PGP: Secure Encryption
- PGP: Secure Encryption
- What is PGP and how it works
- PGP applications to install
PGP Encrypt Message
PGP Decrypt Message
PGP Generator – Get a PGP Key
If you want to communicate securely on the Internet, you should rely on trustworthy encryption. There are a number of things to consider so that you don’t end up in a trap to avoid. Because encryption is one thing, anonymity is something else entirely. We will examine both topics here. Let’s start with the question of the right encryption: PGP is the best way to encrypt a message on the Internet. Also because it’s free. But especially since it is safe when used correctly.
Hier klicken: Du suchst nach der deutschen PGP Version.
What is PGP and how it works
Pretty Good Privacy is a program used to encrypt and sign messages and emails. The software with the name “pretty good privacy” was launched in 1991 by the former developer Phil Zimmermann. PGP is based on the principle of asymmetric encryption. While the sender encrypts the content of his message with the recipient’s public key, the text can then only be decrypted with the correct counterpart – the recipient’s private PGP key.
The commercial variant of PGP is less important today. Because OpenPGP, a free form of encryption technology, has prevailed. OpenPGP is based on PGP, but has been supplemented by many other useful functions. And our PGP Tool works with the same technology, which you can use free of charge for the encryption and decryption of messages.
Is PGP still secure
When used correctly, PGP is perfectly safe. The private PGP key is always required for the decryption of messages, which you should protect against unauthorized access in a suitable storage space. In addition, a good password (PGP passphrase) is essential because it protects your private key from misuse. If you forget your passphrase, your private key is useless – the reverse is true! The highest risk arises when handling, especially if the key and password are stored on the cell phone. Even if it is tedious to type in the password when decrypting it using the smartphone keyboard, it is the safest.
Please note when using our PGP tool that we do not store any data about you. This would be in contradiction to asymmetrical encryption, in which only one person should have the private key. Therefore, we cannot help you if you lose the key or password. Our PGP Tool is intended for fast, uncomplicated purposes and should give you the opportunity to use PGP here and now – especially anywhere, regardless of the platform.
In the further course of this article we will introduce you to other programs that are suitable for professional use on Windows, Linux or Mac for professional use.
One more thing about security: There are always ways to completely bypass applications and their security functions. We therefore advise you to do this in a sandbox if you want to transmit or receive very confidential information. It is an environment that is isolated from your system. The human being is and remains the greatest risk in the chain.
How does PGP work
PGP preferably uses the principle of asymmetric encryption, in which a message is encrypted with the recipient’s public key. The content can only be decrypted with the corresponding counterpart, the private PGP key. The password is also required in order to use the private key for decryption. Technically speaking, PGP uses a hybrid solution. Because it mixes symmetrical and asymmetrical encryption for performance reasons.
The content of the email is encrypted with a generated symmetrical session key. Only this session key is then encoded with the recipient’s public key.
How to sign E-Mails with PGP
To authenticate the authenticity of an email, you can sign PGP messages. To do this, PGP generates a unique checksum, the so-called hash, which is placed over the content of the email. You then only have to certify the hash with your secret, private key. The recipient uses the same method to compare the authenticity and can thus ensure that the email has not been tampered with on the way.
How do I get a PGP Key?
With the PGP sela tool you can easily create your public and secret PGP key. It is possible to enter a name or e-mail address (which is not absolutely necessary but can be a reference to your identity). In any case, you should carefully select the password. Any good system can become unsafe due to application errors. After you have clicked the Create PGP Key button, two keys are created. You share the public key, the so-called public key. Only those who have this key from you can send you encrypted messages. The counterpart, the secret key, is also generated with the sela PGP tool. This will stay with you. Choose a secure password when you create it. Only those who have your secret key and password can decrypt your messages.
What’s a Public Key?
PGP encryption is based on a public key process. The public key is the public key. This key is important so that messages can be encrypted at all. If you want to send someone an encrypted PGP message, you have to ask for their PGP public key. Here is the greatest risk of being spied on. Because: If you receive a manipulated PGP public key, your message may be read by strangers. So let the recipient send the public key signed. It is difficult to confirm the authenticity of the public keys published on websites.
How to open a PGP File
You can open the contents of a PGP file with a simple editor, such as Atom. For a quick decryption of the PGP file, the sela PGP decryption tool is available. First you need your secret PGP key – this is not saved on our servers. In addition, sela.io uses a secure SSL connection so that the key cannot be “intercepted” by third parties. This also applies to your password. Then paste the text from the PGP file into the text field “PGP message to decrypt”.
What does GPG mean
Behind GPG is the name GNU Privacy Guard, which is also abbreviated to GnuPG. The free cryptography system implements the OpenPGP standard according to RFC 4880 and was developed as a replacement for PGP. OpenPGP is the most widely used email encryption standard and is based on PGP. OpenPGP was simply replaced by many useful functions.
PGP applications to install
As we wrote at the beginning, there are other PGP applications that you can use instead of sela PGP. Our web-based software is suitable for tests and fast, uncomplicated processes. We generally advise professional intentions to use one of the following programs.
PGP Software for Mac
There are a number of good programs for Mac. We recommend the GPG Suite from GPGTools. This software contains the functions GPG Mail, GPG Keychain, GPG Services and MacPGP. You can store all public keys in this program. If desired, the GPG Suite can be integrated into your email program, Apple Mail. Emails are then automatically encrypted and decrypted. You can test the software for the first 30 days free of charge. The GPG Suite currently costs around 24 euros (as of June 22, 2020). If you use the email program Thunderbird, you will find it with Enigmail. Click here for the GPG Suite.
Enigmail PGP solution for Thunderbird users
Enigmail is an addon for the email client Thunderbird. The addon extends Thunderbird with OpenPGP encryption and authentication of messages. It offers automatic encryption, decryption and integrated functions for key management. Enigmail is based on GnuPG for the cryptographic functions. The program is free of charge. GnuPGP is an extension of PGP. GnuPG is not part of the installation of Enigmail, but is downloaded as part of the installation process. Here is Enigmail.
Enigmail Thunderbird – update from July 07, 2020
The 78th version of Thunderbird will be released shortly. This brings with it some very important changes regarding PGP and Enigmail. The old interface, through which extensions were previously installed, is no longer part of the latest Thunderbird version. This also means that Enigmail will no longer work. Enigmail developer Patrick Brunschwig announced last year that he would not make any adjustments to Enigmail due to time constraints.
Thunderbird PGP – the solution
Together with the Thunderbird developers, Brunschwig programmed native OpenPGP support directly into the email program. In version 78, PGP encryption is integrated from the start. It is important to note that the standard version 78.2 will only appear in autumn. Until then, you should wait to update to the new Thunderbird version, as some important functions are still missing in PGP.
PGP from Thunderbird version 78
The end-to-end encryption is indicated directly on the Thunderbird overview page. In the account settings, an OpenPGP key can be generated for the email account or an existing key can be imported. The menu is simple and clear. If a new PGP key is created, the validity can be set and the desired encryption algorithm RSA with 3072 or 4096 bit and ECC (elliptic curve Curve25519) can be selected. It is positive that Thunderbird also encrypts the subject of the email and sends the message as an attachment (PGP / MIME) and not as a PGP / Inline.
As an alternative to OpenPGP, email encryption S / MIME is available, but this was also integrated beforehand and is mainly used in professional email traffic. Anyone who has used Enigmail so far should wait for the update. The author of Enigmail commented as follows: “If you use OpenPGP emails for critical purposes, please do NOT manually update to Thunderbird 78.0. Instead, wait until the update is automatic.” Thunderbird does not set up anymore like Enigmail GnuPG and its key management, but to the OpenPGP library RNP. The keys from Enigmail will only be migrated with the future (from 78.2) version.
Compared to Enigmail, everything looks tidier, more integrated and above all easier.
Gpg4win PGP solution for Windows users
Those who use Windows are very well served with Gpg4win. This software is probably the most popular for all common Microsoft operating systems. Gpg4win is based on the two relevant cryptographic standards OpenPGP and S / MIME (X.509). With Gpg4win you can encrypt and decrypt e-mails, files and file folders easily and free of charge, as well as ensure and verify their integrity (unchanged) and origin (authenticity) using digital signatures. Gpg4win consists of various free software components that can be installed optionally. The software is free. Click here for Gpg4win.