PGP 101

What is PGP?

PGP stands for Pretty Good Privacy, but the protection it provides is actually very good. It is a method of encryption (scrambling a message so that only the intended parties can read it). PGP is often used to securely send texts, emails, and files.

Why Would I want to Use Encryption?

Encryption, especially in recent news, is often framed as something only criminals use to hide nefarious activity from authorities. But that isn't true. Encryption is used by governments, banks, hospitals, businesses, and individuals every day to send and store private information. Governments use encryption so that hackers can't monitor communication between diplomats. Banks use encryption so that attackers can't steal your money. Hospitals use encryption to keep patient records private. You get the idea.

So, why would you, specifically, want to use encryption? As computers and smart phones appear in more places in your life, more of your data and data about you is being transmitted and stored. In a perfect world this wouldn't be a problem. Unfortunately, however, it is not. Be it identity thieves looking for bank info and passwords, hackers trying to read your email, or government surveillance, there are plenty of people interested in your information. Even if you are diligent about deleting texts and emails and not letting anyone have access to your phone, networks today work in such a way that your messages may still be stored on a server somewhere else without your knowledge or control. In this case, the safety of your information is out of your hands. You may not be a target for hacking, and your home internet connection may not be a target for hacking, but your email provider's servers might be; and that is a problem if copies of your emails are still there.

In all the above cases, encryption provides an extra layer of security, no matter where your data ends up. Even if your data fell into the wrong hands, the only thing the attacker would be able to see is a bunch of scrambled data.

How Does PGP Work?

PGP relies on keys, which are like really long randomly generated passwords, to encrypt (scramble) and decrypt (unscramble) messages. Every PGP user has 2 keys- a public key and a private key. Imagine this: You have a mailbox with a letter slot in the front that people use to deposit letters, and a door in the back that you use to get letters out. Both the slot and the door have different locks on them. You would give a copy of the key to the letter slot to anyone with whom you wanted to communicate. That way, they could deposit letters, but not access the other letters in your mailbox. You would, however, keep the key to the door to yourself. That way, only you could take the letters out and read them.

These mailbox keys are analogous to public and private keys in PGP. You send your public key (the key to the letter slot) to anyone with whom you want to communicate securely. You keep your private key (the key to the door) a secret, so that only you can read the messages. It is safe to distribute your public key because that key only allows someone to send messages, not read them. It is not safe to send your private key because anyone who has it can read all the messages you have received.

Okay, I understand the basic concept, but how do I actually use PGP?

GETTING STARTED

1. The first thing you need to do is download PGP Everywhere on your iOS device and generate a key. NOTE: When you create a set of keys, you will be asked for a passphrase. The passphrase is used to access your private key.

SENDING MESSAGES

1. Before you can begin sending encrypted messages with someone, you must exchange public keys.
2. You then type your message.
3. Finally, you sign* the message using your private key and encrypt the message for the recipients public key.

*We have not discussed signing yet. Just as encrypting the message assures the sender that the message can only be read by the intended recipient, signing a message assures the recipient that the message truly came from the sender.

RECIEVING MESSAGES

1. When you receive a message, you simply decrypt it. If the message includes a signature, the decryption process will also tell you whether or not the signature could be verified.