PGP encryption

#^#^#

Warning: a little bit technical. PGP encryption is a method developed by cryptographers that is basically unbreakable. This allows people like you and I to communicate in complete security from prying eyes. It also allows people to digitally "sign" text or files that guarantee they are from the person who is claiming to have sent them, and that the contents of the text or file hasn't been changed. This allows you to trust things you receive from people using PGP.

For those in the know, the original PGP Encryption software has been purchased by Norton and they now sell it. BUT, there is a freeware version developed by people for people available at GnuPG PGP. I highly recommend it. By the way, all the links here will open in a new window or tab in your browser.

While there is a learning curve to the PGP software, it is not so large a curve so as to defeat the intermediate computer user, and there are some great helper links at the site shown above. Here is a page to get you started with understanding and using PGP: a very good PGP Overview.

In a nutshell: PGP uses a combination of Public/Private Key encryption with another one way encryption that guarantees security. When one creates a new PGP key, two keys are produced, one public, one private. The public key is given to everyone, in fact there are servers the world over that hold all the public keys. In order for someone to send a message to this person, one needs to have that persons public key (either given to them or found in one of those directories) and some PGP software (like the one above). The message or file is encrypted using the recipients public key. At this point the message or file is unreadable by ANYONE ELSE, not even the person who sends it. Only the recipient's private key can unencrypt the document. Why? A bit technical for here, the links above can explain it better or the book discussed next.

I also came across a book recently that I found extremely interesting and an enjoyable read. The Code Book (the link takes you to the Amazon Kindle version).

As for signatures: When you "sign" something, your private key is used in a way that hides its identity. When someone with PGP software then checks the signature (they must have your public key on their keyring) it will only come back as a valid signature if your public key verifies it. This means that only you could possibly have signed it and so it is genuine. Of course, you must have a level of trust in all the public keys you own. For a discussion about PGP trust levels see the links above.

As a side note: while PGP is in all practicality unbreakable (all the computers in the world working together to decrypt a single document, or forge a single digital signature, woulds take years and years to accomplish). However, in the future, if quantum computers become a reality, then it is possible that these encryptions could be broken because quantum computers hold the promise of working millions, billions, trillions of times faster than any computer in existence today.
#^#^#-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

PGP encryption

Warning: a little bit technical. PGP encryption is a method developed by cryptographers that is basically unbreakable. This allows people like you and I to communicate in complete security from prying eyes. It also allows people to digitally "sign" text or files that guarantee they are from the person who is claiming to have sent them, and that the contents of the text or file hasn't been changed. This allows you to trust things you receive from people using PGP.

For those in the know, the original PGP Encryption software has been purchased by Norton and they now sell it. BUT, there is a freeware version developed by people for people available at GnuPG PGP. I highly recommend it. By the way, all the links here will open in a new window or tab in your browser.

While there is a learning curve to the PGP software, it is not so large a curve so as to defeat the intermediate computer user, and there are some great helper links at the site shown above. Here is a page to get you started with understanding and using PGP: a very good PGP Overview.

In a nutshell: PGP uses a combination of Public/Private Key encryption with another one way encryption that guarantees security. When one creates a new PGP key, two keys are produced, one public, one private. The public key is given to everyone, in fact there are servers the world over that hold all the public keys. In order for someone to send a message to this person, one needs to have that persons public key (either given to them or found in one of those directories) and some PGP software (like the one above). The message or file is encrypted using the recipients public key. At this point the message or file is unreadable by ANYONE ELSE, not even the person who sends it. Only the recipient's private key can unencrypt the document. Why? A bit technical for here, the links above can explain it better or the book discussed next.

I also came across a book recently that I found extremely interesting and an enjoyable read. The Code Book (the link takes you to the Amazon Kindle version).

As for signatures: When you "sign" something, your private key is used in a way that hides its identity. When someone with PGP software then checks the signature (they must have your public key on their keyring) it will only come back as a valid signature if your public key verifies it. This means that only you could possibly have signed it and so it is genuine. Of course, you must have a level of trust in all the public keys you own. For a discussion about PGP trust levels see the links above.

As a side note: while PGP is in all practicality unbreakable (all the computers in the world working together to decrypt a single document, or forge a single digital signature, woulds take years and years to accomplish). However, in the future, if quantum computers become a reality, then it is possible that these encryptions could be broken because quantum computers hold the promise of working millions, billions, trillions of times faster than any computer in existence today.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQIcBAEBAgAGBQJTF6wBAAoJEB21d6905Z3TOdsP/i34bH9EBdH58WltrgzfVxUG
9Cro3dTgYd7V2QWtzrE2iIv6clc+JumrcofVVxgLOyd/E/mAmqLd1xmJ3cd8V3du
+zgiSDCQbRmkSrpqH00CbL4jHP4posj8ZvstckMnP3+BmlroY6k2xE0YRhnyGioI
60O5Vt6P9s3BYYAY2iOpFsQDDSuUO0BH+6Vcqr0lMo6Nhre3FZJXLFkBNATxlIop
CqwKR3IfQhq+81F+jGHlTXNzSv/s/6U841Fy48G5LpjoUsgf33vx/z6peAD1sNR7
/aeEeTte699UhMFojHKGPj2jU+R7BDnYMlzJr7hFDv+AAqU9qPjqEpknbbvG7Z9x
ms052Hx1vYRWVmVpiAaIsUXp6APVZJpE+AY8n5EED+E1vV57Rrmw7/x1BU3THyIV
9J08pAtcn6Y3H2fIy3f5fq6f0okek/3+dyWVwPs00ZdpI07G4g6AjfQRJCRh8utX
ZNyMroP+gBn6HiGQEgYlr4SkCr0d7XBMFj3wtMLhAcrlX8Koj6YR0KSQ7J/w/cMS
a32owUaCMhqbPSNb41L2CV12kodrwMZy0kKIVe9mVF+gnmY6++Pkm1xHZeIk/gEx
DXG4khOHoHw5SQmn9BsSJ/BUYx8wVBDRrGAG/K8UC7c3U7Y1jAg3GlIYLB6w3Wu4
/eDF9b2JPhBZTouCKrWI
=Yk/y
-----END PGP SIGNATURE-----