The issue with digital privacy was a major concern for all, even back in the 1990s. A guy by the name of Phil Zimmermann created an encryption and authentication program called Pretty Good Privacy (PGP). This allows a user to encrypt, decrypt, and sign messages, whether a file or even an email message (text).
How does PGP ensure the confidentiality and integrity of a message? Earlier in the chapter, we used two fictional characters, Alice and Bob. Once again, we'll create another analogy to further explain and describe how PGP secures our message between one device to another.
Let's assume Alice wants to send a message to Bob using an email messaging system. However, there's sensitive/confidential data in part of the body of the email message. This is a major concern for both Alice and Bob. Let's start the process:
- Alice writes the message, and she uses Bob's public key to encrypt the message, creating ciphertext.
- Alice send the ciphertext over to Bob:
- Bob receives the ciphertext and uses his private key to decrypt and read the message from Alice:
- In return, if Bob wants to send Alice a message, Bob would use Alice's public key to encrypt the message and send it.
- Only Alice's private key would be able to decrypt the message that Bob had sent.
In a public key system, two different keys are generated, a public key and private key. Only these key pairs can encrypt and decrypt messages between them. The public key is used to encrypt and the private key is used to decrypt.
Some uses of Pretty Good Privacy are as follows:
- Authentication of digital certificates
- Encryption and decryption of emails and files