PGP - Pretty Good Privacy

Introduction to PGP

PGP (Pretty Good Privacy) is a cryptosystem (encryption system) that was invented by Philip Zimmermann, a computer analyst. From 1984 to 1991, Philip Zimmermann worked on a program that made it possible to run RSA on personal computers (PGP).

However, given that he was using RSA without the authorization of its authors, this cost him 3 years of criminal trials; as a result, since 1993, the program has sold for approximately $150.

It is extremely fast and reliable, which makes it almost impossible to cryptanalyze.

The principle of PGP

PGP is a hybrid cryptography system that uses a combination of functions taken from public-key cryptography and symmetric cryptography.

When a user encrypts a text with PGP, the data are first compressed. This data compression makes it possible to reduce transmission time via any communication channel, save disk space and, most importantly, increase cryptographic security.

Most cryptanalysts exploit models found in plaintext to break the encryption. Compression reduces these models in plaintext, therefore considerably improving resistance to cryptanalysis.

Encryption then primarily takes place in two phases:

  • PGP randomly creates a secret IDEA key and encrypts the data with this key
  • PGP encrypts the secret IDEA key and sends it using the recipient's RSA public key.
Decryption also takes place in two phases:
  • PGP decrypts the secret IDEA key using the RSA private key.
  • PGP decrypts the data with the previously obtained secret IDEA key.

This encryption method combines the easy use of public-key encryption with the speed of conventional encryption. Conventional encryption is approximately 1,000 times faster than public-key encryption algorithms. Public-key encryption resolves the problem of key distribution. Used together, these two methods improve the performance and management of keys without compromising security.

PGP's functions

PGP offers the following functions:

  • Digital signatures and verification of messages' integrity: function based on the simultaneous use of a hash function (MD5) and the RSA system. MD5 hashes the message and produces a 128-bit result that is then encrypted, thanks to RSA, by the sender's private key.
  • Local file encryption: function using IDEA.
  • Generation of public or private keys: each user encrypts his messages using IDEA private keys. The transfer of IDEA electronic keys uses the RSA system; PGP therefore offers key-generation devices adapted to this system. The size of RSA keys is proposed according to several security levels: 512, 768, 1024 or 1280 bits.
  • Key management: function responsible for distributing the user's public key to the correspondents wanting to send him encrypted messages.
  • Key certification: this function makes it possible to add a digital seal guaranteeing the authenticity of public keys. It is an original feature of PGP, which bases its trust on a notion of social proximity rather than on the central certification authority.
  • Revoking, disabling, registering of keys: function that makes it possible to produce revocation certificates.

The format of PGP certificates

A PGP certificate includes the following information, among others:

  • The PGP version number: identifies the PGP version used to create the key associated with the certificate.
  • The certificate owner's public key: public part of your pair of keys combined with the key's algorithm, whether RSA, DH (Diffie-Hellman) or DSA (Digital Signature Algorithm).
  • The certificate owner's information: this includes information related to the user's "identity", such as his name, user ID, photograph, etc.
  • The certificate owner's digital signature: also called an auto-signature, this is the signature made with the private key corresponding to the public key associated with the certificate.
  • The certificate's validity period: the certificate's starting and expiration dates/times. Indicates the certificate's expiration date.
  • The preferred symmetric encryption algorithm for the key: indicates the encryption algorithm the certificate's owner prefers to apply to information encryption. The possible algorithms are CAST, IDEA and triple DES

The fact that one certificate can contain several signatures is one of the unique aspects of the format of PGP certificates. Several people can sign the key/identification pair to confidently certify that the public key belongs to the specified owner. Some PGP certificates are made of a public key with several names, each offering a different way to identify the key's owner (for example, the name and company messaging account of the owner, the alias and personal messaging account of the owner, his photograph - all in one certificate).
In a certificate, a person must affirm that a public key and the name of the key's owner are associated. Anyone can validate PGP certificates. X.509 certificates always have to be validated by a certification authority or a person appointed by the CA. PGP certificates also use a hierarchical structure with the help of a CA to validate certificates.

There are several differences between an X.509 certificate and a PGP certificate. The most important of these are laid out below:
To create your own PGP certificate, you need to ask for an X.509 certificate to be issued by a certification authority and obtain it;

  • X.509 certificates use just one name for the key's owner;
  • X.509 certificates use just one digital signature to certify the key's validity;

PGP reliability models

In general, the CA (Certification authority) has complete trust to establish certificates' validity and carry out the manual validation process. But it is difficult to establish a trust relationship with people not explicitly considered as reliable by your CA.
In a PGP environment, any user can act as a certification authority. He can therefore validate another PGP user's public key certificate. However, such a certificate may not be considered valid by another user unless a third party recognizes the person who validated the certificate as a reliable correspondent. That is, if they respect for example my opinion that says that other people's keys are correct only if I am considered to be a reliable correspondent. Otherwise, my opinion concerning the validity of other keys is subject to controversy.

Let's suppose, for example, that your set of keys contains Alice's key. You have validated it and, to show this, you sign it. Furthermore, you know Alice is very fussy when it comes to the validation of other users' keys. As a result, you assign her key full reliability. Alice therefore becomes a certification authority. If she signs another user's key, this key appears as valid on your set of keys.

PGP certificate revocation

Only the certificate's owner (the owner of its corresponding private key) or another user, appointed revocation authority by the certificate's owner, has the possibility of revoking a PGP certificate. Naming a revocation authority is useful, since certificates are often revoked by PGP users because the corresponding private key' s complex password has been lost. Yet this procedure can be performed only if the private key can be accessed. An X.509 certificate can be revoked only by its issuer.

When a certificate is revoked, its potential users need to be notified. To announce the revocation of PGP certificates, the usual method involves placing this information on a certificate server. This way, users wanting to communicate with you are warned not to use this public key.

Article written by Sylvain Lorin
Source:, an excellent reference

Ask a question
CCM is a leading international tech website. Our content is written in collaboration with IT experts, under the direction of Jean-François Pillou, founder of CCM reaches more than 50 million unique visitors per month and is available in 11 languages.
This document, titled « PGP - Pretty Good Privacy », is available under the Creative Commons license. Any copy, reuse, or modification of the content should be sufficiently credited to CCM (