PGP Encryption: A Layman’s Guide to How It Works


The whole objective and purpose of encryption is to allow authorized people to view the data while making the data unreadable to anyone else. PGP is one of many different encryption methods that is used most commonly by businesses and organizations. The acronym PGP stands for Pretty Good Privacy and was created in 1991 by Phil Zimmermann. It has gone through many changes throughout the years, but PGP remains a very viable and popular method of encryption.

What are some of the basics of encryption? We call data that’s in its normal, readable state is referred to as plaintext and data that’s been encrypted is called ciphertext. Algorithms are used to turn plaintext data into ciphertext and depending on the encryption method, the number and type of algorithms used will differ.

The process of turning plaintext data into ciphertext is done with what are called “keys”. In some forms of encryption (like PGP which is excellent for mainframe encryption), keys are used to encrypt and decrypt the data and also during the actual encryption process. I’m sure this last statement about keys is more confusing than anything, so I’ll do my best to describe the use of keys in the method of encryption known as PGP.

When describing the process of PGP encryption, it’s best to first explain public-key cryptography (AKA asymmetric cryptography). To participate in the encryption and decryption of data using any method of encryption that utilizes public-key cryptography, each participant must have a public and private key pair. There is a cryptographic algorithm that links a user’s public and private key pair but it’s “computationally infeasible” to derive the private key from the public key which makes the use of these key pairs secure.

First off, it’s important to note that throughout the process I’ll describe, there are numerous encryption algorithms and methods taking place to make the ciphertext data completely secure. By using many algorithms, PGP encryption is much more secure than most other methods of encryption. An added benefit of PGP is that during the encryption process, data is compressed up to 50% which takes unneeded stress off the network when sending data.

So how does the actual PGP encryption/decryption process work? The process of encrypting the data starts with a random key being generated. This key may look like this: SwizTCuPb4x. The data is then encrypted using that random key. This key will be what’s needed to actually decrypt the ciphertext in what’s called symmetric-key cryptography. Instead of simply leaving this key as it is (as is the case with encryption methods relying solely on symmetric-key cryptography), the key itself is then encrypted using the recipient’s public key. The result of this process is the encrypted data (ciphertext) and the encrypted random key. Both the encrypted data and encrypted key must be sent to the recipient so they can decrypt the data.

The process is then done basically in reverse by the recipient using their private key instead of their public key. The recipient uses their own private key to decrypt the encrypted key. At that point, the key is then back to its original state when it was randomly generated to start the encryption process. All that’s left to do is decrypt the ciphertext using the same key that was used to encrypt the data originally and the data will be as it was before the process commenced!

It’s really a very simple process that utilizes some of the most complex math and algorithms in the world! Encryption software is absolutely necessary for any organization that stores, sends or receives any sensitive data like credit card information or customer’s personal information. Both the sender and receiver must utilize the same encryption method and features within the chosen method to allow the recipient to decrypt the ciphertext. PGP is a worthy encryption method that can also be utilized as a data storage security solution as it encrypts the data while at rest instead of doing so on the fly.


Source by Jed Lampi