kids encyclopedia robot

Pretty Good Privacy facts for kids

Kids Encyclopedia Facts
Quick facts for kids
Pretty Good Privacy
Original author(s)
  • Phil Zimmermann
  • PGP Inc.
  • Network Associates
Developer(s) Broadcom Inc.
Initial release 1991; 34 years ago (1991)
Stable release
11.4.0 Maintenance Pack 2 / May 23, 2023; 2 years ago (2023-05-23)
Written in C
Operating system macOS, Windows
Standard(s)
  • OpenPGP: RFC 4880, 5581, 6637
  • PGP/MIME: RFC 2015, 3156
Type Encryption software
License Commercial proprietary software

Pretty Good Privacy (PGP) is a special computer program that helps keep your digital messages and files private and secure. Think of it like a secret code machine for your computer. PGP is used to sign, encrypt (scramble), and decrypt (unscramble) texts, emails, and files. It makes sure that only the right person can read your messages and that they haven't been changed. Phil Zimmermann created PGP in 1991.

PGP and similar programs follow a set of rules called the OpenPGP standard. This standard helps different encryption programs work together. So, a message encrypted with one OpenPGP program can be decrypted by another.

How PGP Works

PGP diagram
How PGP encryption works visually

PGP uses a clever mix of different secret coding methods to protect your information. It uses something called public-key cryptography. Imagine everyone has two keys: a public key that they share with everyone, and a private key that they keep secret.

  • When you want to send a secret message to someone, you use their public key to lock the message.
  • Only their private key can unlock that message. This way, even if someone else gets the locked message, they can't read it.

Each public key is linked to a username or an email address.

PGP Fingerprint

A PGP fingerprint is like a short nickname for a public key. It's a small string of letters and numbers, like C3A6 5E46 7B54 77DF 3C4C 9790 4D22 B3CA 5B32 FF66. You can use this fingerprint to check if a public key is the correct one. People sometimes print their fingerprints on business cards!

Keeping Messages Secret

PGP can send messages so that only the intended person can read them. It does this by combining two types of encryption:

  • Symmetric-key encryption: This uses one key to both lock and unlock the message. PGP creates a new, temporary symmetric key for each message.
  • Public-key encryption: PGP then uses the receiver's public key to encrypt this temporary symmetric key.

So, the message is locked with the temporary key, and the temporary key is locked with the receiver's public key. Only the receiver's private key can unlock the temporary key, which then unlocks the message. This makes sure your message stays private!

Digital Signatures

PGP can also prove who sent a message and that it hasn't been changed. This is called a digital signature.

  • The sender uses PGP to create a unique digital signature for their message. This signature is made using their private key.
  • When you receive a message with a digital signature, you can use the sender's public key to check if the signature is real.
  • If the message has been changed even a little bit, the signature check will fail, letting you know it's not the original.

Web of Trust

When you use PGP, it's important to be sure that the public key you're using really belongs to the person you think it does. PGP has a system called the "web of trust."

  • In this system, people can digitally sign each other's public keys. This means they are saying, "I trust that this public key belongs to this person."
  • Over time, a network of trusted connections forms. If you trust someone, and they trust someone else, you might also trust that other person's key.
  • This idea was first explained by Phil Zimmermann in 1992. It's a way for people to build trust in a decentralized way, rather than relying on one central authority.

Certificates

PGP uses public key certificates to link a public key to a person's identity. These certificates are also protected so you can tell if they've been tampered with.

  • If someone loses their private key or it gets stolen, they can revoke their public key certificate. This tells everyone that the old key should no longer be trusted.
  • PGP also lets you set expiration dates for certificates.

The challenge of knowing for sure that a public key belongs to the right person is something all encryption systems face. PGP's original system lets users decide how much they want to trust others' endorsements.

Security Quality

As far as we know, PGP encryption is very strong and hard to break using normal computer methods. In 1995, a famous expert named Bruce Schneier said an early version was "the closest you're likely to get to military-grade encryption."

  • PGP's strength comes from using very strong mathematical algorithms (secret codes) that are difficult to crack.
  • Newer versions of PGP are released regularly to fix any newly found issues and keep it secure.
  • While PGP is very secure, no software is perfect. Sometimes, attackers might try to get your keys or passwords in other ways, like by installing harmful software on your computer.

In 2003, Italian police and the FBI could not decrypt PGP-encrypted files found on devices belonging to members of the Red Brigades, showing its strength. In the UK, police have sometimes had to use laws to demand passwords from people who encrypted files with PGP, because they couldn't break the encryption themselves.

History of PGP

Early Days

Phil Zimmermann created the first version of PGP in 1991. He named it "Pretty Good Privacy" after a fictional grocery store mentioned on a radio show.

  • Zimmermann was an activist who wanted to help people communicate securely. He made PGP free for personal use and included its full source code.
  • He released PGP by sending it to friends who uploaded it to early internet systems like bulletin board systems (BBSs) and Usenet newsgroups. He even tried to mark it "US only," but learned that the internet quickly spread it everywhere!
  • PGP quickly became popular worldwide, especially among people who wanted to protect their privacy, like dissidents in countries with strict governments.

PGP 3 and PGP Inc.

After some legal challenges related to encryption, Zimmermann and his team worked on a new version called PGP 3. This version had better security and used new, patent-free encryption methods.

  • In 1996, Zimmermann and his team started a company called PGP Inc. to develop new versions of PGP.
  • PGP 3 was later renamed PGP 5 and released in 1997. Unlike earlier versions, PGP 5 could be used with graphical interfaces, making it easier for people to use.

Changes in Ownership

Over the years, PGP changed hands several times:

  • In 1997, PGP Inc. was bought by a company called Network Associates, Inc. (NAI). Under NAI, PGP added features like disk encryption.
  • In 2001, Phil Zimmermann left NAI. NAI later decided to sell most of its PGP products.
  • In 2002, some former PGP team members formed a new company called PGP Corporation. They bought back most of the PGP products from NAI. Phil Zimmermann became an advisor to this new company.
  • PGP Corporation developed new products, including PGP Universal Server, which helped manage encryption for businesses.
  • In 2010, Symantec Corp. bought PGP Corporation. PGP products became part of Symantec's security offerings.
  • In 2019, Broadcom Inc. acquired Symantec's enterprise security division, which included PGP.

PGP Encryption Applications

PGP started as a tool for encrypting emails, but it has grown into a set of tools that can protect many types of information.

  • PGP applications can encrypt emails and attachments, create digital signatures, encrypt entire computer disks, and secure individual files and folders.
  • They can also protect instant messages and help with secure file transfers.
  • Newer versions of PGP software are designed to work automatically, making it easier for users to keep their data secure without needing to be encryption experts.
  • Today, products like Symantec Encryption Desktop and Symantec Encryption Management Server continue the legacy of PGP.

OpenPGP Standard

Because PGP became so important, many people wanted to create their own software that could work with it.

  • In 1997, PGP Inc. suggested to the IETF (Internet Engineering Task Force) that there should be an open standard called OpenPGP. This would allow any program that followed the rules to work with PGP.
  • The IETF agreed, and the OpenPGP standard was created. It's still being updated today to include new and stronger encryption methods.
  • OpenPGP helps ensure that files and messages can be delivered securely and that you can verify who sent them. Many email programs now use OpenPGP to provide secure communication.

OpenPGP Programs

The Free Software Foundation developed its own OpenPGP-compatible software called GNU Privacy Guard (GnuPG). It's free to use and its source code is available for anyone to see. Many other programs also work with OpenPGP.

Limitations

While PGP and OpenPGP are very strong, some experts have pointed out areas where they could be improved:

  • PGP public keys can be quite long.
  • It can be difficult for some users to understand and use PGP.
  • Some older versions might use less strong encryption methods by default.

See also

Kids robot.svg In Spanish: Pretty Good Privacy para niños

  • Electronic envelope
  • Email encryption
  • Email privacy
  • GNU Privacy Guard
  • Key server (cryptographic)
  • PGP word list
  • Privacy
  • Public-key cryptography
  • S/MIME
kids search engine
Pretty Good Privacy Facts for Kids. Kiddle Encyclopedia.