What is PGP?

[Agent-X]

Ok, I've read the wikipedia article on PGP.

Maybe I'm dense, but could someone break down what exactly this PGP security stuff is about? I've read it over a couple of times, and I still don't get it. It looks like people think it's secure, but I can imagine it's possibility for reverse engineering. The first thing to come to mind is how people cracked algorithms to figure out how credit card numbers were created. The first time I saw stuff like that was mid-90s, so I don't really think/feel this PGP thing is that secure.

Still, I don't fully understand the wiki article.

[MikeTbob]

Basically, PGP is just software that encrypts (Hides) information that you don't want other people to see.
For example, If I wanted to send you some files that were very important and I don't want anyone but you to be able to read those files, I would use PGP to encrypt that software so only the person (you) who has my PGP key can view it.

[Agent-X]

What if it were an .exe or a bunch of files in a .tar.gz? Would they simply be apparent as those type of files after being decrypted? And what about after encryption? What kind of file format would they appear as?

Ok, I think I get this now.

[MikeTbob]

I haven't ever really used PGP, but I have messed with it just to see what it does. I guess to answer your questions, you'd need to download it and play around with it. I would imagine that you can use PGP to encrypt just about anything.

[bigtomrodney]

PGP, or its open source equivalent GPG can do several things. It can create an encrypted archive, it can create an encrypted volume that can be mounted like a drive or you can use it for creating digests/checksums for integrity.

Of course no encryption is perfect, they're just a matter delaying the inevitable. The main thing is that you decide/generate the key for the encryption so someone would have to target you to get your data. Just remember....PGP stands for Pretty Good Privacy, not Perfect Privacy

[elija]

PGP Is a public / private key pair encryption method. I suspect that it is not perfect after all any encryption can be brute forced if enough processing power is thrown at it. When something is encrypted with PGP, you get a file with what appears to be random gibberish in it which, when decrypted reveals the original contents.

Now with all Public / Private key encryption there are two ways of encrypting. (I assume for simplicity that brute force is not an option in these examples)

1. I encrypt something with your public key. The only way to decrypt this is with your private key. This gives privacy of information.

2. You encrypt something with your private key. This can only be decrypted with your public key. This doesn't give privacy of information but does give guarantee of the senders identity; this is called a digital signature.

What if you want privacy and identity? Simply encypt with the recipients public key and then with your private key.

Two of the features of any good PPK encryption method are that

1. The encrypted data in no way hints as to the keys
2. Having one key in no way helps you reverse engineer the other key.

[Cabhan]

The thing to remember is that PGP doesn't care about what your file format is. It just gets a bunch of bytes (basically numbers), and does crazy mathematical transformations on them.

The cool thing about public key encryption, in addition to the excellent summary that elija gave, is that cracking public-key encryption is REALLY REALLY hard. Basically, I have published my public key. My public key is based on a number PQ. My private key is based on a number (P-1)(Q-1). If I knew P and Q, I could figure out your private key. But I don't. I only know their product.

Well, P and Q are both prime numbers on an enormous scale. On the scale of 2^1024. Each. You have no idea how big that number is. That is roughly equivalent to 10^308. There are 10^80 atoms in the known universe. That is a HUGE number.

Well, I could try to prime factorize your PQ, but prime factorization is HARD. And I mean HARD in the computational sense. As in, there is no known efficient way of doing this. And going through 2^1024 numbers would take longer than the lifespan of our universe.

So basically, the security of public-key cryptography relies on no mathematician figuring out an efficient way of doing prime number factorization. Makes you feel all warm and fuzzy, huh?

[MikeTbob]

Makes you feel all warm and fuzzy, huh?

Heh, more like dizzy and confused!