Pretty Good Privacy

From InfoAnarchy
(Redirected from PGP)
Jump to: navigation, search

See also: Cryptography | Encrypting Your Mail | GPG

Acronym: Pretty Good Privacy

Home Page: http://www.pgp.com or http://web.mit.edu/network/pgp.html

A popular system for secure communication and authentication that can:

  1. Securely encrypt files, e-mail, and simple text.
  2. Allow secure communication with individuals and groups you have never physically met.
  3. Provide digital signatures for documents to confirm identity or validity, such as a newly uploaded file that has been checked for any viruses or for a public post by important individuals.
  4. Automatically compress every file it encrypts.
  5. Save binary files as text, useful for Newsgroup postings

Considered by many to be a standard in encryption and authentication, PGP is useful for individuals far away or in a large workgroup where users can be included or unincluded as needed as a mutual password is not needed. Commercial PGP is free for personal and educational use while the open-source GPG is free software.

Although the name "Pretty Good" implies it is only adequate, PGP is quite secure.

Originally created by Phil Zimmerman.

Download commercial version:

Open-Source version

GPG is a near-clone version of PGP but free, fully open-source, and GPL'd. Although GPG is not as user-friendly as the corporately-owned PGP and lacks the patented IDEA algorithm, it is otherwise fully compatible and just as useful.

Download
... Other front-ends for all platforms.

Web mail services that use PGP

  • HushMail (Free, Disclosed Source Front End, HushMail Corporation)
  • Lokmail - (Non-free, Standards-compliant PGP service except older RSA keys, LOKMAIL, Inc.)
PGP-like, but not RFC2440

Reasons for use

How it works

Two or more people who wish to securely communicate exchange portions of their keys, called public keys. Using software or an available Web service, the information is processed so parties can communicate without fear of eavesdropping.

See the PGP Intro.

Authenticate

PGP can also be used to create a Digital Signature that allows a user to claim a specific file as their own and to verify its authenticity.

PGP is not perfect

PGP is mainly vulnerable only to two attacks: A man-in-the-middle attack and by chosing a poor password. To protect against "man-in-the-middle," users can check that the public key they are getting is the authentic by downloading it from a PGP Public Server or Certificate Authority. In the absense of either, checking the Fingerprint can also verify a key's validity, which should be distributed elsewhere such as on a public forum (that cannot be edited like infoAnarchy).

Public PGP key servers

To store your public key for anyone to access

Example of a PGP/GPG Encrypted Message:

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.2.1 (MingW32) - WinPT 0.7.96rc1

jA0EAwMC17i3dehkC1JgyZ6noJJvDZLmF2TF5RJGwir6oeJ1Ds9LJIo5kwNL4RdL
EkW8aNWOTXePB6B92zA0fu8BsqOawCAPXMo1HKrZwA4fGQGNE8QiAKPKI+ztbwSa
7USJDiFiiccT7Mi53VJpohfJ74adIU2fEozteIFspCdxMWEpmXtp6ouKED1HN88N
BOsW0L33a9itHvESNrH8VZNCNWRcqFhRQYfRGqOEMQ==
=L4kn
-----END PGP MESSAGE-----

Standards/RFCs

Related

News

Links