See also: Cryptography | Encrypting Your Mail | GPG
Acronym: Pretty Good Privacy
Home Page: http://www.pgp.com or http://web.mit.edu/network/pgp.html
A popular system for secure communication and authentication that can:
- Securely encrypt files, e-mail, and simple text.
- Allow secure communication with individuals and groups you have never physically met.
- Provide digital signatures for documents to confirm identity or validity, such as a newly uploaded file that has been checked for any viruses or for a public post by important individuals.
- Automatically compress every file it encrypts.
- Save binary files as text, useful for Newsgroup postings
Considered by many to be a standard in encryption and authentication, PGP is useful for individuals far away or in a large workgroup where users can be included or unincluded as needed as a mutual password is not needed. Commercial PGP is free for personal and educational use while the open-source GPG is free software.
Although the name “Pretty Good” implies it is only adequate, PGP is quite secure.
Originally created by Phil Zimmerman.
- Download commercial version:
-
- PGP Freeware (U.S./Canada only)
- Commercial PGP (PGP Corporation)
Contents
- 1 Open-Source version
- 2 Web mail services that use PGP
- 3 Reasons for use
- 4 How it works
- 5 PGP is not perfect
- 6 Public PGP key servers
- 7 Example of a PGP/GPG Encrypted Message:
- 8 = Links
Open-Source version
GPG is a near-clone version of PGP but free, fully open-source, and GPL‘d. Although GPG is not as user-friendly as the corporately-owned PGP and lacks the patented IDEA algorithm, it is otherwise fully compatible and just as useful.
- Download
-
-
- … Other front-ends for all platforms.
-
Web mail services that use PGP
- HushMail (Free, Disclosed Source Front End, HushMail Corporation)
- Lokmail – (Non-free, Standards-compliant PGP service except older RSA keys, LOKMAIL, Inc.)
- PGP-like, but not RFC2440
-
- Non-Commercial (Free, Open Source Back+Front End, CryptoMail Organization)
Reasons for use
How it works
Two or more people who wish to securely communicate exchange portions of their keys, called public keys. Using software or an available Web service, the information is processed so parties can communicate without fear of eavesdropping.
See the PGP Intro.
Authenticate
PGP can also be used to create a Digital Signature that allows a user to claim a specific file as their own and to verify its authenticity.
PGP is not perfect
PGP is mainly vulnerable only to two attacks: A man-in-the-middle attack and by chosing a poor password. To protect against “man-in-the-middle,” users can check that the public key they are getting is the authentic by downloading it from a PGP Public Server or Certificate Authority. In the absense of either, checking the Fingerprint can also verify a key’s validity, which should be distributed elsewhere such as on a public forum (that cannot be edited like infoAnarchy).
Public PGP key servers
To store your public key for anyone to access
Example of a PGP/GPG Encrypted Message:
<pre>
BEGIN PGP MESSAGE—–
Version: GnuPG v1.2.1 (MingW32) – WinPT 0.7.96rc1
jA0EAwMC17i3dehkC1JgyZ6noJJvDZLmF2TF5RJGwir6oeJ1Ds9LJIo5kwNL4RdLEkW8aNWOTXePB6B92zA0fu8BsqOawCAPXMo1HKrZwA4fGQGNE8QiAKPKI+ztbwSa7USJDiFiiccT7Mi53VJpohfJ74adIU2fEozteIFspCdxMWEpmXtp6ouKED1HN88NBOsW0L33a9itHvESNrH8VZNCNWRcqFhRQYfRGqOEMQ===L4kn
END PGP MESSAGE—–
</pre>
Standards/RFCs
- OpenPGP charter
- RFC2440 (OpenPGP Message Format)
- RFC3156 (MIME Security with OpenPGP)
Related
- Authentication
- Cryptography
- Digital signature
- Fingerprint
- Public key / private key
- Signature
- Hard Disk Encryption – one popular free tool is distributed in by PGP International as well as PGP Inc.’s own commercial offering.
News
- PGP Universal – shifting PGP software from being local to the network.
= Links
- Giftfile System – decentralized gift economy in which authors and publishers give non-proprietary works, and supporters give money.
TakeDown.NET -> “Pretty-Good-Privacy”