What is PGP Encryption? How it Works and Why It's Still Reliable.

PGP encryption (Pretty Good Encryption) is a data encryption program used to authenticate and provide cryptographic privacy for data transfers.

PGP encryption is used to secure all forms of data and digital transmissions. It's capable of encrypting and decrypting:

  • Text messages
  • Emails
  • Computer files
  • Disk partitions 

PGP is a quick-to-implement and cost-effective encryption method.

What's the Difference Between PGP and OpenPGP

PGP was originally created to protect files posted on Bulletin Board Systems (BBS) - a computerized messaging system that allowed users to post messages onto a public message board using a dial-up modem.

Bulletin Board Systems were used until the mid-nineties. The retirement of this technology led to PGP being sold multiple times before it was finally acquired by Symantec in 2010.

OpenPGP (also known as Open-source PGP, was created by one of the PGP’s inventors, Phil Zimmerman, to overcome the patent restrictions that were preventing PGP's liberal use. 

OpenPGP Standard is now the Internet Engineering Task Force (IETF) approved standard that permits any company to develop and sell PGP-compatible products.

GoAnywhere Open is an example of one such solution that offers PGP encryption, free of charge.

GnuPG is a variant of OpenPGP. It's also free but its algorithm differs slightly from PGP. The downside to using this encryption standard over the Symantec-owned PGP is that it doesn't come with technical support - the bane of all open-source software.

Benefits of PGP Encryption

PGP's current popularity is due to its original availability as freeware coupled with its long history - it was originally created in 1990.

It's now the standard form of encryption in finance, healthcare, technology, and other highly regulated industries.

PGP encryption offers the following security benefits:

  • Reduces the risk of data loss prevention.
  • Prevents information from being modified during transfer.
  • Protects sensitive information from unauthorized access.
  • Allows the secure sharing of information with multiple parties.
  • Verifies the authenticity of email senders.
  • Prevents the recovery of deleted sensitive data.
  • Ensures emails communications are not intercepted.
  • Protects emails from malicious compromise.
  • Very blunt learning curve - no training is required to achieve PGP encryption proficiency.

How Does PGP Encryption Work?

PGP combines data compression, password hashing, symmetric-key cryptography, and public-key cryptography to keep sensitive data secure.

This feature list is a combination of two file encryption types:

  • Symmetric key encryption
  • Public-key encryption

The encryption algorithm is capable of protecting data in transit and at rest - especially when coupled with a threat detection solution.

PGP assigns users at each end of the communication trajectory with randomly generated public and private keys. In order for sent messages to be successfully decrypted, they must be authenticated with specific private keys that only intended recipients will have.

The end-to-end process of PGP email security is described below:

  1. Sender A requests to send Recipient B a secure email.
  2. Recipient B generates a random PGP public key and private key.
  3. Recipient B keeps the private key and transmits the public key to Sender A.
  4. Sender A uses the recipient's public key to encrypt the message before sending it.
  5. Recipient B receives the encrypted message and decrypts it with its retained private key.
  6. ​Recipient B reads the message.

This process prevents anyone without the correct key pair from decrypting intercepted messages.

Use Cases for PGP Encryption

PGP encryption is most commonly used to secure email communications. But email security can be further enhanced by combining PGP encryption with PGP digital signature verification.

It works as follows:

  • Data from the sender's key is combined with the data being transferred.
  • This amalgamation generates a hash function - the conversion of a message into blocks of data of fixed sizes.
  • The hash function is encrypted with the sender's private key.
  • The recipient decrypts the message with the sender's public key.

Because the hash function retains the characteristics of the original message, the recipient will be aware if even just a single character has been modified.

Is PGP Encryption Secure?

PGP encryption is almost impossible to hack. That's why it's still used by entities that send and receive sensitive information, such as journalists and hacktivists.

Though PGP encryption cannot be hacked, OpenPGP does have a vulnerability that disrupts PGP encrypted messages when exploited.

The vulnerability permits public keys stored in Synchronising Key Servers (SKS) to undergo unlimited alterations by cybercriminals.

Because GnuPG software doesn't support a high number of public-key signatures, it crashes when decryption is attempted.

The good news is that, even after this type of cyberattack, encrypted messages remain secure, making PGP one of the best encryption standards for cybersecurity.  

How to Get Started with PGP Encryption

Setting up PGP encryption for email communications is simple. Most email programs only require a PGP add-on.

A PGP add-on can be downloaded for each of the popular email solutions listed below by following the links.

Some email solutions have been developed to already include PGP encryption in their software. ProtonMail is the most popular example.

Securing files and disk partitions with PGP encryption is a little more difficult. This is best achieved with dedicated solutions that offer PGP encryption such as Symantec File Share encryption and Symantec Endpoint Encryption.

Ready to see
UpGuard in action?