Pretty Good Privacy - Strong Encryption Made Easy

An Introduction to PGP

by Edward Langenback

© 10/29/03

"If all the personal computers in the world - 260 million - were put to work on a single PGP-encrypted message, it would still take an estimated 12 million times the age of the universe, on average, to break a single message."

 - William Crowell, Deputy Director, National Security Agency, March 20, 1997.

"12 million times the age of the universe is an absurd, impossible to imagine figure. What it really means is that it would take an Impossibly long time."

 -Ed Langenback, October 31, 2003

The purpose of this series of articles is to guide the user who is new to PGP through the installation process and provide an example of how to use PGP. I will assume that the reader knows how to use WinZip or WinRar to open an archive and extract files. I'm not in any way trying to replace the PGP documentation, this is simply an installation walkthrough and intro to the basic use of PGP. I strongly recommend that all users read the PGP documentation for a more thorough understanding of encryption in general and this software in particular.

The instructions given here are for use with PGP version 6.5.8 from Network Associates. There are several other versions of PGP 6.5.8 available and the installation procedure should be similar, however I have not used those versions and so cannot guarantee this.

The first question that a lot of people have is "What is PGP?". Good question. PGP stands for "Pretty Good Privacy" and is a security program created by Phillip Zimmerman. PGP uses the concept of public and private key pair encryption. This means that any pgp key has two parts. One is a 'public' key that may be freely distributed to anyone. The other is the 'private' key that only the owner has. If you want to send a message that only Joe can read, you would encrypt it using Joe's public key. When his public key is used to encrypt a message, Joe's private key is required to decrypt it. Since that private key is kept in a secure place on his hard drive behind a firewall and is further protected by a passphrase that only he knows, this can make for very high security. Combine this with decent key sizes and sophisticated encryption algorithms and you have a publicly available to anyone software package that is capable of what is called "Strong" encryption, similar to what military and intelligence communities use.

Strong encryption means that a brute force attempt at breaking the encryption would take millions of years of computer time because of how long it takes to determine exactly which prime numbers are used in the keys. The math is entirely beyond the scope of this document but it is highly unlikely that the encryption will EVER be broken. As long as care is used in choosing and handling passphrases, pgp encrypted material is completely safe from prying eyes.

It is also useful for sending private information to more than one person. If, when the message or file is encrypted, the public keys of ALL recipients are used to encrypt it, then each of them can use their own private key to decrypt it. This way there is never any need to share a password to something or have more than one person use the same set of keys. All that is needed is for the sender to have the public keys for everyone who is supposed to receive the message or file.

For those who intend to use Jack B Nymble 2.14 Anonymous email software there are two versions of PGP that can be used. Versions 2.6.2 or 2.6.3i are older MS-DOS command line programs. They have the advantage of being smaller and a lot quicker to install. Because they are older, users are limited to RSA type key pairs and cannot process files encrypted and / or signed with the newer DH/DSS key pairs. Also, being a command line programs, they do not have a Graphic User Interface like most software does today. If a person is only going to use it for JBN2, then version 2.6.2 or 2.6.3i are totally acceptable, since JBN2 has features built in that allow it to use them as a utility sub-program.

Version 6.5.8 is a modern Windows 9.x package that features both RSA and DH/DSS key pairs and full integration into the Windows environment, making it instantly accessible. It can be used to sign and / or encrypt text or binary files, and also has a feature built in to allow interacting with public key servers. It too can be used by JBN2 in an almost completely transparent manner. In this series of articles I will concentrate on version 6.5.8 because of it's ease of use in so many applications in addition to JBN2.

With just a little practice, you will find that using PGP is really quite easy and the security that it makes available is more than worth the time to download it and learn how to use it.

Download and Install PGP
The hardest part is the download.

Create Your First Keys
Starting with a test key to practice with

Sharing Public Keys
Key Management

Signing Keys
The "Web of Trust"

Encrypt & Sign Text
Two of PGP's main functions
Some Usefull PGP related Links:

PGP-Basics - A Yahoo! group dedicated to helping people use PGP and GPG

Tom McCune's page for PGP

Imad's PGP Page

Philip Zimmerman's Home Page

The International PGP Home Page