Introduction to PGP
What on earth is that mess of letters and numbers at the end of some folks’ email and Usenet messages? In many cases1, it’s a PGP signature. As an example, here’s a plain text message I wrote:
This is a PGP-signed message. The signature will be longer for longer messages. Cyn
After I signed it with PGP, it looks like this:
-----BEGIN PGP SIGNED MESSAGE----- This is a PGP-signed message. The signature will be longer for longer messages. Cyn -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.8 Comment: See http://www.technomom.com/pgp.html for further info iQCVAwUBOfNHEB1LUpdZB1XtAQGcvAQAxr9NOOQYovebGwv28aheAnUIAJjsRYXP IbU+0QeUBwf3MRFUxPo6X26donmHmoofLalabjaIFEvnEmAWfrQkKZ+xvNSCvRWB t9s8EHSTm/5ARzL89xV4QUUkimgj2cG9xe9b7IiPyNCTW6Rg4cbPDmnpEbu2FT4q vzjxoZMAseU= =Tbam -----END PGP SIGNATURE-----
PGP is the best-known public-key encryption method in use on the internet. If I sign a message I post to a particular newsgroup using my private key, anyone who wishes to verify that it is from me and unaltered can check the signature on the message using my public key. If the message has been altered in any way, the signature will not be valid. If someone else forged a message in my name and tried to copy the signature from one of my real posts, the signature wouldn’t check as valid on the forged message. That’s the reason I use it.
Some people use PGP for actual encryption. If I wanted to send my friend Doug an email that contained very sensitive information, I’d write my message and sign it with my private key. I would then encrypt it with Doug’s public key, and email the encrypted version to him. Upon receipt, he would decrypt the message using his private key, then check my signature using my public key. We’d know that the message had not been read by anyone but us, and had not been altered in any way. I find very little need for encryption, but some people use it frequently.
For a far more thorough explanation of PGP, please check the comp.security.pgp FAQ.
The last time I checked, Symantec owned PGP. You can still get a freeware implementation of OpenPGP (one of its descendants) at Gnu Privacy Guard. If you want to use encryption for your email, Hushmail is very easy to use.
Some other links you may find useful as you explore PGP:
- The PGP page
- Introduction to PGP by Dr. Nat Queen.
Last updated 12 September 2021.