IT Security Outsourced IT

Pretty Good Privacy Encryption

What is Pretty Good Privacy Encryption?

Pretty Good Privacy (PGP) is a security program used to decrypt and encrypt email and authenticate email messages through digital signatures and file encryption. PGP was one of the first public-key cryptography software applications that was publicly available, for free. Originally, it was used to enable individual users to communicate on bulletin board system computer servers. Later, PGP was standardized and supported by other applications such as email. It has now become a core standard in email security and has been widely used to protect individuals and organizations for encrypting and decrypting text messages and files, as well. PGP works through a combination of cryptography, data compression, and hashing techniques1. It is similar to other popular encryption methods such as Kerberos, which authenticates network users, secure sockets layer (SSL), which secures websites, and the Secure File Transfer Protocol (SFTP), which protects data in motion.

PGP uses the public key system in which every user has a unique encryption key known publicly and a private key that only they know. A message is encrypted when a user sends it to someone using their public key, and it is then decrypted when the recipient opens it with their private key. It combines private-key and public-key cryptography and the use of symmetric and asymmetric key technology to encrypt data as it travels across networks. PGP follows a three-step process:

  1. PGP generates a huge, one-time-use public encryption algorithm that cannot be guessed, which becomes the random session key.
  2. The session key is then encrypted using the recipient’s public key, which protects the message while being transmitted. The recipient shares that key with anyone they want to receive messages from.
  3. The message sender submits their session key, then the recipient can decrypt the message using their private key.

Benefits of PGP encryption include2:

Privacy & Security. Sensitive information is always protected; it cannot be stolen or viewed by others on the internet. PGP assures that the information that is sent or received was not modified in transmission and that files were not changed without your knowledge. Your secure emails and messages cannot be penetrated by hackers or infected by email attacks. Others cannot recover sensitive messages or files once you have deleted them. Information can be shared securely with others including groups of users.

Trust. You can be certain who the email is from and who it is for. PGP verifies the sender of the information to ensure that the email was not intercepted by a third party.

User-friendly. PGP encryption software is very easy to learn how to use. With virtually no training, users are able to learn how to use it right away.

1 Fortinet, 2023, “PGP Encryption”

2 Brook, 2023, “What is PGP Encryption? Definition, Uses, & More”