PGP encryption is a method to secure your email communication.
I will cover this topic in two parts. In the first part I will tell how PGP works and in the second part we will see how you can use it in practice.
Imagine that a person Awants to communicate safely via email with a person B. They want to make sure that nobody apart from both of them can read the content of their mails. Nobody unauthorized like a government their ISP maybe their phone company any hackers out there.
Google for that matter, Microsoft and so on forth. luckily for both of them is free technology called PGP encryption that would allow them to do just that. So, lets see how PGP encryption works.
So to allow person B to write back to her person A has a great idea. She decided to buy a padlock and as you know pad locks come with a specific key.
It is presumably the only key in the world that can open this particular padlock. In PGP encryption jargon, this is called key pair. The padlock is known as the public key.
Although key here is a bit of misnomer but it should be understood as the padlock is called the public key and the key itself is called private key.
Person A then decides to send her public key to person B so that person B can write a letter or put whatever content he wants to send back to person A into box lock that box with the padlock belonging to A, and send it back to her via the internet in a safe way.
The same way works the other way around, if person B wants person A to write back to him. He needs to acquire padlock that he alone has the key to unlock.
He then sends that padlock to person A and person A puts whatever content she wants to send back to person B into a box that she locks down with the padlock belonging to B before sending the whole thing via the internet.
Now provided that A’s computer and B’s computer are not infected. In other words, there is nobody looking over their shoulder for anybody standing in the middle. They can still know that A and B are communicating.
But they cannot possibly know what they are communicating about unless they have the private key of either A or B. So, it is very important for both A and B to keep their private key safe that they don’t share it publicly.
The public key on the other hand needs to be shared widely as we saw person A needed to share her public key or padlock with person B before she could receive an encrypted email from person D.
But what if someone in the public wants to write an encrypted email to A, maybe person A doesn’t know who the person is. Maybe person A is a journalist and she’s hoping that a source might want to write something important back to her.
So, she needs to find a way to publicize her public key. in order to do so the person A needs to do two things. First of all she needs to publish her public key in to what is known as public key repositories or key serves.
These are online databases that are maintained by a couple of organization that people can consult and then they can search for the person A’s key and then write and encrypt to the email back to her.
Now you may ask yourself, what if someone tries to impersonate person A. Couldn’t they publish a fake padlock or fake public key to one of those online P servers. That is indeed a possibility. That is why it is not enough to publish your public key into one of those online key servers.
It is very wise to also offer a way for the public to verify that you are the real holder of the public key and that you are the only person with the private key capable of unlocking any email that has been encrypted using that particular public key and there are many ways to do so.
One of them would be to identify your public key in your email signature. Another way would be to publicize your public key on to your website, or to identify your public key in your social media, bio or to also identify your public key on your business card.
So, this is what PGP encryption is. Even though it sounds bit complicated, it is not that complicated.