When someone hears Pretty Good Privacy or PGP, they usually think of detailed coding and complex encryption. It’s easy to get misguided when research is done on PGP. Popular on the dark net for encrypting sensitive data in the black marketplace, PGP is commonly used “below the surface”. Although it’s not necessary when off the dark web, PGP still can and should be utilized.
The target of PGP is encrypting and decrypting messages. In addition to the black marketplace, PGP is also used with email services, forums, and messaging platforms. Users can authenticate messages with a digital signature via the public key system.
Margaret Rouse, journalist at SearchSecurity, explains,
“PGP uses an efficient algorithm that generates a hash (a mathematical summary) from the user’s name and other signature information. This hash code is then encrypted with the sender’s private key. The receiver uses the sender’s public key to decrypt the hash code. If it matches the hash code sent as the digital signature for the message, the receiver is sure that the message has arrived securely from the stated sender.”
Translating to simpler terms, Rouse continues:
“Each user has an encryption key that is publicly known and a private key that is known only to that user. You encrypt a message you send to someone else using their public key. When they receive it, they decrypt it using their private key.”
Although PGP freeware is becoming harder to find, UNIX offers a version of it called GNU Privacy Assistant. Detailed guides can be found online on downloading and generating PGP keys using GNU Privacy Assistant. With a user-friendly interface and maximum security, this PGP freeware is easily a UNIX goldmine.
TIPS
- Use PGP when sending any sensitive data (names, addresses, etc.)
- Post your public key to any profiles you have
- Likewise, vendors will have their public key in their profile
- Do your research
