Pretty Good Privacy

See also: Cryptography | Encrypting Your Mail | GPG

Acronym: Pretty Good Privacy

Home Page: or

A popular system for secure communication and authentication that can:

  1. Securely encrypt files, e-mail, and simple text.
  2. Allow secure communication with individuals and groups you have never physically met.
  3. Provide digital signatures for documents to confirm identity or validity, such as a newly uploaded file that has been checked for any viruses or for a public post by important individuals.
  4. Automatically compress every file it encrypts.
  5. Save binary files as text, useful for Newsgroup postings

Considered by many to be a standard in encryption and authentication, PGP is useful for individuals far away or in a large workgroup where users can be included or unincluded as needed as a mutual password is not needed. Commercial PGP is free for personal and educational use while the open-source GPG is free software.

Although the name “Pretty Good” implies it is only adequate, PGP is quite secure.

Originally created by Phil Zimmerman.

Download commercial version:


Open-Source version

GPG is a near-clone version of PGP but free, fully open-source, and GPL‘d. Although GPG is not as user-friendly as the corporately-owned PGP and lacks the patented IDEA algorithm, it is otherwise fully compatible and just as useful.

Other front-ends for all platforms.

Web mail services that use PGP

  • HushMail (Free, Disclosed Source Front End, HushMail Corporation)
  • Lokmail – (Non-free, Standards-compliant PGP service except older RSA keys, LOKMAIL, Inc.)
PGP-like, but not RFC2440

Reasons for use

How it works

Two or more people who wish to securely communicate exchange portions of their keys, called public keys. Using software or an available Web service, the information is processed so parties can communicate without fear of eavesdropping.

See the PGP Intro.


PGP can also be used to create a Digital Signature that allows a user to claim a specific file as their own and to verify its authenticity.

PGP is not perfect

PGP is mainly vulnerable only to two attacks: A man-in-the-middle attack and by chosing a poor password. To protect against “man-in-the-middle,” users can check that the public key they are getting is the authentic by downloading it from a PGP Public Server or Certificate Authority. In the absense of either, checking the Fingerprint can also verify a key’s validity, which should be distributed elsewhere such as on a public forum (that cannot be edited like infoAnarchy).

Public PGP key servers

To store your public key for anyone to access

Example of a PGP/GPG Encrypted Message:



Version: GnuPG v1.2.1 (MingW32) – WinPT 0.7.96rc1







= Links

TakeDown.NET -> “Pretty-Good-Privacy