Is PGP the Solution to Protecting Your Private Emails?

  • Thread starter billiards
  • Start date
In summary: If someone obtains your private key, they can decrypt the messages.PGP also has other layers of protection which you can read about on the wiki page I linked to earlier.The public key that you got from the server is not...the only way to decrypt the messages is if you have the private key. If someone obtains your private key, they can decrypt the messages.
  • #1
billiards
767
16
This is a thread about encrypting your private emails. I put it in discussion as I would be interested to read about people's views on this given the recent revelation that certain governmental agencies are storing all our emails. Does anybody out there encrypt their emails? Or perhaps you would like to do it in principle but never really looked into it?

I myself only download a PGP pretty good privacy encryption package today (link), which I have been playing around with. However I must say that so far I am a little disappointed. Not with the technology itself, but with the limitation that people I want to write emails to don't use PGP.

You see, in order for a message to be encrypted both the sender and receiver need to have a key set (one private key and one public key). I can only send (or receive) encrypted messages to (or from) someone else who has a key. The only person I know who has a key is myself, so basically so far all I can do is send encrypted emails to myself!

So I'd be keen to hear from people that have experience using PGP. And I'd be keen to hear if people think it's a good idea for the public to protect their emails from snoops in general. I can't help thinking about "climate-gate" -- if they had used PGP the hackers would have had no chance at reading all their emails.
 
Computer science news on Phys.org
  • #2
I just use ig-pay atin-lay when it's really private.
 
  • #3
Do you have anything worthy enough of protection that hackers would be motivated to go after it specifically? Either way, you should consider the possibility that encrypting your email may make it look more interesting.
 
  • #4
PGP is in use since at least twenty years - I remember discussions over whether we should allow its use across FIDO BBS boards somewhere in mid nineties. My bet is that fact that still not many people use it means that most people don't care that much about the content of their messages.
 
  • #5
I had a paranoid friend years ago that used it. Honestly there is nothing in my emails that need to be encrypted.
 
  • #6
A little bit of paranoia can be a good thing. I don't want someone snooping around my private life. If we can take steps to stop strangers reading our private communications then I for one am willing to take those steps. Maybe no one will ever read my communications -- but now I KNOW that my emails are being stored online by government data agencies -- I can simply encrypt my messages and they can't read them - ever - unless they get hold of my private key (or spend a great deal of computer power figuring it out).

I suspect that if people (the general public) knew about PGP, were taught how to use it (it's not hard, but you need a little bit of technical understanding), and so started using it on their computers, they would love it. I bet the reason it hasn't caught on is simply because people don't know about it.
 
  • #7
If the government decides to read or modify your email, they can - regardless of how strong encryption you use.
If the public key is compromised, all bets are off.

I work in a security company and one of the features our team recently developed will do the man-in-the-middle attack, regardless of what algorithm you use.
 
  • #8
jobyts said:
If the government decides to read or modify your email, they can - regardless of how strong encryption you use.
If the public key is compromised, all bets are off.

I work in a security company and one of the features our team recently developed will do the man-in-the-middle attack, regardless of what algorithm you use.

You can download my public key, if you know my email address, it is freely available for download on a server. I want you to download it -- especially if you want to send me an encrypted message. You won't be able to use it to decrypt my emails though.

All bets are off if you get hold of my private key. But unless you hack into my hard-drive and steel it it will take a lot of computational effort to reveal it. PGP also has other layers of protection which you can read about on the wiki page I linked to earlier.
 
  • #9
billiards said:
You can download my public key, if you know my email address, it is freely available for download on a server. I want you to download it -- especially if you want to send me an encrypted message. You won't be able to use it to decrypt my emails though.

The trick is the public key that you got from the server is not the public key of the person that you actually intended to communicate. You are actually talking to a gateway that acts as the man-in-the-middle and he gives his public key to you. The man-in-the middle gateway is able to get a fake certificate, certified by a certificate authority (say, verisign), where the actual public key is his, not of the actual user you wanted to communicate.

You encrypt the email with the public key provided by the man-in-the-middle, and he is able to read the email using his private key. Then he re-encrypt the plain text email with the ultimate email recipient's public key and send to the ultimate email recipient.

As long as there is a man-in-the-middle gateway that could give you a forged certificate, both parties are actually without knowing, talking to the man-in-the-middle, not to each other.
 
  • #10
jobyts said:
The trick is the public key that you got from the server is not the public key of the person that you actually intended to communicate. You are actually talking to a gateway that acts as the man-in-the-middle and he gives his public key to you. The man-in-the middle gateway is able to get a fake certificate, certified by a certificate authority (say, verisign), where the actual public key is his, not of the actual user you wanted to communicate.

You encrypt the email with the public key provided by the man-in-the-middle, and he is able to read the email using his private key. Then he re-encrypt the plain text email with the ultimate email recipient's public key and send to the ultimate email recipient.

As long as there is a man-in-the-middle gateway that could give you a forged certificate, both parties are actually without knowing, talking to the man-in-the-middle, not to each other.

Yes I understand it. But this is completely different from being able to decrypt messages. This is tricking the sender into sending the message to the wrong person. Fortunately there are some pretty basic ways to avoid being tricked.
 
  • #11
billiards said:
This is tricking the sender into sending the message to the wrong person.

That's how the government reads your encrypted communication. They do not bother deciphering the content by cryptanalysis of the crypto algorithm for bulk of the people.

The communication happens between the two end parties. But the secure session ends at the man-in-the-middle.
 
  • #12
All of my e-mail input is either spam, notifications from PF or Adventure Quest, or fliers from my pharmacy. Anyhow, I can guarantee that you cannot purchase encryption that the NSA can't decrypt. That's been their sole purpose for about 50 years.
 
  • #13
Danger said:
All of my e-mail input is either spam, notifications from PF or Adventure Quest, or fliers from my pharmacy. Anyhow, I can guarantee that you cannot purchase encryption that the NSA can't decrypt. That's been their sole purpose for about 50 years.

NSA would have extreme trouble with Lisab's encryption. Deciphering pig-Latin has become a lost art.
 

FAQ: Is PGP the Solution to Protecting Your Private Emails?

What is Pretty Good Privacy (PGP)?

Pretty Good Privacy (PGP) is a computer program used for encrypting and decrypting data. It was created by Phil Zimmermann in 1991 and is widely used for secure communication, such as email, messaging, and file storage.

How does PGP work?

PGP uses a combination of symmetric-key and public-key cryptography to encrypt and decrypt data. The sender uses the recipient's public key to encrypt the message, which can only be decrypted by the recipient using their private key. PGP also uses a digital signature to verify the authenticity of the sender.

Is PGP secure?

PGP is considered to be highly secure, as it uses strong encryption algorithms and has been extensively tested and reviewed by security experts. However, like any encryption system, it is not completely foolproof and can be vulnerable to attacks if not used correctly.

Who uses PGP?

PGP is used by a variety of individuals and organizations, including businesses, governments, and individuals who want to protect their privacy and secure their communication. It is especially popular among journalists, activists, and whistleblowers.

Is PGP legal?

Yes, PGP is legal to use in most countries. However, some governments have regulations on the use and export of encryption software, so it is important to check your local laws before using PGP.

Similar threads

Replies
8
Views
1K
Replies
1
Views
658
Replies
4
Views
1K
Replies
24
Views
1K
Replies
4
Views
3K
Replies
13
Views
4K
Replies
2
Views
3K
Replies
1
Views
1K
Replies
13
Views
3K
Back
Top