In the mid-2010s, it was common for journalists to put links to their public PGP keys on their Twitter profiles so that potential whistleblowers could securely contact them. In fact, when Edward Snowden wanted to contact filmmaker Laura Poitras, he started by looking for her public PGP key, as described in Wired.com.
Today PGP is less commonly used, but some companies and individuals prefer using it to keep emails and file transfers secure.
What is PGP?
PGP stands for “Pretty Good Privacy” and it’s an encryption system that encrypts files and emails while they’re being sent. PGP was invented by Phil Zimmermann in 1991 and is now owned by NortonLifeLock, formerly known as Symantec Corporation.
How does PGP work?
To explain how PGP encryption works, let’s use the example of two users: User A and User B. User A wants to send a file to User B.
1. Before receiving an encrypted file from User A, User B needs to generate a public key and a private key. The public key can be shared with anyone, but User B shouldn’t share their private key with anyone else.
2. User B sends User A their public key. User A encrypts the file with User B’s public key and sends it to User B.
3. PGP generates a random session key, which is a large number that cannot be guessed and is only used for that session.
4. The session key is encrypted using User B’s public key. The session key is encrypted so that if anyone intercepts the message, they can’t see what the session key is and use that information to “listen in.”
5. User B decrypts the encrypted PGP session key with their private key.
6. Now that the session key is decrypted, User B can decrypt the actual message.
How do I encrypt a file with a PGP key and send it?
In Thru’s cloud managed file transfer (MFT) solution, each organization can import and manage their own public PGP keys. You can use PGP keys in whatever workflows you want. Only organizations that are added to those workflows can see the public keys.
What are the differences between PGP and OpenPGP?
OpenPGP was invented by Phil Zimmermann and is derived from PGP, but it isn’t the same thing as PGP. There are two main differences:
- Who owns them
PGP is currently owned by NortonLifeLock, but OpenPGP is an open-source product that no company officially owns.
- Legal rights
Because NortonLifeLock bought PGP, it has the right to limit who can use the term “PGP” and where.
In contrast, OpenPGP is more easily available for technology companies and others to use. By using OpenPGP as a template, technology companies can “make and sell PGP-compatible solutions,” according to Cyber Defense Magazine.
Beyond PGP Encryption: Full File Transfer Security
Encryption is only part of what you need to keep file transfers secure. By providing multiple authentication options and real-time monitoring capabilities, Thru keeps your files protected from end to end.