OpenPGP is an open standard for electronic cryptography and has been developed (still is based on) the former Pretty Good Privacy (PGP, now Symantec Encryption). Software based on OpenPGP is used to encrypt data, drives and emails. It may also be used to sign email and data. this leads to more security and privacy, especially with emails. Encrypted with OpenPGP, messages are prevented from being read by third parties while transmitted.

How it works

OpenPGP combines two different cryptographic algorithms, one for symmetric encryption and one for asymmetric encryption. Symmetric encryption utilizes a single key and has the big advantage that it is fast. Biggest disadvantage: All senders and receivers of the communication need the same key, which must be shared and may be stolen.

The asymmetric encryption uses a pair of two keys, generated together, bonded together and with different purposes. One part is called “private key” or “secret key“, the other one “public key”. A message like email or other data can only be decrypted with the private key while it will be encrypted with the public key. With this in mind it is possible to share the public key without any apprehensions.

The disadvantage of asymmetric encryption is that it is not that fast. This is the reason why in OpenPGP, both algorithms are combined. While the data itself is encrypted with the faster symmetric algorithm, the key to do so is computed with an asymmetric algorithm.

OpenPGP Applications

The two most important utilizations of OpenPGP are encrytion of data and of course encryption of emails. Thanks to the sophisticated algorithm, emails can be transferred securely. For most email clients there are AddIns available like gpg4o for Microsoft Outlook.

An other application is electronic signature. With an electronic signature you can prevent a mail from being manipulated. At least you can see whether the receiver has the original messages. In addition the receiver is able to check whether the message really was sent by the right person.

OpenPGP even is used in some Operating Systems to check the authenticity of software packages for updates or else. With such authentication you may prevent your system from being taken over by malware.