Pretty Good Privacy

If you’re looking to learn more about PGP, one of the most popular encryption methods used today to encrypt files and send encrypted emails, keep reading to learn what it is, how it works, along with its offshoots GPG and Open PGP.

What is PGP?

PGP, Pretty Good Privacy, is a standard option for file encryption and authentication. It is currently owned by Symantec, a technology company that develops and sells software solutions.

PGP is used to encrypt files to secure them for file transfer. It uses several encryption technologies, including hashing, data compression, and public/private keys to protect sensitive information. PGP is a flexible solution for today’s cybersecurity needs: it is often used to encrypt files before exchanging them with trading partners or remote locations and can also encrypt emails, directories, and disk partitions.

How PGP Works

Pretty Good Privacy is a standard for file encryption and authentication

PGP uses a combination of encryption methodologies, including hashing, data compression, symmetric-key cryptography, and public-key cryptography to secure data. It can be used to encrypt:

  • Text files
  • Emails
  • Data files
  • Directories
  • Disk partitions

What’s the Difference Between PGP and GPG?

GPG, or GnuPG, is a different implementation of the Open PGP standard (more on that below), and a powerful alternative to Symantec’s official PGP software. Also known as the GNU Privacy Guard, GPG is useful in that it works well with non-GPG-based products and can open and decrypt files encrypted by PGP or Open PGP.

Keep reading: PGP vs. GPG: What’s the Difference?

What is Open PGP?

Open PGP is an open source offshoot of PGP that uses PGP as its foundation and was developed by Phil Zimmermann, a computer scientist and cryptographer who also developed PGP. The term “Open PGP” is commonly used to describe tools, features, and solutions that support open-source PGP encryption technology. Open PGP gives developers a way to include PGP in software that is typically free to the public. To do so, developer and vendors who include Open PGP in their software solutions must follow IETF (Internet Engineering Task Force) standards and allow for easy integration with other Open PGP-compliant software vendors.

Keep reading: OpenPGP, PGP, and GPG: What is the Difference?

Open PGP’s main function is to encrypt email communication, but it can be used for a variety of use cases, which is why developers choose to incorporate Open PGP into their products.

Open PGP file encryption, like standard PGP, lets you store sensitive information or transmit information across unsecure networks (i.e., the internet or email) so only the intended recipient can read it. It uses asymmetric (public key) cryptography and addresses the issues of data authentication and non-repudiation through the ability to "sign" files via embedded digital signatures. According to the official OpenPGP website, even intelligence organizations aren’t able to break Open PGP encryption. These features give organizations a high level of data protection, making Open PGP one of the most popular file encryption methods used today.

Use Open PGP for Free Today

Encrypt, decrypt, sign files, and verify documents with GoAnywhere Open PGP Studio, a free encryption solution for IT users and teams.

Try It Today   

The History of PGP

PGP was developed in the early 1990s by Phil Zimmermann & Associates, LLC as a method of securing files that were posted on pre-internet bulletin boards. PGP has changed ownership several times between the 90s and now, and is currently owned by Symantec.

PGP gained popularity because it was initially available freely, which made it attractive to users who wanted to encrypt files and send encrypted emails at no cost. The layers of security are also attractive and helped PGP spread among security-conscious users – PGP uses both symmetric encryption and public key encryption, so users can send or receive messages from people they’re never met without exchanging private encryption keys.

Is PGP Still Used Today?

Although some outlets have declared that PGP is dead, PGP, Open PGP, and GPG are all still in use today, and it continues to be a secure way to encrypt your data.

PGP Security

PGP encryption is done with software applications that obscure the message before either the application or the user sends it to the recipient.

How PGP Encryption Works

By transforming plain, readable text into a complex code of unreadable characters, PGP encryption provides essential privacy missing from online communication. Once encrypted – hashed, data compressed, and “locked” via either symmetric private key cryptography or asymmetric public key cryptography – the message travels to the recipient fully cyphered. The recipient then uses PGP to decrypt the message.

With this system, each user has both:

  • An encryption key that is publicly known and can be provided to the recipient
  • A private key that is known only to each user and should be kept secret

The public key encrypts the message or file, while the private key decrypts.

This encryption standard addresses the issues of data authentication and non-repudiation through the ability to "sign" files via embedded digital signatures. Digital signatures use public-key cryptography to authenticate that data is coming from the source it claims to be from and has not been tampered with. Digital signatures are sent alongside the message body and work by using an algorithm to combine the sender’s private key with the data they are authenticating. The process makes digital signatures essentially impossible to forge unless the private key has been compromised.

Keep reading: Everything You Need to Know about PGP Encryption

Sending Files with PGP

PGP is used to encrypt or decrypt the file you exchange and having a trustworthy PGP software is paramount.

For sending files with PGP, the sender will need to have access to the recipient’s public key before they can send their files. Once the file is compressed, PGP will efficiently encrypt the plaintext with private key cryptography, turning the message into ciphertext. The session key is then encrypted using the sender’s public key. Once the recipient has received the encrypted file, they can decrypt it using their private key.

Using MFT for PGP Decryption and Encryption

Some managed file transfer (MFT) tools, including GoAnywhere MFT, support Open PGP. Using an MFT solution gives you the ability to leverage Open PGP to:

  • Encrypt files with one or more Public Keys
  • Decrypt files with Private Keys
  • Sign files with Private Keys
  • Verify digital signatures in files using Public Keys
  • Generate full audit logs of all PGP encryption and decryption processes
  • Automate the entire process

Maintain the privacy and integrity of the data you exchange with external trading partners, clients, customers, and internal users when you use Open PGP via MFT.

Keep reading: 5 Benefits of PGP Decryption Using Managed File Transfer

See Open PGP in Action

Schedule a 15, 30, or 60-minute demo to discover how Open PGP encryption can boost your file security.

Request a Demo

PGP Tutorials

How to Decrypt Files with Open PGP

Learn how to decrypt files using Open PGP and GoAnywhere Workflows using the PGP Decrypt Task.

How to Encrypt Files with Open PGP

Discover how to use Open PGP encryption software from GoAnywhere to encrypt files and sign them with this tutorial. Store sensitive information or transmit across insecure networks with Open PGP.