PGP (Pretty Good Privacy) encryption is a Public-Private key based Cryptography tool
for data protection and security.
Whenever any one wants secure data communication then he needs to have encryption
tool like PGP. The PGP will create a Public & Private for the user. Whenever he
wants to receive any data in a secured manner then he would distribute his public
key to people. They will use the PGP software and the public key to create the
encrypted date and then communicate the same via electronic Media. He can use his
PGP software and private key to decrypt and view the message. Public and private
keys are available in a form of file known as Key rings which is recognized by PGP
When a user encrypts plaintext with PGP, PGP first compresses the plaintext. PGP
then creates a session key, which is a one-time-only secret key. This key is a
random number generated from the random movements of your mouse and the keystrokes
you type. This session key works with a very secure, fast conventional encryption
algorithm to encrypt the plaintext; the result is cipher text. Once the data is
encrypted, the session key is then encrypted to the recipient's public key. This
public key-encrypted session key is transmitted along with the cipher text to the
Decryption works in the reverse. The recipient's copy of PGP uses his or her private
key to recover the temporary session key, which PGP then uses to decrypt the
conventionally-encrypted cipher text.
Keys are stored in encrypted form. PGP stores the keys in two files on your hard
disk; one for public keys and one for private keys. These files are called keyrings.
As you use PGP, you will typically add the public keys of your recipients to your
public keyring. Your private keys are stored on your private keyring. If you lose
your private keyring, you will be unable to decrypt any information encrypted to
keys on that ring.
Many of the software applications use the PGP software (PGP Command Line) to build
their encryption. Following scenario would explain the same.
A company ABC is transacting with bank and receives and sends communication to the
Bank electronically. They want to transmit the data electronically. The Bank is
already using PGP software for encrypting the data. The bank insists the ABC Company
to send the data in Encrypted form. They would share their Public Key. This would be
in the form of a file (Key ring). Then ABC firm first upload the key Ring in their
PGP software. When transmitting data, they would use the Bank's Public Key and
encrypt the data and then transmit the same. When the Bank receives the file, they
would use the PGP application and their private key and decrypt the data. Similarly
when ABC Company wants to receive the encrypted data from their Partners/Bank, then
they would generate a Public, Private Key from the PGP Software and share the Public
Key to their partner.
Theetharappan, Thiagarajan from mphasis.com