Intro to PGP
I’m going to skip all the reasons why you should encrypt your communications, since they’re self-evident. This is a high-level concept explanation post about Pretty Good Privacy, a system for encrypting computer files.
Imagine you have a box of padlocks all keyed to a master key, with your name etched on the lock’s face. You put them in a box labeled “Free Padlocks!” People come and take them, then use them to secure things. As you go about town you can tell what people have secured because you see your name on the padlock. You open one with your master key. In it you find a message.
I too have a box of free padlocks. Here is one of them. Use it to lock up a box that you want to be opened only by me. – X
You and your friend can now exchange items in a box with your shared locks.
PGP works the same way. You publish a public key (the padlock) that people can use to encode messages to you. They then send you the message, which only you can decode with your private key (the master key). The system is secure as long as the private key remains in just your control. Once it gets out, you must assume that anything encoded with the matching public key is compromised.
Each key pair is matched to an email address. The public key does not need a password in order to encrypt, but the private key needs a password in order to decrypt.
- PGP Corporation – current owners of the software, most recent version is 10.1. Trialware, but I think you can still decrypt files once it expires.
- User manuals and source code for above
- GNU Privacy Guard – an open source implementation of PGP
- PGP 6.5.8 – old, free, fully functional version. There are reports of compatibility issues, but I’ve not run across any myself.