OpenPGP (RFC 4880 standard) is a method of encrypting communication. Because the encrypted message can be send on any channel that supports text messages, such as emails and personal messages, OpenPGP can be considered channel-agnostic.

The encryption of OpenPGP has been under constant audit for decades.

It started in 1991 when Phil Zimmermann created PGP, the original implementation of the standard. Because of USA regulations he could not sell PGP software. Cryptography software was considered a national threat. Zimmermann published the entire source code of PGP in a hardback book which was distributed and sold worldwide.

OpenPGP is used in many business types

OpenPGP provides

How does it work?

Misuse of OpenPGP can seriously diminish security of a website or a system when you think you are secure and you are not. Some things must be explained. Always make sure you understand the tools you are using.

The unencrypted information that you want to send is also called plaintext. The plaintext does not require to be decrypted. The next step would be to encrypt it before sending it.

After encryption step you get the ciphertext, which is the representation of plaintext which cannot be read without the cipher keys.

A cipher is a method of transforming each character of a message. An example is Caesar Cipher, which was used by Roman Emperor Julius Caesar to conceal the contents of his messages. It is easy to understand and nowadays easy to break using a computer. It is also called Substitution Cipher. Each letter of the alphabet is replaced by another letter. For example the cipher {AP,BH,CT,DU,ES,..,RA,SJ,TZ,..,ZK} used for plaintext SECRET results in ciphertext JSTASZ.

Users who wish to encrypt messages they send must have a private key. For any private key, there must be a public key to send the message. So, when generating a private key, a public key will also be generated. These are also known as a key pair.

OpenPGP guidelines

How to get public key of the recepient of the message?

  1. using a direct channel, such as Floppy disks, CDs, or other direct connections
  2. using a public key server for OpenPGP

Conversation using OpenPGP


How to proceed?

  1. user A encrypts the message using private key A
  2. user A encrypts the resulted message one more time using public key B
  3. user A sends the message which was encrypted 2 times to user B
  4. user B receives the message from user A
  5. user B decodes the message using private key B
  6. user B decodes the resulted message once again using public key A
To send a message back to user A, user B should proceed the same way user A did. So, to start, user B should encrypt the message using private key B.

Just sending a OpenPGP message


To simply send a message encrypted with OpenPGP, only the receiver must have a key pair. The sender should have the receiver's public key.

Some rules OpenPGP is based on


OpenPGP software

Find out MORE about OpenPGP and computer security HERE.