Who is using pgp

This article explains the tech behind our security promise. In fact, PGP is the most widely used email encryption system in the world. When you send messages using PGP encryption, no one can intercept and read your message in transit. PGP has been thoroughly field tested over its decades of use, its few vulnerabilities are well understood, and it has broad compatibility with other encryption clients.

For these reasons, we use PGP as the backbone of our security architecture. This article is part of a series explaining some of the tech behind ProtonMail.

We have already covered end-to-end encryption and zero-access encryption. PGP is a cryptographic method that lets people communicate privately online. When you send a message using PGP, the message is converted into unreadable ciphertext on your device before it passes over the internet.

Only the recipient has the key to convert the text back into the readable message on their device. PGP also authenticates the identity of the sender and verifies that the message was not tampered with in transit. Before PGP, your internet provider, your email provider, hackers, or the government could all theoretically read your messages.

PGP was developed in the s to allow email and other types of messages to be exchanged privately. Historically, PGP was difficult to use, requiring additional software applications on top of your email provider or client. You also would have to manually generate encryption keys and exchange them with your contacts. When you compose an email to another ProtonMail user and click send, the message encryption and signature are applied automatically.

PGP uses a combination of symmetric key encryption i. The first thing PGP does is generate a random session key. This key is an enormous number that is used to encrypt and decrypt the contents of the message. Only someone who knows the session key can read the message, and it is much too large to guess.

This session key is also never used again for other messages. The public key is unique to each person and meant to be shared. The original message and signed digest are encrypted by using a one-time secret key created by the sender. The secret key is encrypted by using a receiver's public key. Both the encrypted secret key and the encrypted combination of message and digest are sent together. PGP at the Sender site A Following are the steps taken to show how PGP uses hashing and a combination of three keys to generate the original message: The receiver receives the combination of encrypted secret key and message digest is received.

The encrypted secret key is decrypted by using the receiver's private key to get the one-time secret key. The secret key is then used to decrypt the combination of message and digest.

The digest is decrypted by using the sender's public key, and the original message is hashed by using a hash function to create a digest. Both the digests are compared if both of them are equal means that all the aspects of security are preserved.

Compatibility issues: Both the sender and the receiver must have compatible versions of PGP. For example, if you encrypt an email by using PGP with one of the encryption technique, the receiver has a different version of PGP which cannot read the data.

Complexity: PGP is a complex technique. Other security schemes use symmetric encryption that uses one key or asymmetric encryption that uses two different keys. PGP uses a hybrid approach that implements symmetric encryption with two keys. PGP is more complex, and it is less familiar than the traditional symmetric or asymmetric methods. No Recovery: Computer administrators face the problems of losing their passwords. So by encrypting the symmetric key using the asymmetric public-key system, PGP combines the efficiency of symmetric encryption with the security of public-key cryptography.

In practice, sending a message encrypted with PGP is simpler than the above explanation makes it sound. You will see a padlock icon on the subject line of their emails. The email will look like this the email addresses have been blurred for privacy reasons :. ProtonMail — like most email clients that offer PGP — hides all of the complexity of the encryption and decryption of the message.

If you are communicating to users outside of ProtonMail, you need to send them your public key first. And so, although the message was sent securely, the recipient does not have to worry about the complexities of how this was done. Of these three uses, the first — sending secure email — is by far the dominant application of PGP. As in the example above, most people use PGP to send encrypted emails. In the early years of PGP, it was mainly used by activists, journalists, and other people who deal with sensitive information.

The PGP system was originally designed, in fact, by a peace and political activist named Paul Zimmerman, who recently joined Startpage, one of the most popular private search engines.

Today, the popularity of PGP has grown significantly. As more users have realized just how much information corporations and their governments are collecting on them, huge numbers of people now use the standard to keep their private information private.

A related use of PGP is that it can be used for email verification. If a journalist is unsure about the identity of a person sending them a message, for instance, they can use a Digital Signature alongside PGP to verify this. If even one character of the message has been changed in transit, the recipient will know.

This can indicate either the sender is not who they say they are, that they have tried to fake a Digital Signature, or that the message has been tampered with. A third use of PGP is to encrypt files. In fact, this algorithm is so secure that it has even been used in high-profile malware such as the CryptoLocker malware.

This software offers PGP encryption for all your files, whilst also hiding the complexities of encryption and decryption processes. This is done to protect the message during transmission. Once the recipient receives the message, they use their own private-key to decode the message, while keeping their personal private-key a secret from outsiders. Another aspect of PGP is message authentication and integrity checking.

Integrity checking is used to detect if a message has been altered after it was written and to determine if it was actually sent by the claimed sender.

Because the email is encrypted, changes in the message will make it unable to be decrypted with the key. PGP also ensures that the message belongs to the intended recipient. These certificates are constructed so that tampering can be easily detected. The certificates can only prevent corruption after they have been made, but not before.

PGP products also help to determine if a certificate belongs to the person that is claiming it, often referred to as a web of trust. View the discussion thread. Platform Overview.