PGP stands for Pretty Good Privacy. It is an encryption software designed to provide privacy, security, and authentication for online communication systems. Phil Zimmerman is the name behind the first PGP program, and according to him, it was made freely available due to the growing social demand for privacy.
Since its creation in 1991, many versions of PGP software were created. In 1997, Phil Zimmerman made a proposal to the Internet Engineering Task Force (IETF) for the creation of an open-source PGP standard. The proposal was accepted and led to the creation of the OpenPGP protocol, which defines standards formats for encryption keys and messages.
Although initially used only for securing email messages and attachments, PGP is now applied to a wide range of use cases, including digital signatures, full disk encryption, and network protection.
PGP was initially owned by the company PGP Inc, which was later acquired by Network Associates Inc. In 2010, Symantec Corp. acquired PGP for $300 million, and the term is now a trademark used for their OpenPGP-compliant products.
How does it work?
PGP is among the first widely available software to implement public key cryptography. It is a hybrid cryptosystem that uses both symmetric and asymmetric encryption to achieve a high level of security.
In a basic process of text encryption, a plaintext (data that can be clearly understood) is converted into ciphertext (unreadable data). But before the process of encryption takes place, most PGP systems perform data compression. By compressing plaintext files prior to transmitting them, PGP saves both disk space and transmission time - while also improving security.
Following the file compression, the actual process of encryption begins. At this stage, the compressed plaintext file is encrypted with a single-use key, which is known as the session key. This key is randomly generated through the use of symmetric cryptography, and each PGP communication session has a unique session key.
Next, the session key (1) itself is encrypted using asymmetric encryption: the intended receiver (Bob) provides his public key (2) to the sender of the message (Alice) so that she can encrypt the session key. This step allows Alice to safely share the session key with Bob through the Internet, regardless of security conditions.