PGP Key Server

What is PGP?

PGP stands for “Pretty Good Privacy.” It is an encryption method created by developer Phil Zimmerman in 1991 to secure email messages. It works with a pair of keys. The keys are very large prime numbers that you create using a passphrase. The passphrase should be as long as you can possibly make it and still remember it. There is a public and a private key. Only when both keys are entered, can the encrypted document be opened.

How It Works

There is a public key, maintained on a keyserver, that the sender uses to encrypt the email message being sent. The server is also called a “certificate server.” The receiver enters their passphrase and their private, asymmetric key to unlock the message. The combination of the public and private data forms one symmetric encryption.

Cost

It’s FREE! And it’s open source, making the entire source code available to you to create your own, modified version.

How Secure Is Free Software?

It has been called “the closest you can get to military-grade security” by Applied Cryptography author, Bruce Schneier. The public portion of the message is available to everyone. You don’t have to worry about protecting it. In fact, you should distribute it to everyone who would need to send you encrypted messages.

The private portion, needed to make one symmetrical decryption, is stored on your computer. It is also encrypted just in case anyone goes searching around on your computer. Even the sender cannot decrypt the message he just sent you after he encrypts it. You are the one and only person capable of opening that secure message.

Problems

Nothing is perfect. The software had some issues with deleting public keys that were no longer in use for various reasons. The PGP Global Directory handles validating and renewing public keys that are uploaded. So, if you don’t wish to use your public key any longer because you forgot your passphrase, the old one will expire and you may upload a new one in the Global Directory.

If sending international messages, it is good to know the encryption policies of the country with whom you’re corresponding. Zimmerman got into some legal trouble when developers outside the U.S. began using PGP. Within the U.S., most encryption is safe and legal.