To scriptorians, PGP means “Pearl of Great Price” but to cryptographers, it means “Pretty Good Privacy” and refers to the safe-keeping of personal information. PGP is a type of encryption the Church uses to communicate securely with other organizations, such as banks and businesses. Each day we depend on encryption to act as a computerized safe-and-key system for managing access to our data.
Phil Zimmermann, the creator of PGP, developed and released the first PGP software in 1991. He published his source code and freely gave it away for anyone to use. The software is simple to use and is designed to encrypt files and e-mail transferred over the Internet. PGP is now the most popular e-mail encryption software in the world.
How does PGP work?
PGP requires entities or individuals to create their own individual pair of encryption keys. The key pair contains a private key that is never shared with anyone and a public key that is shared with everyone. Anyone can use a public key and encrypt a file or message with it. However, only the entity or person with the corresponding private key will be able to decrypt it. This is known as a one-way function. The technical implementation of a one-way function is brilliant but simple.
An Example of PGP
Consider this example of PGP in action. In this example, Alice is the recipient of an encrypted e-mail message, Bob is the sender, and Eve is the eavesdropper.
Alice first needs an encryption key pair. She must choose two prime numbers to create her encryption keys. A prime number can be divided only by itself and the number one, without having any remainders. So Alice picks 9013 and 12373 as her prime numbers. She now creates her public key by multiplying these values together to make 111,517,849. Now Alice shares this key or value with everyone but does not reveal the two numbers she previously chose.
Bob sends Alice a secure message using her public key together with his message after processing them with a one-way function. Now Alice is the only one who can decrypt Bob's message since only she has her private key—only she knows the two values which she used to create her public key.
If Eve intercepted the message to Alice and wanted to read it, Eve would have to factor 111,517,849 to find the two values that were multiplied together. If she worked quickly and could factor four primes a minute, it would take her almost five hours to discover the values of Alice's private key and read the message Bob sent.
Modern Examples of PGP
A realistic example of a modern AES 256-bit public key would use primes that are 10 to the power of 77, or 10 followed by 77 zeros. The U.S. government has calculated that factoring a smaller AES 128-bit public key would take a supercomputer (which can compute 2 to the power of 55 factoring attempts per second) approximately 149 trillion years. When one-way functions are used with large primes, they become dauntingly secure.
You don’t need to be in a large organization like the Church or a bank to be able to use PGP. You can download and install PGP on your own computer.
There are two main producers of PGP software: a commercial business (www.pgp.com) and a nonprofit organization (www.gnupg.org). Both software packages are compatible with each other and abide by the rules of the OpenPGP Alliance. This means the software follows the Internet Engineering Task Force (IETF) Proposed Standard RFC 4880.
Today is a great time to take a few minutes and secure your e-mail messages and files from being intercepted and read by those who should not have access to them. As Cosmo says in the movie Sneakers, “The world isn’t run by weapons anymore, or energy, or money. It’s run by little ones and zeros, little bits of data.” PGP will give you a level of encryption that is impenetrable to code breakers.
Jonathan Eicher is a Linux engineer for the Church.