Introduction to PGP

What on earth is that mess of let­ters and num­bers at the end of some folks’ email and Usenet mes­sages? In many cas­es1, it’s a PGP sig­na­ture. As an exam­ple, here’s a plain text mes­sage I wrote:

This is a PGP-signed message. The signature will be longer for longer
messages.
Cyn

After I signed it with PGP, it looks like this:

-----BEGIN PGP SIGNED MESSAGE-----

This is a PGP-signed message. The signature will be longer for longer
messages.

Cyn

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.8
Comment: See http://www.technomom.com/pgp.html for further info

iQCVAwUBOfNHEB1LUpdZB1XtAQGcvAQAxr9NOOQYovebGwv28aheAnUIAJjsRYXP
IbU+0QeUBwf3MRFUxPo6X26donmHmoofLalabjaIFEvnEmAWfrQkKZ+xvNSCvRWB
t9s8EHSTm/5ARzL89xV4QUUkimgj2cG9xe9b7IiPyNCTW6Rg4cbPDmnpEbu2FT4q
vzjxoZMAseU=
=Tbam
-----END PGP SIGNATURE-----

PGP is the best known pub­lic key encryp­tion method in use on the inter­net. If I sign a mes­sage I post to a par­tic­u­lar news­group using my pri­vate key, any­one who wish­es to ver­i­fy that it is from me and unal­tered can check the sig­na­ture on the mes­sage using my pub­lic key. If the mes­sage has been altered in any way, the sig­na­ture will not be valid. If some­one else forged a mes­sage in my name and tried to copy the sig­na­ture from one of my real posts, the sig­na­ture would­n’t check as valid on the forged mes­sage. That’s the rea­son I use it.

Some peo­ple use PGP for actu­al encryp­tion. If I want­ed to send my friend Doug an email that con­tained very sen­si­tive infor­ma­tion, I’d write my mes­sage and sign it with my pri­vate key. I would then encrypt it with Doug’s pub­lic key, and email the encrypt­ed ver­sion to him. Upon receipt, he would decrypt the mes­sage using his pri­vate key, then check my sig­na­ture using my pub­lic key. We’d know that the mes­sage had not been read by any­one but us, and had not been altered in any way. I find very lit­tle need for encryp­tion, but some peo­ple use it fre­quent­ly.

For a far more thor­ough expla­na­tion of PGP, please check the comp.security.pgp FAQ.

Syman­tec owns PGP now. You can still get a free­ware imple­men­ta­tion of OpenPGP (one of its descen­dants) at Gnu Pri­va­cy Guard. If you want to use encryp­tion for your email, though, there’s no eas­i­er solu­tion than Hush­mail.

Some oth­er links you may find use­ful as you explore PGP:

Last updat­ed 17 Feb­ru­ary 2019.


1 Some­times a list of weird char­ac­ters at the end of a mes­sage is the sender’s geek code, or sim­i­lar code spe­cif­ic to a par­tic­u­lar inter­est group.