Authors: Brain Hart '99 and Chris Savarese


PGP: Pretty Good Privacy. In private-key cryptography one key is used by both parties. One problem with this kind of encryption is that if the key is intercepted, a third party could decrypt the messages. So, the idea of public-key cryptography was developed. Here's how it works...

Everyone has two keys: a public and a private key. When someone wants to send something to a recipient, they (the sender) encrypt it with the recipient's public key. Then the only way to decrypt it is with the recipient's private key. One of the other benefits to PGP is that it allows the sender to "sign" their messages. This proves that the message came from the sender and has not been altered in transport.

Based on this theory, PGP allows everyone to publicize their public keys, while keeping their private keys secret. The result is that anyone can encrypt a message to someone else, as long as they have that person's public key.

In actuality, PGP uses a seies of private key, public key and one-way hash functions to encrypt a message. A one-way hash function takes some plaintext and translates it into a specific hash. The hash is unique to the message (like a fingerprint is to a person). The hash is also non-reversable, hence the name one-way. Let's run through an example of what PGP does to encrypt and decrypt an e-mail message. Our sender will be Chris and our receiver will be Brian.

Once Brian receives the message he can have PGP decrypt it. Here's what it would do:

Note: While we have used RSA,DES and MD5 in our example (that is what PGP uses) other similar algorithms could be used in their place. It is the combination of these three functions that makes PGP so strong. Remember, however, that the overall security of the method you choose is only as good as the weakest encryption method you choose to substitute for the three forms in the above example.

For Further Study and Enjoyment

  • For more information on PGP and instructions for downloading a program for PGP encryption and decryption see the PGP Web Site at MIT.

  • Information for this page was obtained from E-Mail Security: How to Keep your Electronic Messages Private by Bruce Schneier; John Wiley & Sons, Inc. 1995.