Pretty Good Privacy (PGP) is a widely used encryption program that provides cryptographic privacy and authentication for digital communications, especially email. Developed in 1991 by Phil Zimmermann, PGP is designed to secure data against unauthorized access and to verify the authenticity of messages through digital signatures.
PGP combines several cryptographic techniques to protect data. Public-Key Cryptography: Each user has a pair of keys—a public key (shared openly) and a private key (kept secret). When someone wants to send you an encrypted message, they use your public key to encrypt it. Only your private key can decrypt this message. Symmetric-Key Encryption: Encrypting large messages directly with public-key algorithms is inefficient. Instead, PGP generates a one-time session key (a random symmetric key) to encrypt the actual message. This session key is then encrypted with the recipient’s public key and sent along with the message. The recipient uses their private key to decrypt the session key, then uses the session key to decrypt the message. Hashing and Digital Signatures: To ensure authenticity, PGP can create a digital signature for a message. It generates a hash (a fixed-length summary) of the message, then encrypts this hash with the sender’s private key. The recipient can use the sender’s public key to decrypt the hash and verify that the message hasn’t been altered and truly comes from the claimed sender.