Pretty Good Privacy
Acronym: Pretty Good Privacy
- Securely encrypt files, e-mail, and simple text.
- Allow secure communication with individuals and groups you have never physically met.
- Provide digital signatures for documents to confirm identity or validity, such as a newly uploaded file that has been checked for any viruses or for a public post by important individuals.
- Automatically compress every file it encrypts.
- Save binary files as text, useful for Newsgroup postings
Considered by many to be a standard in encryption and authentication, PGP is useful for individuals far away or in a large workgroup where users can be included or unincluded as needed as a mutual password is not needed. Commercial PGP is free for personal and educational use while the open-source GPG is free software.
Although the name "Pretty Good" implies it is only adequate, PGP is quite secure.
Originally created by Phil Zimmerman.
- Download commercial version:
GPG is a near-clone version of PGP but free, fully open-source, and GPL'd. Although GPG is not as user-friendly as the corporately-owned PGP and lacks the patented IDEA algorithm, it is otherwise fully compatible and just as useful.
Web mail services that use PGP
- HushMail (Free, Disclosed Source Front End, HushMail Corporation)
- Lokmail - (Non-free, Standards-compliant PGP service except older RSA keys, LOKMAIL, Inc.)
- PGP-like, but not RFC2440
Reasons for use
How it works
Two or more people who wish to securely communicate exchange portions of their keys, called public keys. Using software or an available Web service, the information is processed so parties can communicate without fear of eavesdropping.
See the PGP Intro.
PGP is not perfect
PGP is mainly vulnerable only to two attacks: A man-in-the-middle attack and by chosing a poor password. To protect against "man-in-the-middle," users can check that the public key they are getting is the authentic by downloading it from a PGP Public Server or Certificate Authority. In the absense of either, checking the Fingerprint can also verify a key's validity, which should be distributed elsewhere such as on a public forum (that cannot be edited like infoAnarchy).
Public PGP key servers
To store your public key for anyone to access
Example of a PGP/GPG Encrypted Message:
-----BEGIN PGP MESSAGE----- Version: GnuPG v1.2.1 (MingW32) - WinPT 0.7.96rc1 jA0EAwMC17i3dehkC1JgyZ6noJJvDZLmF2TF5RJGwir6oeJ1Ds9LJIo5kwNL4RdL EkW8aNWOTXePB6B92zA0fu8BsqOawCAPXMo1HKrZwA4fGQGNE8QiAKPKI+ztbwSa 7USJDiFiiccT7Mi53VJpohfJ74adIU2fEozteIFspCdxMWEpmXtp6ouKED1HN88N BOsW0L33a9itHvESNrH8VZNCNWRcqFhRQYfRGqOEMQ== =L4kn -----END PGP MESSAGE-----
- Digital signature
- Public key / private key
- Hard Disk Encryption - one popular free tool is distributed in by PGP International as well as PGP Inc.'s own commercial offering.