8/25/12

Pretty Good Privacy (PGP)

Written by Phil Zimmerman in 1991, Pretty Good Privacy (PGP) is an e-mail encryption scheme that has become a de facto standard.

Versions of PGP are available in the public domain; for example you can find the PGP software for your favorite platform as well as lots of interresting reading at the International PGP Home Page.

When PGP is installed, software creates a public key pair for the user. The public key can be posted on the user's Web site or placed in public key server. The private key is protected by the use of a password.

PGP gives the user option of digitally signing the message (for message authentication and message integrity), encrypting the message (confidentiality), or both digitally signing and encrypting.

PGP also provides a mechanism for public key certification, but the mechanism is quite different from the more conventional CA (Certification Authority). PGP public keys are certified by a web of trust. Users physically gather, exchange public keys, and certify each other keys by signing them with their private keys.

Although key-signing parties and PGP public key servers actually exist, by far the most common ways for users to distribute their public keys are by posting them on their personal Web pages and by advertising them in their e-mails.

No comments:

Post a Comment