he asymmetric encryption of the session key is usually done through the use of the RSA algorithm. Many other encryption systems use RSA, including the Transport Layer Security (TLS) protocol that secures a great portion of the Internet.
Once the message's ciphertext and the encrypted session key are transmitted, Bob can use his private key (3) to decrypt the session key, which is then used to decrypt the ciphertext back into the original plaintext.
Aside from the basic process of encryption and decryption, PGP also supports digital signatures - which serve at least three functions:
Authentication: Bob can verify that the sender of the message was Alice.
Integrity: Bob can be sure that the message wasn’t altered.
Non-repudiation: after the message is digitally signed, Alice cannot claim she didn’t send it.
One of the most common uses for PGP is to secure emails. An email that is protected with PGP is turned into a string of characters that are unreadable (ciphertext) and can only be deciphered with the corresponding decryption key. The working mechanisms are practically the same for securing text messages, and there are also some software applications that allow PGP to be implemented on top of other Apps, effectively adding an encryption system to non-secured messaging services.
Although PGP is mostly used to secure internet communications, it can also be applied to encrypt individual devices. In this context, PGP may be applied to disk partitions of a computer or mobile device. By encrypting the hard disk, the user will be required to provide a password every time the system boots up.
Advantages and disadvantages
Thanks to its combined use of symmetric and asymmetric encryption, PGP allows users to securely share information and cryptographic keys through the Internet. As a hybrid system, PGP benefits from both the security of asymmetric cryptography and the speed of symmetric encryption. In addition to security and speed, digital signatures ensure the integrity of the data and authenticity of the sender.