Securing Email Messages and Files Using PGP

The purpose of your public key is to allow other users to send encrypted messages to you. You did read that correctly. For example, for Bob to send you an encrypted message, he must have your public key. When he sends a message encrypted with your public key, the only way it can be decrypted is if the associated private key is used, and you’re the only one that has it.

This is why your public key can be freely distributed – if any messages are encrypted with it, only your private key can decrypt them. Along the same lines, if you wanted to send an encrypted message to Bob, you would need his public key to do it.

In reality, public key encryption is computationally taxing, so the manner in which PGP works is a variation on this theme. When Bob wants to send you a message, he creates a one-time-use session key. This session key is used to encrypt the message. Then he encrypts the session key using your public key, and sends both the encrypted message and encrypted key to you. Upon receiving the message, your private key first decrypts the session key, and then uses the session key to decrypt the message.

Although it sounds complex, this method is much less computationally taxing than straight public-key encryption, which uses much larger keys (2,048 bits). In this case, only the small session key (128 bit) has to be encrypted with the recipient’s public key, rather than an entire message.

Author: Dan DiNicolo

Dan DiNicolo is a freelance author, consultant, trainer, and the managing editor of 2000Trainers.com. He is the author of the CCNA Study Guide found on this site, as well as many books including the PC Magazine titles Windows XP Security Solutions and Windows Vista Security Solutions. Click here to contact Dan.