While we are talking about cryptocurrency trading , investments and blockchain, everything is clear for the average consumer, but why is PGP encryption here? The name itself is not very clear for an ordinary user, far from software tricks. The technical sound can even be intimidating. And in vain! Understanding the simplest principles of cryptography provides a certain basis for further understanding of the technologies that are popular today.
For offensive security it is very important to know PGP encryption.
Simply put, PGP encryption is a way to protect your information. So that no outsider can view or change it. This is working with keys and digital signatures that allow you to confirm ownership of data or protect it from prying eyes.
In this article, we will look at how it works, where you can apply a cryptographic tool, how to use it with PGP applications.
- How PGP encryption works
1.1. And the chest just opened: keys for secret locks
1.2. Digital signature: iron proof
1.3. Key pair: what could go wrong - Why the excellent PGP is not used by everyone
- Where encryption is used today and where it will be applied in the future
How PGP encryption works
Pretty Good Privacy, aka PGP, is a cryptographic program that allows you to encrypt information in such a way that no one else can read or change the data. In essence, it is a secure way of transferring files, guaranteeing complete and perfect secrecy.
If you are conducting private correspondence that is not intended for the eyes of friends, employees, the government, or evil spies (underline as appropriate), this solution will help to secure every letter in the message.
Another tasty feature of crypto is proof of ownership. Let’s say you made a document publicly available, but you want to be sure that no one will appropriate your work. PGP will do just that.
To understand exactly how this happens, let’s break down the complex into simple components.
And the chest just opened: keys for secret locks
How to make sure that information from character A gets to character B, but does not go to other letters of the alphabet? Everything is quite simple: you need to pack the message in a safe, the code to which two people know. The function of such a code in PGP is performed by keys.
The key is a large number. This is a VERY large number and occupies 1024 bits. The more symbols it contains, the more difficult it is to find an analogue, that is, to hack.
The scheme is simple: you create a message that appears to outsiders as a string of incomprehensible characters. But whoever has the key can decipher the data and understand what exactly you wanted to say with a set of numbers. Another question: if your correspondence can be intercepted, where is the guarantee that the transmitted key will not be intercepted?
And this is the right question to go further and consider the types and uses of keys. So, our “secret password” for PGP encoding can take two forms:
public key – one that falls into (you will not believe) public access and can be downloaded by anyone;
a private key is one that only the owner has and is never disclosed.
How does this key juggling work?
Technically it is difficult, but in essence it is elementary. Let’s say a public key is posted on the network, and you want to send a message to its creator. Using an encryption program, you send an encrypted message. It can only be decrypted by someone who has the private key. Everyone else who, like you, only owns the open, will see the same indistinct set of signs.
By the way, you can no longer read what you just sent – the message is already encrypted, and you cannot view it without the private key.
Digital signature: iron proof
Now let’s talk about authentication, which also involves keys. The main thing to learn is this:
What is encoded with a public key can only be decrypted by the owner of the private key, and vice versa – what is encoded with a private key is available to the owners of the public.
Therefore, if character A writes, for example, cool market research and shares it with the public key holders, everyone will know exactly who owns the text.
The digital signature works in the same way in the real world (at least they are trying to apply it, for example, in digital tax returns). It confirms authorship and protects the document (material) from reuse from someone else’s name, editing and appropriation.
The signature, as you can imagine, is tied to a private key. And if the verifying / studying material wants to verify the authorship, he can verify the authenticity of the document using the public key.
Key pair: what could go wrong
The main rule to learn to use PGP safely is: KEEP THE CLOSED KEY IN A SECURE PLACE. Such, as you understand, is not any third party, cloud storage or something that does not belong to you. If the key exists in one copy – on your PC – no one can pick it up without confiscating the computer itself (although, of course, you shouldn’t forget about the possibility of being hacked). So, if you want to use cryptographic programs and be sure of your security, transfer the key to a physical medium, for example, a notepad, which is stored in the top drawer of the desk.
Typing keys over and over to read a message is incredibly boring, but that comes at the price of security. Agree, not too high to refuse to pay it.
Okay, actually, you can do it easier. The private key is protected by an optional passphrase. This is a set of words that you enter to confirm the right to use the key. The longer your phrase, the better, and ideally use different case and punctuation marks. Such code is easy to remember (for example, if you use a favorite quote or a line from a song) and difficult to crack.
But what if the key was “taken away”? PGP programs allow you to revoke a key and signal that it can no longer be trusted. But this is little consolation for those who use digital signatures and are constantly in contact with the audience.
Why great PGP is not used by everyone
If PGP coding is so beautiful and useful, why isn’t everyone using it? – you ask. In fact, the answer is obvious. In order to encrypt something, you need to install the application, figure out how to use it, find people who will do about the same and will be able to decrypt this information.
Today, cool technology remains somewhere in the geeks’ zone, if only because the interface cannot be called user-friendly. Commands are given manually, written in the command line, they need to be memorized or always kept in front of the guide. Scripting is necessary for:
creating private and public keys (there is also a difference in generation);
add / remove / highlight a key;
creating a safe space on the hard disk for storing keys;
encoding messages for one or more recipients;
placing a signature in a message;
decryption of the received data.
A bit different from what a Windows or MacOS user is used to.
By the way, something like this keeps many “ordinary” users from using cryptocurrency. There you need to understand something in numbers, letters and commands. It’s great if the crypto wallet offers a clear interface and any process is automated. And if not? Few will climb into this jungle. Likewise with PGP – if you had to press the “encrypt” button before sending the message, and “decode” at the time of receipt, the application (and all its analogues) would have gained much more popularity.
Where encryption is used today and where it will be used in the future
As already mentioned, PGP encryption today is used mainly by individuals familiar with programming, and corporations to save information within the company. But given the actualization of the issue of digital security, cryptography will soon be applied more widely and, probably, automated.
Already, some email services (such as Mozilla Thunderbird) use additional message protection. True, for this you still have to install applications and customize them in every possible way. But with further optimization, we simply won’t notice how the coding is going on.
Yes, yes, we are all spoiled users who do not bother too much with questions “how and why this or that thing works”. What really matters to us is that it just works – efficiently and safely.
With the spread of crypto technologies and the expansion of the geography of their adoption, the likelihood of obtaining new security standards on the Internet increases significantly. It is worth remembering this when capturing the essence hidden behind the modern crypto-hype.
Crypto is not only about currencies and investments . This is about functionality, security, proof of ownership, freedom from intermediaries and much more.