PGP And Your Privacy
Chances are if you haven't heard about PGP (pretty good privacy) software you're either too new to computers to understand it, or you're too busy to learn about it. But if you're using the Internet for anything in this day and age, you ought to take some time to at least be conversant with the basics. After all, it's your privacy that's at stake.
What is PGP?
In 1994, Phil Zimmerman wrote Pretty Good Privacy, a personal encryption software package with military grade encryption power, and distributed it for free over the Internet from one of MIT's ftp sites. What made this a gigantic leap forward was that this was the first time military grade encryption came into the hands of the general public. It was the first time anyone with a personal computer could use strong encryption of the same grade as intelligence agencies and government powers.
Until that point in time, if you wanted to use any sort of encryption, you were probably bound to use one of the many weak solutions commonly available from many sources. Password programs for commercial word processing files are unspeakably easy to crack, for example. In fact, you can go to nearly any large ftp site, look for security-related products, and you'll find a bunch of tools that will instantly crack passwords for Word Perfect and MS Word documents. Zimmerman wanted an encryption tool that took advantage of strong encryption algorithms, yet were available (not exclusively used by the government). PGP does just that: it uses the RSA and IDEA ciphers, both very strong even when attacked by bruteforce with supercomputers.
In other words, if you had created a program, or written a novel, or had scanned your medical records, or had a sensitive financial record on your computer, you could encrypt it so that only you and whoever else you wanted to use the file would be able to. The file would only be useful to someone who had the power to decrypt it, and you are in control of that with strong encryption like PGP.
In this age of networked computers, your files are not necessarily private anymore. Your email is stored on various computers around the globe, information about you is sent and received everytime you surf the web, and profiles about your behavior are being bought and sold behind your back without your even knowing it. PGP gives you the power to take back control over much of your privacy.
Why Should I Use It?
The main reason why you should learn to use PGP is that if you don't protect your privacy, one day you won't have any left to protect. When you don't use something, it tends to disappear. It tends to become obsolete. The problem nowadays is that technology has so enveloped our personal lives that only the technologically literate are aware of the threats to our personal privacy. We tend to not worry about our most intimate messages residing on mail servers around the world. But not thinking about it doesn't make the threat disappear.
Opportunistic business people are not hesitating to capitalize on any portions of your privacy you leave unguarded. For example, when you post e-mails to some mailing lists, or to some newsgroups, you leave electronic footprints that will likely get you added to ``spam lists,'' or mailing lists of people who want to sell you things. Your mailbox will become a sort of dumping ground for whatever advertisements someone wants to throw at you. PGP can help you in this regard too, as can mail filtering software.
Further, e-mail has become so ubiquitous that it is the standard mode of communication for many, many people. And often e-mail must contain sensitive information. Yet, this type of information often goes out over the wires unguarded. I'm surprised by book publishers I deal with who routinely send and receive unencrypted book proposals and contracts without a thought that their competitors can easily keep track of what they're doing. Many competitive businesses are likewise at risk. And these same documents often contain information about us, too. They're not just failing to protect their own privacy, but they compromise our privacy too.
How it Works
PGP uses something called ``public key cryptography.'' A ``key'' is a digital sequence that mathematically ``unlocks'' an encrypted file. In conventional ``single key'' encryption methods, a file uses the same key for encryption and decryption. This is risky because when you send someone an encrypted file, you must also send them the key so they can decrypt it. Anyone who can obtain the encrypted file, as someone can read your e-mail while it's archived on a mail server, can also obtain the encryption key used to decrypt it. That's the risk of a single-key encryption scheme.
Public key cryptography depends on two keys. One key is used to encrypt the file, and a different key is used to decrypt it. When you use PGP, you create the pair of keys (called a keypair) you will use to decrypt files sent to you, as well as the key others will use to encrypt files for you. The public key is the key you send to others so they they can send you encrypted files. The secret key is the key you keep so that you can decrypt the files they send to you. This key you protect carefully (by likewise encrypting it with strong encryption and by not sharing it with anyone).
How Your Public and Secret Keys Work Together
When you use PGP for the first time, you create a keypair. These become your public key and your secret key. Your public key is what you distribute freely so others may send you encrypted mail. Your secret key stays closely guarded on your personal computer or on a floppy disk that you guard carefully. (If you're on a networked computer you may wish to keep your secret key on a disk so no one may copy it while you're not looking.)
When someone encrypts mail to you (or sends you an encrypted file), they need your public key. You can either send it to them directly or you can make it publically available from your home page, your shell account's finger daemon, or you can upload it to the public key servers. I recommend doing all of the above. There's no risk in distributing your public key because no one can use it to decrypt your mail. It's only useful in encrypting files for you. Only your secret key can be used to decrypt files.
Your secret key remains heavily encrypted on your system (or on a floppy disk) so that even if someone were able to retrieve a copy of it, they couldn't use it without trying to decrypt it first. PGP uses a very strong cipher to encrypt your secret key. Probably even the National Security Agency would have trouble cracking your 1024-bit or higher secret key without your passphrase. By the way, when you create a passphrase, please read the documentation. Do not pick an easy-to-guess passphrase. Do not use petnames, relative names, friends names, or dates for anyone's anniversary of anything. Follow the suggestions assiduously. Mix characters with numbers and use various upper and lower case letters.
Digital Signatures
Another advantage of PGP cryptography is that you can authenticate people by their digital signatures. Imagine you give orders to your employees over the Internet. Wouldn't it be nice to know that an order came from you and not from someone who impersonated you with their e-mail software? (Impersonating others is easy to do on the Internet, by the way.) PGP lets you ``sign'' files with your secret key, so that something called a ``hash function'' appears at the bottom of your e-mail, and that hash function is created by using your secret key, which only you can use because only you can unencrypt it. PGP will check digital signatures against all public keys in your possession, and it will tell you whether the owner of the public key sent the e-mail or whether someone else did.
PGP uses your secret key in generating the hash function that appears at the bottom of your e-mail (or whatever kind of file you are signing). If someone tampers with your email, your hash function will reveal an inconsistency when compared with your public key. In this way, your employees can know whether you sent the message or someone else impersonating you sent it. The hash function cannot be forged since it depends on your secret key, yet the signature can be authenticated with your public key.
This digital signature idea has profound importance in electronic commerce.