What is PGP?

If you’re looking for a pretty good encryption standard, there are worse places to start

Pretty Good Privacy (PGP) is a highly-secure method of encrypting text-based data used by businesses and organisations all over the globe. It combines different cryptographic protocols such as hashing, data compression, symmetric and asymmetric key cryptography to provide users with a fast and easy method of secure communication.

Each user has a 'private key' and a 'public key' and the interaction between the two forms the basis of the method's security. Private keys remain with the user only, forming the only part of the system that can verify a user's true identity. If anyone else has access to a private key, they can decrypt any communication intended to the rightful holder, rendering the communication channel compromised.

You can think of public keys as telephone numbers, something you can freely give out so people know how to contact you. When encrypting a message, a user must do so with the intended recipient's public key, like calling the right phone to reach the right person. You can think of the private key as the phone's password, only the person with the password can answer the phone.

Because the public key is linked to the recipient's private key, only that user can decrypt the message. You encrypt with the public key to ensure it gets to the right person and decrypt with a private key so only the right person can see it.

Pretty Good Privacy was developed by computer scientist Phil Zimmerman in 1991, who wanted to create an open source encryption platform that could be used by anyone across the world, without having to pay huge fees.

It's now owned by security giant Symantec Group, and it is the antivirus developer that now is responsible for updating PGP to ensure it's sufficient to protect email communications. The company has also developed an open source variant - OpenPGP, which is used alongside the licensed version.

What is PGP used for?

Although PGP was initially built to encrypt emails, this technology can be used to safeguard a range of communications from text messages to files. PGP can be applied in many ways, including boosting privacy as well as securing digital certificates.

There are a number of different standards in use, but the most widely-adopted is OpenPGP, an open-source iteration that bypasses the licence arrangements tied to PGP.

It’s predominately used to secure desktop apps and email clients such as Apple Mail and Microsoft Outlook. Google Chrome also offers extensions that allow users to apply the standard to web browsing.

How does PGP work?

This security tool works by adding layers of encryption onto text-based content to safeguard the content, and raise the level of privacy. 

PGP relies on strong cryptography that renders encrypted text impossible to decipher without the requisite tool, or key. When applied to email clients, for example, the message content is protected through the use of an encoding algorithm that garbles the text so it’d be impossible to read if intercepted by a third-party. 

Anybody hoping to read the text would need the key to unlock the code, but the key itself is often encrypted as well. Both are sent to the recipient of the message, so it can be read as normal once opened. The key and message are deciphered through the recipient’s email application, through the use of a private key, almost instantly once it’s sent.

Related Resource

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

How to manage security risk and compliance - whitepaperDownload now

Is PGP secure?

There has been some controversy over how secure PGP is. In 2011, researchers discovered that short encryption keys (32-bit or smaller) were unsafe to the extent some claimed they in effect offered no security at all.

This is because, with modern GPUs, it's easy for hackers to come up with a "colliding" (i.e. matching) key ID if the key in question is short. This doesn't mean PGP is fatally flawed, though - it just means a long key (greater than 32-bit) must always be used. If it is, then PGP works as intended and is secure - for now at least.

Most recently, hackers have discovered a hugely significant flaw in OpenPGP, the open-source variant of Symantec's licensed version. The flaw has been known to developers for over a decade and it could mean the end for the technology, according to those who built it. Hackers have found a way to flood keys with a huge amount of unnecessary data which will break the program (GnuPG) needed to use the technology.

"This is a mess, and it's a mess a long time coming," said Daniel Kahn Gillmor, a lead developer of OpenPGP. "The parts of the OpenPGP ecosystem that rely on the naive assumptions of the SKS keyserver can no longer be relied on, because people are deliberately abusing those keyservers. We need significantly more defensive programming, and a better set of protocols for thinking about how and when to retrieve OpenPGP certificates."

Nevertheless, the licensed version of PGP is still a secure method of communications that you can rely on to deliver sensitive information to individuals without having to worry about it being read if it were intercepted.

Featured Resources

How virtual desktop infrastructure enables digital transformation

Challenges and benefits of VDI

Free download

The Okta digital trust index

Exploring the human edge of trust

Free download

Optimising workload placement in your hybrid cloud

Deliver increased IT agility with the cloud

Free Download

Modernise endpoint protection and leave your legacy challenges behind

The risk of keeping your legacy endpoint security tools

Download now


Proofpoint impersonator steal Microsoft, Google logins in phishing campaign
cyber security

Proofpoint impersonator steal Microsoft, Google logins in phishing campaign

8 Nov 2021
Cloudflare enters the email security business

Cloudflare enters the email security business

28 Sep 2021
The most secure email services of 2021
email providers

The most secure email services of 2021

12 Sep 2021
Microsoft Outlook shows real contact details in some phishing emails
Microsoft Office

Microsoft Outlook shows real contact details in some phishing emails

7 Sep 2021

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

6 Jan 2022
How to speed up Windows 11
Microsoft Windows

How to speed up Windows 11

7 Jan 2022
Dell XPS 15 (2021) review: The best just got better

Dell XPS 15 (2021) review: The best just got better

14 Jan 2022