PGP Desktop A Focus On Privacy and Authenticity Forrest Stroud
Pretty Good Privacy (PGP) has been the de facto standard for encrypting e-mail messages and desktop files ever since its introduction to the 'net in 1993. The client itself is based on an encryption technology known as public key cryptography which uses pairs of "keys" to maintain the security of data.
These keys are the digital codes that allow you to encrypt and decrypt the data contained in your messages and files. PGP creates a pair of keys for each user known as a public key and a private key. These two keys work together and represent the core technology behind the two major areas of protection that PGP focuses on — privacy and authenticity.
A Focus On Privacy
PGP first ensures the privacy of your information by encrypting your messages and enabling only the intended recipient (or recipients) the ability to read them. Your public key is given out to others so that they can send you encrypted messages, and in turn you receive the public keys of acquaintances so that you can send your own PGP-encrypted mail.
The second of the two keys, the private key, is used in conjunction with your public key to decipher incoming messages or desktop files that have been encrypted using PGP. And in order to decipher encrypted messages that you have sent to others, they will need to use their own private key in combination with the public key sent with your message.
A Focus On Authenticity
PGP also ensures the authenticity of your messages by verifying that a message received did indeed originate from the person claiming to have sent it and that the message has not been altered in any way during its delivery. When using PGP's authentication capabilities to send out your own authenticated messages, you use your private key to digitally sign the messages you send to others.
The recipient can then use their copy of your public key to determine if you really sent the e-mail and to ensure that it has not been modified during transit. And when someone sends you e-mail with their digital signature, you use a copy of their public key to verify the signature and to make sure that the message has not been tampered with.
