What is PGP in information security?

PGP stands for Pretty Good Privacy. It is an encryption program that uses cryptographic privacy and authentication to online communications. PGP is most generally used for maintaining contents of emails encrypted and private. PGP is accessible as a plugin for some e-mail clients, including Claris Emailer, Microsoft Outlook/Outlook Express, and Qualcomm Eudora.

PGP needs a digital signature to support integrity, authentication, and nonrepudiation. PGP uses a set of secret key encryption and public key encryption to support privacy. Hence, it can say that the digital signature needs one hash function, one secret key, and two private-public key pairs.

PGP can be used to sign or encrypt e-mail messages with the simple click of the mouse. It is based upon the version of PGP. The software needs SHA or MD5 for computing the message hash such as CAST, Triple-DES, or IDEA for encryption and RSA or DSS/Diffie-Hellman for key exchange and digital signatures.

When PGP is first set up, the user has to make a key-pair. One key, the public key, can be broadcasted and widely circulated. The private key is secured by use of a passphrase. The passphrase has to be entered each time the user accesses their private key.

In PGP, this message will not be maintain secret from an eavesdropper, but a recipient can be guaranteed that the message has not been changed from what the sender transmitted. In this example, the sender signs the message utilizing their own private key. The receiver needs the sender’s public key to test the signature and the public key is taken from the receiver’s keyring depends on the sender’s e-mail address.

There are multiple reasons that PGP is widely used −

  • It is available free global in versions that run on some multiple platforms, Windows, UNIX, Mac etc. Furthermore the commercial version satisfies those who require vendor support.

  • It is based on algorithms that have keep broad public review and are considered secure. Particularly, the package contains RSA, DSS and DiffieHellman for public-key encryptions such as CAST-128, IDEA, and 3DES for symmetric encryption and SHA-1 for hash coding.

  • It has a broad range of applicability, from corporations that need to select and enforce a standardised scheme for encrypting documents and messages to individuals who want to communicate securely with others worldwide over the Internet.

  • It was not produced by, nor is it managed by, any government or standards organisation. For those with an inherent distrust of “the establishment”, this creates PGP attractive. In the last few years commercial versions have become applicable.

  • PGP is on an Internet standards track (RFC 3156). PGP has an aspect of an antiestablishment endeavor.