Securing Email Messages and Files Using PGP

In the same way that you might want to encrypt messages to send to another user, you would probably also want to be sure that a message received is actually from the sender in question. In PGP, this is accomplished by digitally signing a message.

Let’s say that I want to send a message to Bob, who already has a copy of my public key. After typing out the message, I click Tools > Digitally Sign using PGP in my email client, which will for is the PGP Personal Desktop is being used. PGP takes the contents of my message and runs it through a computation that produces a fixed-length output known as a digest. Regardless of how long the message is, the output is always the same length. This digest is then signed with my private key and is attached to the message; note that only the digest is attached to the message, not my private key.

Notice that I didn’t mention encrypting the message. In this case, the message is sent as plain text, and includes the signed digest (it could also be encrypted using Bob’s public key if required). When Bob receives this message, PGP on his system uses my public key to do the same computation on the message. If the results are the same, he can be certain that the message came from me. If someone had changed so much as a single character in the message en route, the computation would be different, and Bob would recognise that the message had been tampered with.

Having looked at the purpose of both public and private keys, we are now better prepared to use PGP. If you’re looking for the freeware version for your laptop, it can be downloaded from the main PGP web site at http://www.pgp.com. Although PGP Freeware is a perfectly reasonable solution for individual users, it lacks email integration facilities and many other useful capabilities. If you want a more robust version, consider purchasing PGP Personal Desktop, available from the PGP web site at a cost of $50 USD.

Author: Dan DiNicolo

Dan DiNicolo is a freelance author, consultant, trainer, and the managing editor of 2000Trainers.com. He is the author of the CCNA Study Guide found on this site, as well as many books including the PC Magazine titles Windows XP Security Solutions and Windows Vista Security Solutions. Click here to contact Dan.