GNU Privacy Guard is an RFC-4480 compliant OpenPGP implementation. PGP was created
in 1992 out of spite from what I gather by Phil Zimmerman. In 1991 Senate Bill 266 required manufacturers
of secure communications equipment to insert special “trap doors” in their products, so that the government
could read any encryped communications… (Sounds fairly similar to current events today).
What came from Phil Zimmerman’s head has changed history. PGP gave the world the access to an easy mechanism to
keep messages confidental as well as authenticatible. Using asymetric-key cryptography as well as symetric-key, PGP
can be used to encrypt and digitally sign data.
As mentioned above, PGP uses asymetric-key cryptography. The specification mentions several different types of key
algorithms you can choose from, including RSA, DSA, etc. What all these have in common is they all consist of two
distinct keys that are linked together with our good friend math. Below is a very simplified example of asymetric-key
If you are following the above, you will notice that this is some pretty simple math. To encrypt we raise the plaintext
version of what we want to encrypt with one key, and we raise the ciphertext to the other key to decrypt. This is very simple
to perform, but EXTREMELY hard to figure out without the large primes P and Q because it is hard to find the common divisors.
This form of cryptography allows us to widely publish our public key, so that anyone can send us encrypted messages, and if we
keep our private key completely secret, you will be the only one who can read the message. PGP uses asymetric-key encryption, but
not for encrypting the message itself. PGP uses symetric key encryption for actually encrypting the message you are trying to hide,
and is capable of using many different mechanisms to accomplish this, including blowfish, twofish, aes, etc. Symetric key encryption is
where you share a key, such as a passphrase, and you encrypt and decrypt with the same key.
PGP is clever in that the algorithm first creates a really random session “password” which is used to encrypt the payload of the
message. Then uses the recipient’s public key to asymetrically encrypt said random session password. The actual message encryption
is very much stronger than the encryption of the random session password, which is a one time use password.
To start using GPG to encrypt and sign your documents install gpg. Then generate a keypair as shown below:
Then sit and wait, for a while. In order to generate such a huge random prime, your computer has to create a ton of entropy. When this is done,
you should have a keypair, and be ready to start encrypting messages or documents. Below is an example of encrypting a file with gpg.
Looking at that file that was created:
After you are done encrypting files for yourself, you will likely want to start sharing with friends. PGP is based on a
web of trust. So you trust someone, you sign their public key, and they become more trustworthy. You can also get keys from a
keyserver, and import individual’s public keys as seen below:
Always make sure to verify the fingerprint of keys from people you know. The fingerprint is a SHA hash of the public
key and is used to make sure you have their proper key.