What does pgp encryption mean

PGP also ensures that the message belongs to the intended recipient. These certificates are constructed so that tampering can be easily detected. The certificates can only prevent corruption after they have been made, but not before.

PGP products also help to determine if a certificate belongs to the person that is claiming it, often referred to as a web of trust. View the discussion thread. Platform Overview. Popular Topics: Data Protection.

Security News. Threat Research. Industry Insights. Search the Site. You have validated Alice's key and you indicate this by signing it. You know that Alice is a real stickler for validating others' keys. You therefore assign her key with Complete trust. This makes Alice a Certification Authority. If Alice signs another's key, it appears as Valid on your keyring.

PGP requires one Completely trusted signature or two Marginally trusted signatures to establish a key as valid. You might consider Alice fairly trustworthy and also consider Bob fairly trustworthy. Either one alone runs the risk of accidentally signing a counterfeit key, so you might not place complete trust in either one.

However, the odds that both individuals signed the same phony key are probably small. The certificate is expected to be usable for its entire validity period its lifetime. The certificate can still be safely used to reconfirm information that was encrypted or signed within the validity period — it should not be trusted for cryptographic tasks moving forward, however.

There are also situations where it is necessary to invalidate a certificate prior to its expiration date, such as when an the certificate holder terminates employment with the company or suspects that the certificate's corresponding private key has been compromised.

This is called revocation. Arevoked certificate is much more suspect than an expired certificate. Expired certificates are unusable, but do not carry the same threat of compromise as a revoked certificate. Anyone who has signed a certificate can revoke his or her signature on the certificate provided he or she uses the same private key that created the signature.

Arevoked signature indicates that the signer no longer believes the public key and identification information belong together, or that the certificate's public key or corresponding private key has been compromised. A revoked signature should carry nearly as much weight as a revoked certificate.

PGP certificates provide the added feature that you can revoke your entire certificate not just the signatures on it if you yourself feel that the certificate has been compromised. Only the certificate's owner the holder of its corresponding private key or someone whom the certificate's owner has designated as a revoker can revoke a PGP certificate. Designating a revoker is a useful practice, as it's often the loss of the passphrase for the certificate's corresponding private key that leads a PGP user to revoke his or her certificate — a task that is only possible if one has access to the private key.

Only the certificate's issuer can revoke an X. The CRL contains a time-stamped, validated list of all revoked, unexpired certificates in the system. Revoked certificates remain on the list only until they expire, then they are removed from the list — this keeps the list from getting too long.

The CA distributes the CRL to users at some regularly scheduled interval and potentially off-cycle, whenever a certificate is revoked. Theoretically, this will prevent users from unwittingly using a compromised certificate. It is possible, though, that there may be a time period between CRLs in which a newly compromised certificate is used. A passphrase is a longer version of a password, and in theory, a more secure one. Typically composed of multiple words, a passphrase is more secure against standard dictionary attacks, wherein the attacker tries all the words in the dictionary in an attempt to determine your password.

The best passphrases are relatively long and complex and contain a combination of upper and lowercase letters, numeric and punctuation characters. PGP uses a passphrase to encrypt your private key on your machine. Your private key is encrypted on your disk using a hash of your passphrase as the secret key. You use the passphrase to decrypt and use your private key. A passphrase should be hard for you to forget and difficult for others to guess.

It should be something already firmly embedded in your long-term memory, rather than something you make up from scratch. Because if you forget your passphrase, you are out of luck. Your private key is totally and absolutely useless without your passphrase and nothing can be done about it. Remember the quote earlier in this chapter?

PGP is cryptography that will keep major governments out of your files. It will certainly keep you out of your files, too. Keep that in mind when you decide to change your passphrase to the punchline of that joke you can never quite remember. Insucha caseit is wisetosplit the key among multiple people in such a way that more than one or two people must present a piece of the key in order to reconstitute it to a usable condition.

If too few pieces of the key are available, then the key is unusable. Some examples are to split a key into three pieces and require two of them to reconstitute the key, or split it into two pieces and require both pieces. If a secure network connection is used during the reconstitution process, the key's shareholders need not be physically present in order to rejoin the key.

The Basics of Cryptography Encryption and decryption What is cryptography? Strong cryptography How does cryptography work? Conventional cryptography Caesar's Cipher Key management and conventional encryption Public key cryptography How PGP works Keys Digital signatures Hash functions Digital certificates Certificate distribution Certificate formats Validity and trust Checking validity Establishing trust Trust models Certificate Revocation Communicating that a certificate has been revoked What is a passphrase?

Key splitting The Basics of Cryptography When Julius Caesar sent messages to his generals, he didn't trust his messengers. And so we begin.

Encryption and decryption Data that can be read and understood without any special measures is called plaintext or cleartext. The method of disguising plaintext in such a way as to hide its substance is called encryption. Encrypting plaintext results in unreadable gibberish called ciphertext. You use encryption to ensure that information is hidden from anyone for whom it is not intended, even those who can see the encrypted data.

The process of reverting ciphertext to its original plaintext is called decryption. Figure illustrates this process. Encryption and decryption What is cryptography? Cryptography is the science of using mathematics to encrypt and decrypt data.

Cryptography enables you to store sensitive information or transmit it across insecure networks like the Internet so that it cannot be read by anyone except the intended recipient. Strong cryptography "There are two kinds of cryptography in this world: cryptography that will stop your kid sister from reading your files, and cryptography that will stop major governments from reading your files. This book is about the latter. How does cryptography work?

A cryptographic algorithm, or cipher, is a mathematical function used in the encryption and decryption process. A cryptographic algorithm works in combination with a key — a word, number, or phrase — to encrypt the plaintext.

The same plaintext encrypts to different ciphertext with different keys. The security of encrypted data is entirely dependent on two things: the strength of the cryptographic algorithm and the secrecy of the key. Conventional cryptography In conventional cryptography, also called secret-key or symmetric-key encryption, one key is used both for encryption and decryption.

Figure is an illustration of the conventional encryption process. Conventional encryption Caesar's Cipher An extremely simple example of conventional cryptography is a substitution cipher. A substitution cipher substitutes one piece of information for another. This is most frequently done by offsetting letters of the alphabet. In both cases, the algorithm is to offset the alphabet and the key is the number of characters to offset it.

Key management and conventional encryption Conventional encryption has benefits. It is very fast. It is especially useful for encrypting data that is not going anywhere. However, conventional encryption alone as a means for transmitting secure data can be quite expensive simply due to the difficulty of secure key distribution.

Public key cryptography The problems of key distribution are solved by public key cryptography, the concept of which was introduced by Whitfield Diffie and Martin Hellman in There is now evidence that the British Secret Service invented it a few years before Diffie and Hellman, but kept it a military secret — and did nothing with it.

Public key encryption The primary benefit of public key cryptography is that it allows people who have no preexisting security arrangement to exchange messages securely. PGP is a hybrid cryptosystem. Data compression saves modem transmission time and disk space and, more importantly, strengthens cryptographic security. Most cryptanalysis techniques exploit patterns found in the plaintext to crack the cipher.

Compression reduces these patterns in the plaintext, thereby greatly enhancing resistance to cryptanalysis. Files that are too short to compress or which don't compress well aren't compressed.

How PGP encryption works Decryption works in the reverse. How PGP decryption works The combination of the two encryption methods combines the convenience of public key encryption with the speed of conventional encryption. Keys A key is a value that works with a cryptographic algorithm to produce a specific ciphertext. Keys are basically really, really, really big numbers.

Key size is measured in bits; the number representing a bit key is darn huge. In public key cryptography, the bigger the key, the more secure the ciphertext.

Digital signatures Amajor benefit of public key cryptography is that it provides a method for employing digital signatures. Digital signatures enable the recipient of information to verify the authenticity of the information's origin, and also verify that the information is intact. This is a vastly simplified explanation of the process, but anyone curious about the nuts and bolts can find plenty more technical resources online.

Beyond that, you can use your imagination: PGP can encrypt any text you need and can even be used on whole directories and drives. Getting your own key pair is actually much easier than it sounds. You just have to figure out a few simple programs.

Download Gpg4win. This is a free though you can donate set of encryption packages and tools. You can also add it to Linux. Install Gpg4win. Make sure GnuPG the actual encryption package and Kleopatra a nice user interface are installed. If you want to attach your key to your identity, real or fake, you can enter that information here. Otherwise, you can skip this step.

The program is now generating thousands of random characters to make your keys and will ask you for a passphrase. You can use a password manager if you want. You now have a public and private key! The public key is unique to each person and meant to be shared. It is tied to you, and anyone can use it to send you an encrypted message. In PGP, when the recipient receives an encrypted message, they decrypt the session key using their private key. The plaintext session key then decrypts the message.

PGP takes the extra step of encrypting the message and the session key because public-key cryptography is much slower than symmetric cryptography, especially for large messages. It would take a lot of time and computing power to encrypt and decrypt large emails or files directly using the public key. Using symmetric cryptography without public-key cryptography would be less convenient, because you would need to somehow share the session key with the recipient, and to do so in plaintext would not be secure.

If you shared your session key in plaintext, anyone who intercepted it would be able to read it and then decrypt the entire message. Sharing the session key via another encrypted channel, or in person, would be impractical for your online communications. Therefore, PGP combines the efficiency of symmetric encryption and the convenience of public key encryption. There are two other aspects of PGP to note.

The first is the digital signature. A digital signature proves to the recipient that an attacker has not manipulated the message or the sender, and can therefore be trusted. If either the private key or the message is altered, the digital signature is invalid. After all, the server could easily give a bogus public key to the sender. To solve this problem, we introduced Address Verification , which allows you to share your public key and digitally sign the public keys of others that you have personally verified.

These trusted public keys are then securely stored in your encrypted contacts. PGP is a battle-tested standard, and we can be virtually certain that even intelligence agencies like the NSA cannot break its encryption. While there have been security bugs with certain implementations of PGP, such as the infamous Efail vulnerability , PGP itself is very secure. ProtonMail has not been affected by any known vulnerabilities.

Like most other information security systems, the biggest weakness is the user. Often the simplest and most effective attacks are the least high-tech, as this comic illustrates.