PGP Encryption: How It Works and How You Can Get Started | Tutorial
Don’t let the name “Pretty Good Privacy” mislead you. PGP is the gold standard for encrypted communication and has been used by everyone from nuclear activists to criminals since its invention in 1991. While the execution is complex, the concept is simple: you can encrypt text, making it unreadable to anyone who doesn’t have the key to decode it.
How does it work?
Imagine you want to send someone a letter but don’t want anyone except the recipient to be able to read it. The best way to do this is to write the letter in code, but you can’t send the code key along with the letter as that’s not very secure.
PGP gets around this problem using public key encryption. Everyone is assigned two keys: a public one that you can share with everyone and a private one, which you keep to yourself. What makes this system possible is that the codes only work one way. If Key A encrypts a file, Key A cannot reverse the process and decrypt it. Only its pair, Key B, can do that. Here’s how it usually works:
1. Write down your message.
2. Find your friend’s public key. He can email it to you, have it listed on a site, etc.
3. Run a computer program that uses the public key to convert the message to code.
4. Send the message. Anyone who intercepts it will only see gibberish.
5. Your friend receives the message and runs it through his private key to decode it, restoring it to plain text.
This is a vastly simplified explanation of the process, but anyone curious about the nuts and bolts can find plenty more technical resources online.
What can I use it for?
PGP is most often used for encrypting emails, and there are many services to help you do that, like Thunderbird’s Enigmail add-on. Beyond that, you can use your imagination: PGP can encrypt any text you need and can even be used on whole directories and drives. Investigative journalists often list their public keys online to make it easier for anonymous sources to get in touch with them, and sellers on darknet markets often use it to ensure that their customers’ personal information stays secret.
How do I get started?
Getting your own key pair is actually much easier than it sounds. You don’t need to understand anything at all about cryptography. You just have to figure out a few simple programs.
1. Download Gpg4win. This is a free (though you can donate) set of encryption packages and tools. For Mac, check out GPG Suite.
2. Install Gpg4win. Make sure GnuPG (the actual encryption package) and Kleopatra (A nice user interface) are installed; the other components are optional, but it can’t hurt to have them.
3. Once everything is installed, find the Kleopatra program on your computer and open it.
4. Go to the “File” tab and select “New Certificate.”
5. Since you want PGP keys, select “Create a personal OpenPGP key pair.”
6. If you want to attach your key to your identity, real or fake, you can enter that information here. Otherwise, you can skip this step.
7. Visit “Advanced Settings” and make sure “RSA” is selected. Change the default 2048 to 4096; this level of encoding makes your encryption pretty much impenetrable and doesn’t really slow you down during normal use.
8. Click “Okay” to exit this settings menu, and then click “Next” to start creating your key. The program is now generating thousands of random characters to make your keys and will ask you for a passphrase. It’s unrecoverable, so don’t forget it!
9. You now have a public and private key! If you want, you can back these up in a separate file somewhere, or you can email/publicly upload your public key.
10. You can generate a file with your public key in it by right-clicking the file and clicking “Export.” There are several ways to see it, but this makes it easy to access your public key whenever you want, without the need to use Kleopatra.
11. Choose where to save the file (it will save as a .asc ASCII file), then open up any text-editing app, like Notepad.
12. Go to “File” and then “Open,” set your file type to “All files,” and find the public key file where you saved it.
13. Open it up with your text editor to see your public key! Beautiful, isn’t it?
14. You can export your private key by following the same process, except select “Export Secret Keys” instead of just “Export.” Make sure you store this in a safe location, or just keep it inside Kleopatra; it’s perfectly accessible there.
These public and private keys can be used with any program that works with PGP, and Kleopatra itself can actually encrypt and decrypt files using your keys. If you want to take them for a test run, try encrypting a text file with your public key and decrypting it with your private key.
Conclusion: private key safety
PGP is only safe as long as your private key remains private. If anyone gets their hands on it, they will be able to read anything that is encrypted with your public key. Depending on how secure you want to be, you can keep your key on your hard drive, perhaps behind a few more layers of security, or you can put it on a more or less secure form of removable storage, like an encrypted USB drive.