Eli5 what is pgp key and how does it work

342 views

Eli5 what is pgp key and how does it work

In: 5

5 Answers

Anonymous 0 Comments

PGP believe it or not stands for Pretty Good Privacy. The people who developed it back in the 90s originally named it that.

Basically when you set up PGP on a computer, you create a key pair. There is always 2 keys. You have a private key and a public key.

So if you can imagine a drop box in front of a bank or a similar type institution. Businesses will get their daily deposits ready, then go to the drop, and take their bag of money and stuff, and use a key to open the door and drop it into the drop box. Once they drop it in, it falls down a chute into the bank. They can’t get it back. And they can’t get to other people’s money.

In the morning, the bank manager or whomever is responsible for doing it, will come in and use a different key to open a door on the inside of the bank. They will take out all the bags that have all the drops. Then they will open them and process them into the accounts of the businesses.

PGP works like that but for computer data.

Once a person generates a key pair, they keep the private key safe for their use only, they don’t give it out to anybody. But they give the PUBLIC key to people to send them information, email, documents, whatever that needs to be encrypted.

The person sending the information, over the internet, on a flash drive, however, uses the PGP program to encrypt the data using the PUBLIC key, then sends it to the person receiving the data that has the PRIVATE key.

Once the person with the private key receives the data. They then use their private key with the PGP program to open the data, decrypt it, and use it for whatever purpose they need it for.

As long as the private key remains safe in the hands of the person who creates it, then only that person will be able to decrypt the data.

Anonymous 0 Comments

Let’s say two kids are discussing a secret plan about how they should coordinate a surprise at a family gathering, while amidst adults / elders around, without them knowing. However, both kids are smart enough to know that they’d need to use completely different and unique “secret” code-language while conversing in order not to raise any suspicions from anyone eavesdropping on them. So Kid-1 decides to speak the syllables backwards, as their “secret” code-language, and kid-2 will need to reverse all that gibberish in order to make sense of what kid-1 has just said. Similarly, kid-2 decides a different way, say, replacing vowels with the next in dictionary order of-course, so kid-1 should be aware of that “tactic” in order to decipher what kid-2 has replied.

Pretty Good Privacy typically is used for P2P ( peer-to-peer ) communications, in which both peers exchange their public-keys ( as in, their “code” language tactic ), and expect messages from the peer encrypted / ciphered specifically in that format, so they can use their private-key to decipher locally. This is all to ensure no eavesdropping ever occurs.

Anonymous 0 Comments

PGP stands for Pretty Good Privacy, as others have stated.

Say I want to create my very own PGP key. What I can do is run a special program on my computer that will generate a pair of extremely long numbers. One is called the public key, and the other is called the private key. They are mathematically linked in a very special way.

In essence, you can think of the public key as a padlock, and the private key as an actual physical key. The fact that they are both called keys is honestly pretty confusing to newcomers even though only one of them acts like a “key” in the way most people would think.

I take my public key and post it up for everyone to see on the public web. These are the PGP keys you see out in the wild.The private key, I keep to myself. I don’t let anyone see it, I don’t share it. Think of it like I’m mass-producing my padlocks, and putting them in stores all across the nation for people to buy and use, but not giving anyone the key to open them. These locks are completely unpickable and cannot be reverse-engineered by any real world device that currently exists at this time of writing.

Now say you want to send me a message in private. What you can do is go out and get one of my custom-made padlocks. Then, take the message you want to send to me, put it in an indestructible box, close it, and slap my padlock on it. Now that box is completely, impenetrably sealed. You can’t open it. If you send it in the mail and it gets intercepted, none of them can open it. Worst case, someone just takes it and prevents me from getting it, but no one can ever read it. Except me, that is, because if I do eventually get your locked box, I can open it with my key and read the message you put inside.

While this is more or less the system, it ignores a small wrinkle in how the actual system works. See, while you *can* take your entire message and use my special lock to secure it, it turns out that process in the real world is somewhat slow for computers to actually do. It’s a weird side effect of the extreme unpickability of my padlock, which it needs to have since it’s completely public. Instead, what you can do is make your computer generate a more efficient one-time-use lock and key on the spot. You then put your new padlock on the box containing your message, and instead put my special padlock on a tinier box that only has the key to your new lock, and you send me both boxes. I can use my key to unlock the tiny box, get your one-time-use key, open the second box, and I throw the one-time-use padlock and key away.

The final major piece of PGP is crytographic signatures. This one is a little harder to explain by analogy. Essentially, if you have your own set of public and private PGP keys, you can use your own private key to “sign” your message, like you would sign your name on a written letter, done in such a way that I can use your public key to check if it really was you who sent it. So, in addition to guaranteeing that no one other than I can read your message, you can also provide proof that you were the one who wrote it, so I can be sure I’m not getting a message from an imposter.

The diagram on [the Wikipedia article for PGP](https://en.wikipedia.org/wiki/Pretty_Good_Privacy) makes the process I laid out rather clear. I also think that [this YouTube video](https://www.youtube.com/watch?v=6H_9l9N3IXU) provides an excellent visual of the encryption and decryption steps with the public and private keys (which is only part of PGP, but it’s the most crucial part of it).

Anonymous 0 Comments

there are two types of cryptography:

-symmetric

-asymmetric

the simmetric one is the one you are familiar with: you set the password on a file, share the password with someone in a safe way, share the encrypted file on an insecure channel, the other guy enters the same password, file unlocked.

asimmetric one: you can think it like a pair of things: a “thing” to lock and a “thing” to unlock, for example a safe and it’s combination, a lock and it’s key.

the idea is that you send your safe opened to your friend, he fill it with stuff and close it, noone can open it, not even him, the safe is a “lock only thing” while your combination is “unlock only thing”.

pgp is a software that allows you to use both but a pgp key is an asimmetric key (safe example) where you publish the public key part (“opened safe”) on the internet and whoever want to send you a private message can use a copy of that key (“copy of the opened safe”) to encrypt stuff to you. you use the private part to open the message.

easiest example of public key crypto system: [https://en.wikipedia.org/wiki/Merkle’s_Puzzles](https://en.wikipedia.org/wiki/Merkle’s_Puzzles)

Anonymous 0 Comments

When you create a PGP key you’ve effectively created a locked box with two keys, anything locked up with the key gets shaken all up so it’s no longer recognizable(encrypted). One of those keys is a public key, this allows you to put anything in that lock box that you want, however once you lock it up you can no longer unlock it. Then there’s a private key which is what is needed to unlock the lockbox and put all of the pieces back together in the correct order.

General usage for PGP is to allow you to send/receive data or store data so that only the persons with the private key is able to open it.

An example would be I have a client that wants to send me sensitive data. I send them my public key, which allows them to create a lockbox that only I can open(encrypting), They send me the file and I use my private key to open the lockbox and retrieve the contents(decrypting).