Pretty good privacy

from Wikipedia, the free encyclopedia
Pretty good privacy
Basic data

Maintainer Phil Zimmermann
developer Symantec
Publishing year 1991
Current  version 1.0
operating system Cross-platform
programming language C.
category Encryption
License Proprietary , formerly freeware

Pretty Good Privacy ( PGP ; . English "pretty good privacy") is a by Phil Zimmermann developed program for encrypting and signing of data.


How PGP works (encryption only, no signing)

PGP uses a so-called public key procedure , in which there is a clearly assigned pair of keys :

A public key is used with which anyone can encrypt data for the recipient and check his or her signatures, and a private secret key that only the recipient has and which is normally protected by a password . Messages to a recipient are encrypted with their public key and can then only be decrypted with their private key. These procedures are also called asymmetric procedures , since the sender and receiver use two different keys.

The first version was written in 1991 and used an RSA - algorithm to encrypt the data. Later versions used the Elgamal algorithm .

With PGP, however, the entire message is not encrypted asymmetrically, because this would be far too computationally intensive and it would not be practical to send the same message to multiple recipients. Instead, the actual message is encrypted symmetrically and only the key used is encrypted asymmetrically ( hybrid encryption ). For this purpose, a symmetric key (session key) is generated randomly each time.

This symmetric key is then z. B. encrypted by RSA or Elgamal cryptosystem with the public key of the recipient and added to the message. This makes it possible to encrypt a message for several recipients at the same time. A message encrypted for several recipients then looks like this:

asymmetrically encrypted key of the message for recipient 1
asymmetrical for recipient n encrypted key of the message
symmetrically encrypted message

PGP is based on the so-called Web of Trust , in which there is no central certification authority, but trust is administered by the users themselves.

Since PGP is designed to be able to decrypt messages permanently, if an attacker succeeds in obtaining a private key, the entire communication history of this key is compromised . For instant messaging , Off-the-Record Messaging (OTR) was developed as an alternative to PGP ; even if the private key is later compromised, the encrypted communication remains unreadable for the attacker (but also for the legitimate key owner).


Phil Zimmermann wrote the first version in 1991. His goal was that all citizens and especially civil movements could exchange encrypted messages securely before access by secret services (strong encryption).

In its early years, PGP was not allowed to be exported license-free from the USA because, like weapons, it fell under the US export law. According to this, cryptosystems with keys longer than 40 bits for symmetrical encryption were subject to special export regulations. The first PGP versions used the IDEA with a 128-bit key length. In the late 1990s, the US liberalized these laws.

In order to circumvent the export restriction , the complete source code was published in 1995 in the book "PGP Source Code and Internals" by Phil Zimmermann. The software could legally be exported from the USA as a book . It was typed by hand by over 60 volunteers. An internationally available version of PGP (PGPi) was then compiled from the typed program code .

The company PGP Corporation emerged from a merger between Phil Zimmermann's team and ViaCrypt, to which Phil Zimmermann had sold some commercial rights and which RSA had licensed directly. Up to version 8 it provided an independent product for non-commercial users with PGP Freeware . As of version 9, only the trial version of PGP Desktop Professional 9 is available instead . It can be used without restriction for 30 days. After the period has expired, the scope of functions and usage rights will be reduced to a scope that roughly corresponds to the former PGP Freeware . Encryption and decryption of e-mails are also possible after the test phase has ended, but only for non-commercial purposes.

PGP was bought by NAI (McAfee) in 1997 and integrated into their own product line. Due to the fact that the source code of PGP was temporarily not disclosed by McAfee and features were implemented that enable automatic encryption to another recipient (Additional Decryption Key ADK), PGP has come under heavy criticism at this time. In 2002 McAfee gave up the PGP brand and sold it to a group of former PGP employees around Phil Zimmermann. This newly founded PGP Corporation has bought back all rights to PGP from McAfee and has made all source texts public again from the start.

The new PGP is now represented in many countries, including Germany, where the PGP Corporation took over the German Glück & Kanja Technology AG in 2005 and thus founded PGP Deutschland AG, which is now based in Offenbach am Main. Five years later, PGP also bought the German TC Trustcenter in Hamburg and is thus represented on the market as a certified trust center for certificates according to the German Signature Act (for qualified signatures ).

The OpenPGP standard was developed by 1998, not least because of the non-transparent situation during the time when PGP was owned by McAfee . The GnuPG program , which is under the GNU GPL , was the first implementation of OpenPGP and was developed as a free alternative to PGP. There are now many extensions to the OpenPGP standard that go beyond the scope of functions of PGP, so that the smooth exchange of data and keys is not always guaranteed.

PGP Corporation was acquired by Symantec for $ 300 million in June 2010 .


With PGP, you can choose to only sign a message, only encrypt it, or both sign and encrypt it. The signature serves to guarantee the authenticity of the message, i.e. that it is from the alleged sender ( authenticity ) and has not been changed after it has been signed ( integrity ). In practice, if messages are encrypted, they will usually also be signed.

Generation of a digital signature

In order to be able to ensure later that a received message has not been manipulated or replaced ( integrity ) and also originates from the alleged sender ( authenticity ), the sender must generate a digital signature for the message (or parts of it). A cryptological hash function is applied to the plain text message (formerly often SHA-1 , but now obsolete and replaced by SHA-256, among others). This creates a message digest (unique fingerprint) of the message that is significantly shorter than the message itself, which simplifies the generation of the digital signature. A signature is then generated from the message digest using the sender's private key.


As a second step (or first, if it is not to be signed), the sender can now encrypt the message. Here, the plain text message and the digital signature from the first step are combined into a data set and compressed to reduce the size and make cryptanalysis more difficult . These compressed data are now encrypted symmetrically to the ciphertext using the randomly generated session key K M. Since this is a randomly generated one-time key, this must be communicated to the recipient. For this purpose, the key K M is asymmetrically encrypted with the recipient's public key and placed in front of the encrypted message. An encrypted message is therefore only as secure as the weaker element from the asymmetric key for which it is encrypted and the session key. Finally, the bytes of the ciphertext and the encrypted key must be made e-mail-friendly. For this purpose, these (just like other binary data in e-mails) are encoded into specific printable ASCII characters using a Base64 variant (Radix-64) . The PGP message can now be sent to the recipient. In addition to being used for e-mails, PGP can also be used for other communication channels by signing and / or encrypting files or text (there is a separate signature process because of the inconsistent line-end coding between the operating systems).

Appearance of an encrypted message

If you encrypt the text

then the encoded message looks like this (in inline PGP format ; with a PGP / MIME email it would look a little different):

Version: GnuPG v2.0.16 (GNU/Linux)



At the beginning the recipient has to decode the existing ASCII characters with Base64 in order to get to the ciphertext and the encrypted session key. The session key can now be decrypted using the recipient's private key and the ciphertext can then be decrypted back into the compressed combination of plain text message and digital signature. To finally get to the message, it only needs to be decompressed.

However, the authenticity of the sender and the integrity of the message should also be ensured. For this purpose, on the one hand, the same hash function is applied to the plain text as on the sender, and on the other hand, the digital signature is deciphered with the sender's public key. If the associated private key was actually used to create the signature, the two plaintexts of the message digest match; and it can be assumed that the message has not been changed. It can be assumed that it also comes from a specific sender if the signing key can be reliably assigned to a sender, regardless of the processing of individual messages.


One possible attack arises from the practice of first signing messages and then encrypting them. After decryption, the recipient can forward the signed message to a third person using a forged sender. If the addressee is not named in the message, the valid signature can give the impression that it was sent directly by the original sender to this third person.

In addition, it was criticized that the public keys are often stored on servers to which every person has read and write access. So it happened that wrong keys were stored there. One approach to prevent this is the DANE / OPENPGPKEY specification from the Internet Engineering Task Force .

See also

Web links

Commons : OpenPGP  - collection of images, videos and audio files

Individual evidence

  1. a b c Simon Singh: Secret Messages . ISBN 3-423-33071-6 .
  2. ^ Daniel Bachfeld: PGP buys encryption specialists Glück & Kanja. In: heise Security. Heise Zeitschriften Verlag, March 7, 2005, accessed on August 30, 2012 .
  3. ^ Christian Kirsch: PGP buys German trust center. In: heise online. Heise Zeitschriften Verlag, February 2, 2010, accessed on August 30, 2012 .
  4. RFC 2440 , revised version since November 2007: RFC 4880
  5. Peter-Michael Ziegler: Symantec buys encryption specialists PGP and GuardianEdge. In: heise online. Heise Zeitschriften Verlag, April 29, 2010, accessed on August 30, 2012 .
  6. ABOUT SYMANTEC. PGP. Symantec Corporation, accessed August 30, 2012 .
  7. ^ Donald T. Davis: Defective Sign & Encrypt in S / MIME, PKCS # 7, MOSS, PEM, PGP, and XML . In: 2001 USENIX Annual Technical Conference . 2001 ( ).
  8. ^ Paul Wouters, Red Hat : Using DANE to Associate OpenPGP public keys with email addresses. Network Working Group, Internet Engineering Task Force , October 19, 2015, accessed December 4, 2015 .
  9. Dusan Zivadinovic: Mail encryption: brings automated PGP key management. In: heise online . Heise Medien GmbH & Co. KG , Hanover, March 10, 2015, accessed on January 22, 2017 .