What is the difference between PGP keys, SSH keys, and SSL keys?

232 views

[ad_1]

I know that they all use asymmetric encryption, but I don’t understand their differences and applications. Any guidance is much appreciated!

In: Technology
[ad_2]

PGP is mostly used for text messages between people, like email. You typically send the decoding key out to people, and a lot of people might have it. or you might make it public so everyone has it, and it doesn’t really encrypt anything, but proves you are really you, since you are able to ‘sign’ things.

SSH is generally to talk one machine to one other machine. If you want your laptop to connect to one linux server you make one SSH for key. Multiple computers can use the same key and it works, but the idea is one to one. you download it and one computer can talk to another computer.

SSL is good for automatic connections. Anyone can go up to an encrypted website and get a key to talk to it, so no one else can read what you are doing with it, but it’ll give one to anyone.

The only difference is the types of programs they’re used for (PGP usually for email or encrypted messages, SSH usually for securing remote connection to computers, SSL usually for running a website or anything else done over SSL), but besides that they’re the same keys just wrapped in a different container.

These are not different kinds of encryption, they are different *protocols* that give other people the information they need to understand how they can decrypt or verify your message. They may allow for an array of different options for exact cryptographic algorithm, which is important so that we can upgrade to more secure ones over time, or fix bugs. The connection protocols, TLS and SSH also have some kind of negotiation built in, so that the machines can understand each other and perform key exchange.

PGP (1991): Pretty Good Privacy, designed for digital signatures and encryption for individual messages, such as emails. You *might* be using this somewhere without knowing about it, e.g. it might be used to sign your emails.

SSL (1994)/TLS (1999): Secure Socket Layer/Transport Layer Security, protocol for encrypted *connections*, also allowing for proof of identity with digital certificates. Best for public facing web servers, to the point that all of your web traffic goes over TLS now, browsers will warn you if it is not.

SSH (1995): Secure SHell, secure machine to machine command line protocol, which includes logging into a user account. Similar, in principal, to SSL, but higher level and more advanced and allows all machines to interface with each other at the command line level. You probably won’t use SSH unless you are a developer, the most common use is SFTP (which is basically just running the FTP protocol inside an SSH connection.) I’ll let you guess what the S stands for.

There’s another difference not mentioned yet: in SSH, the keys are used on their own, but in SSL (really TLS these days) there’s also a certificate, which is the public key with some information about the subject, bound together by being signed with the private key.

Imagine them like physical keys. [There](https://upload.wikimedia.org/wikipedia/commons/b/bc/Lever_Lock_and_Key.jpg) [are](https://upload.wikimedia.org/wikipedia/commons/6/6f/Chiave_simil-Abloy.JPG) [many](https://upload.wikimedia.org/wikipedia/commons/6/60/Solex_99_30_padlock_with_keys_%28DSCF2659%29.jpg) [kinds](https://upload.wikimedia.org/wikipedia/commons/3/33/Ancient_warded_lock_key_transparent.png). Every one of them has the same purpose, though. It’s just a matter of how the designer decided to create the lock and the key.

Just remember that is the algorithm underneath the key that dictates the security of the key. Basically the biggest difference between a SSH key and a PGP key with the same algorithm and key length is the representation and the purpose for what it is used for.