Introduction to PGP
What on earth is that mess of letters and numbers at the end of some folks’ email and Usenet messages? In many cases1Sometimes a list of weird characters at the end of a message is the sender’s geek code or a similar code specific to a particular interest group., it’s a PGP signature. As an example, here’s a plain text message I wrote:
This is a PGP-signed message. The signature will be longer for longer messages. Cyn
After I signed it with PGP, it looks like this:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 This is a PGP-signed message. The signature will be longer for longer messages. Cyn -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEuc12Pi9UCrPUU4OIUhCdqCQqoNwFAmIJh5YACgkQUhCdqCQq oNy2hw//SOPrIGzVge/ffHKW3lFTSZlkUfQeNzltq208FWrXhg7noTGS/64gJYiu IFHdb7y2JNZH5pT30fjifqLwa8DsHwP0ENwJQpTIsDtosTkWhkF6aNJocD2X6G8m 7grYLCYKdO6iSQ+HgYHCAybhalCF6q/qRiUEfA0VvDeM4vc/O6ZtsDM06eQstdur jDpl6FYSpW3bMV72/6gV6WalsYkVp00RMzFjbJZY/I4bZH7ai2aGhvHqia8KVzUU 5fPwr7DrTsvW4yFQBUfeHsjzvanzONkV4st5zgS7U7OOJ4hYOFd/aTjcAgEDi4Sd uw1Uv0So9bgMNUME1yrX2VqAgcjLuzEmvIanlI2UajeZRIoAYKNy9WnaZZBogKfC +10kICWYAF4lqA+QmMqcDfnS85JV3FeKt/miOR2QGAhwa9wjn26LsJTOefxoEOGN vEU4bBBI8ibtLJ+Kf19ePz7VvNtxVgqd4oRVQqeJwjZB5uohxpA6nMmt8obxTFpg 6oR0o3N8o0LQilnD5Qp/S1TcFrX0vqoT+7LjAJm0Xfw8nJI95lfTB7xbBhGaYqST X0cMS7w08Z6PH4eQKIvBdqcG16vnRl365avRxh5qqPid/US2V8j6c/PsPoNw24al 8BTD5CaxnU0diBNcWy5Q2KnoqKPN++wITMqM8zYCgV0heigW9TI= =AKyH -----END PGP SIGNATURE-----
PGP is the best-known public-key encryption method in use on the internet. If I sign a message I post to a particular newsgroup using my private key, anyone who wishes to verify that it is from me and unaltered can check the signature on the message using my public key. If the message has been altered in any way, the signature will not be valid. If someone else forged a message in my name and tried to copy the signature from one of my real posts, the signature wouldn’t check as valid on the forged message. That’s the reason I use it.
Some people use PGP for actual encryption. If I wanted to send my friend Doug an email that contained very sensitive information, I’d write my message and sign it with my private key. I would then encrypt it with Doug’s public key, and email the encrypted version to him. Upon receipt, he would decrypt the message using his private key, then check my signature using my public key. We’d know that the message had not been read by anyone but us, and had not been altered in any way. I find very little need for encryption, but some people use it frequently.
For a far more thorough explanation of PGP, please check the Introduction to PGP by Dr. Nat Queen.
The last time I checked, Symantec owned PGP. You can still get a freeware implementation of OpenPGP (one of its descendants) at Gnu Privacy Guard. If you want to use encryption for your email, Hushmail is very easy to use.