emergence of a number of online email systems that include PGP by default (the most famous being ProtonMail).
For those of you looking to use PGP to encrypt your files, there are a number of large-scale software solutions available. Symantec, for example, offers PGP-based products such as Symantec File Share Encryption for encrypting files shared across a network and Symantec Endpoint Encryption for full disk encryption on desktops, mobile devices and removable storage.
If you are looking to start using PGP encryption, this will normally involve downloading a piece of software that automates the process of encryption and decryption. There are a number of different products available to do this, but you should be aware of what to look for.
Depending on why you are using PGP, and how often you need to use it, there are several different approaches to setting it up. In this section we will focus on what most users will need from PGP secure email rather than encrypted file storage, which is a more complex issue. Here, then, are five solutions for implementing PGP on your home or business networks.
Gpg4o is one of the most popular PGP solutions for Windows users and aims to integrate seamlessly with Outlook 2010 2016.
The standard implementation of PGP encryption for Mac users is GPGTools, which is a suite of software that offers encryption for all areas of your Mac system.
As with the tools above, Enigmail was designed to integrate with a specific email client, in this case, Thunderbird.
ProtonMail was one of the first secure email providers and remains one of the most popular. Unlike the solutions above, ProtonMail operates through a web portal, meaning that it is easily separable from your everyday inbox.
Lastly is FairEmail, which extends PGP encryption to Android phones. This is a stand-alone email app that is free to use.
Even after the explanation above, you may still have some questions. Here are the answers to the most commonly asked questions about PGP.
A: Yes. Though PGP is now more than 20 years old, there have been no vulnerabilities found in the basic implementation of the system. That said, encrypting your emails is not sufficient for total security, and you should always use PGP in combination with a full cybersecurity suite that includes threat detection software.
A: PGP uses a combination of symmetric and public-key cryptography to provide users with a secure way to send messages to each other.
A: The best PGP software will depend on your needs. Most people dont need to encrypt all of their emails, and so for most people a web-based PGP email provider will be the best solution. That said, if you are frequently sending emails that need to be encrypted, you can consider downloading a PGP add-on for your standard email client.
A: It depends. If you are storing customer information, the answer is yes. Encrypting your personal files is not a necessity, but can dramatically improve your defenses against a cyberattack. Encryption software based on PGP is generally some of the easiest to work with, and is a good place to start when it comes to encrypting your files.
PGP encryption can be a powerful tool in protecting your data, your privacy, and your security. It provides you with a relatively easy, completely secure method of sending emails, and also allows you to verify the identity of the people you are communicating with. Because PGP add-ons are also available for most major email clients, this form of encryption is generally easy to implement.
All this said, secure email is only one aspect of cybersecurity. You should ensure that, in addition to PGP, you also use a robust data security platform and Data Loss Prevention software. Making use of as wide a range of tools as possible is the best way to ensure your privacy and security.
More:
What is PGP Encryption and How Does It Work? - Varonis
- Elon Musk weighs in on the encryption wars between Telegram and Signal - Business Insider - May 15th, 2024
- Microsoft to Make BitLocker Encryption the Default in Next Windows 11 Build - ExtremeTech - May 15th, 2024
- Encryption toolkit for media makers: An introduction - Freedom of the Press Foundation - May 15th, 2024
- Which is it, RPD? Shooting, Disorderly, Or Encryption and Lies? - Rockford Scanner - May 15th, 2024
- Windows 11 Will Enable Encryption by Default During Installation - 80.lv - May 15th, 2024
- Apple and encryption services Wire and Proton have provided information on activists at the request of police - GIGAZINE - May 15th, 2024
- End-to-end encryption may be the bane of cops, but they can't close that Pandora's Box - The Register - May 6th, 2024
- Microsoft breaks VPN encryption in Windows 11 and Windows 10 - GB News - May 6th, 2024
- Marriott admits it falsely claimed for five years it was using encryption during 2018 breach - CSO Online - May 6th, 2024
- Marriott admits it wasn't using encryption before major 2018 hack - TechRadar - May 6th, 2024
- WhatsApp could leave India over encryption battle - Rest of World - May 6th, 2024
- Encryption: The Cornerstone Of Cryptocurrencies | MENAFN.COM - MENAFN.COM - May 6th, 2024
- Quantum-proofing passwords and artwork with DNA encryption - Advanced Science News - May 6th, 2024
- News: Encryption and encrypted passwords in the world of blockchain and crypto - Bitfinex - May 6th, 2024
- Banking Encryption Software Market to Reach USD 11.50 Bn by 2029, at a CAGR of 9.2 percent As Revealed In N... - WhaTech - May 6th, 2024
- ETtech Explainer: WhatsApp's standoff with Centre over end-to-end encryption - The Economic Times - May 6th, 2024
- Explained: Why WhatsApp is willing to leave India over encryption - MSN - May 6th, 2024
- The Future of End-to-End Encryption May Get Decided This Week in Nevada | TechPolicy.Press - Tech Policy Press - March 13th, 2024
- What is fully homomorphic encryption and how will it change blockchain? - Blockworks - March 13th, 2024
- Zamas homomorphic encryption tech lands it $73M on a valuation of nearly $400M - TechCrunch - March 13th, 2024
- WhatsApp encryption status might appear at the top of chats - BGR - March 13th, 2024
- TELCLOUD Teams With CyberProtonics to Add Quantum Encryption Security Technology on All POTS Line Phone ... - Business Wire - March 13th, 2024
- WhatsApp Clears Up Confusion Over Encryption With A Handy New Chat Label - Hot Hardware - March 13th, 2024
- WhatsApp Now Offers Encryption Label At The Top Of Your Chat Window: What It Means - News18 - March 13th, 2024
- WhatsApp update: An encryption indicator for chats is in the works, says report - HT Tech - March 13th, 2024
- Navigating an evolving landscape of threats and the rise of the encryption-less data breach - iTWire - March 13th, 2024
- Quantum Cryptography and Encryption Market Size, Growing Demand and Trends 2023 to 2030 - WhaTech - March 13th, 2024
- WhatsApp wants to 'show off' its end-to-end encryption feature to users - The Times of India - March 13th, 2024
- Disk Encryption Software Market Report Probes the Size, Share, Competitive Landscape and Trend Analysis - WhaTech - March 13th, 2024
- Signal President Meredith Whittaker Warns Against Encryption Threats and Tech Accountability Misuse - BNN Breaking - March 5th, 2024
- Shiba Inu Implements State-of-the-Art Encryption to Enhance Privacy & Security for Users and Developers - The Defiant - DeFi News - March 5th, 2024
- NYPD shows no sign of reversing Staten Island police radio encryption, but state legislation could change that - SILive.com - March 5th, 2024
- BitLocker encryption broken in 43 seconds with sub-$10 Raspberry Pi Pico key can be sniffed when using an ... - Tom's Hardware - February 9th, 2024
- BitLocker's Encryption Is Broken, But It's Still Not Time to Switch - MUO - MakeUseOf - February 9th, 2024
- Breaking Bitlocker: Watch Microsoft's Windows disk encryption being bypassed in just 43 seconds - BetaNews - February 9th, 2024
- Microsoft BitLocker encryption hacked by a cheap off-the-shelf Raspberry Pi Pico - ReadWrite - February 9th, 2024
- Web3 Foundation Announces Grant Funding for Creation of On-Chain Randomness and Timelock Encryption ... - StartupHub.ai - February 9th, 2024
- BitLocker Gets Pi All Over It's Face As A Pico Cracks The Encryption Key - PC Perspective - February 9th, 2024
- The Dawn Of Quantum Computing In Finance: Revolutionizing Data Analysis And Encryption, According To Investor ... - Global Banking And Finance Review - February 9th, 2024
- Cryptographic storage is a secure way to store data using encryption and other security measures. - Medium - February 1st, 2024
- Senator proposes new encryption provision in bill against online child exploitation - The Record from Recorded Future News - February 1st, 2024
- Email Encryption Market is Expected to Reach US$ 20.7 Billion by 2032: IMARC Group - EIN News - February 1st, 2024
- EU: Open letter on security-cloaked threats to encryption - ARTICLE 19 - Article 19 - January 15th, 2024
- Mind Network: Revolutionizing Web3 Security and Privacy with Fully Homomorphic Encryption - BSC NEWS - January 15th, 2024
- What Is Encryption? Definition, How it Works, & Examples - eSecurityPlanet - January 7th, 2024
- What Is Encryption? - Definition, Types & More | Proofpoint US - January 7th, 2024
- Encryption, Its Algorithms And Its Future - GeeksforGeeks - January 7th, 2024
- End-to-end encryption: What it is, how it works, and why you need it - The Indian Express - January 7th, 2024
- What Is Encryption and Why It's Important for Cybersecurity - devmio - January 7th, 2024
- Quantum Quandary: Navigating the Path to Unbreakable Encryption - Security Boulevard - January 7th, 2024
- What is Encryption and how does it work? | OpenText - December 20th, 2023
- The police scanner is fading away due to the move to encryption communication - Kankakee Daily Journal - December 20th, 2023
- EAGLYS, Mitsui, and Quantinuum Partner on Hardened Encryption Keys Using Quantum Computing - Quantum Computing Report - December 20th, 2023
- Meta rolls out default end-to-end encryption for its 1 billion users. Here's what to know - The European Sting - December 20th, 2023
- Messenger finally gets end-to-end encryption by default - The Verge - December 11th, 2023
- Meta Announces End-to-End Encryption by Default in Messenger - EFF - December 11th, 2023
- Why It Took Meta 7 Years to Turn on End-to-End Encryption for All Chats - WIRED - December 11th, 2023
- Meta to expand encryption on Messenger making it similar to WhatsApp - CNBC - December 11th, 2023
- Default end-to-end encryption introduced in Messenger - SC Media - December 11th, 2023
- Meta Launches Default End-to-End Encryption for Chats and Calls on Messenger - The Hacker News - December 11th, 2023
- Encryption: It's Not About Good and Bad Guys, It's About All of Us - Center for European Policy Analysis - December 11th, 2023
- Default end-to-end encryption is finally coming to Messenger and Facebook - Popular Science - December 11th, 2023
- Lack of Encryption the Primary Reason for Sensitive Data Loss - Business Wire - December 11th, 2023
- Facebook Messenger end-to-end encryption is finally here - BGR - December 11th, 2023
- Facebook Messenger Now Uses End-to-End Encryption by Default - How-To Geek - December 11th, 2023
- What does end-to-end encryption on Facebook and Messenger mean for users? - The National - December 11th, 2023
- Meta starts adding controversial encryption to Facebook and Messenger chats - The Independent - December 11th, 2023
- The Quantum Computing Threat to Encryption and Cybersecurity - Medium - December 11th, 2023
- Meta adds end-to-end encryption to Messenger and Facebook. Details here | Mint - Mint - December 11th, 2023
- AI and Quantum Computing Threaten Encryption and Data Security - Security Boulevard - December 11th, 2023
- End-to-end encryption in Facebook Messenger will now work by default - Mezha.Media - December 11th, 2023
- Equiniti Announces Partnership with Beyond Encryption to Strengthen its Secure Digital Communications - Global Banking And Finance Review - November 17th, 2023
- Bluefin, The Payments Fintech Focused On PCI-Validated Encryption And Tokenization Technologies, Partners - Crowdfund Insider - October 27th, 2023
- Cryptography | NIST - National Institute of Standards and Technology - October 16th, 2023
- What Is Encryption? - Internet Society - October 16th, 2023
- How to Encrypt Files, Folders and Drives on Windows | TechSpot - May 3rd, 2023
- What Is Encryption, and How Does It Work? - How-To Geek - May 3rd, 2023
- What Is Encryption? | Definition + How It Works | Norton - January 30th, 2023
- What is Encryption and How Does it Work? - TechTarget - January 22nd, 2023
- Now you can enable end-to-end encryption in Instagram chats: Heres how | Mint - Mint - December 28th, 2022