8 March 2017

Pretty Good Privacy (PGP) basics

Email sent in plain text is about as secure as a pencilled postcard; it is susceptible to eavesdropping, falsification and fraudulent repudiation. Public key cryptography can protect against these risks.

Why using PGP is important

By default, Internet email is unencrypted. This means that email messages can be read and modified by anyone who has access to a network along the way.

We have taken precautions to encrypt our outbound email between the workstation from which it is sent and our email server. Similarly, our inbound email is encrypted between our email server and the workstation on which the message is read. Accordingly, our email environment is more secure than most.

However, it is beyond our control that email is likely to travel unencrypted between your mail server and ours. Unless you have taken steps similar to the ones mentioned above, email is also likely to travel unencrypted between your email server and your workstation. Because of this, we recommend that you use PGP end-to-end encryption, especially when sending non-public information.

About PGP

OpenPGP is the industry standard protocol for securing email. In order to use it, you need a locally installed copy of PGP or GnuPG. (Running the program on a remote machine is technically possible, but less secure.) For simplicity, in this document, I will refer to the entire system as PGP.

PGP is a public key infrastructure. This means that every user has one or more public keys, which can be freely distributed (public key servers make this particularly easy), as well as corresponding private keys, which must be kept secret.

PGP allows you to create your own keys, and back them up, as you deem necessary. Many other public key infrastructures ignore these important requirements of confidentiality and availability.

Basic PGP functions

Digital signing and verification

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

You can sign a message (using your private key) by having PGP create a
digital signature that corresponds to the message in question. When a
signature successfully verifies (using the sender's public key), you can
be sure that the message was signed with the key in question, and that it
has not been altered since.

Signatures are easy to apply to everyday email, even when one does not
know whether the recipient uses PGP. They are also used e.g. to protect
downloadable software from tampering, as well as for time stamping.

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBSewKhelROe8ye3NFEQL/cwCguiVgRYUm377ptsD6PfhKx077SQMAnj7p
gIBTnhZZ3jlTl7QqbEuFcZca
=Wg2v
-----END PGP SIGNATURE-----

Data encryption and decryption

PGP empowers you easily to encrypt a message with the recipient's public key, so that only someone who holds his or her private key can decrypt the message. This means that you can send non-public information in ordinary Internet email messages. For additional security, you should also sign your messages.

Key administration

Create, modify and revoke key pairs and signatures. Retrieve, sign, store and disseminate public keys.

The global PGP web of trust wants you!

Using PGP does not require that you pay or trust a commercial certificate authority such as VeriSign. Instead, the PGP community relies on a distributed model in which anyone can sign any key, but every user will decide whose signatures to trust.

In practice, you should sign the key of another user when (and only when) you have checked, first-hand, that the owner of that key is the person described by the user ID on the key. His or her key then becomes valid for you to use.

However, you might not be able to perform this kind of check personally on everyone to whom you send mail. This is where trust signatures come in – you can assign trust to keys you have signed so that your copy of PGP will consider keys signed by those users as valid as if you would have signed them yourself. To take the same concept a step further, you can also designate meta-introducers, who will be able to introduce new introducers. PGP keeps track of your signatures and calculates key validity and trust for you.