How PGP / GnuPG Works

e-ignite:  Communicate Securely

PGP and OpenPGP use the same method to encrypt email.  When you create an email and encrypt it, OpenPGP encrypts (or scrambles) the content in a special way based on the public key of the recipient. The public key is uniquely mathematically related to the private key, so when the recipient recieves the email, they use their private key to decrypt (or unscramble) the text.  Without the associated private key, it would not be possible for another person to decrypt the email sent to the recipient's public key.  Your own public key is not involved when encrypting an email to another user's public key. Your private key would only be used in this process if you signed the email in addition to encrypting it.

Contents of this page:
OpenPGP
PGP/MIME


OpenPGP

Here's a quick demonstration - an email I encrypted to myself:

 

Unencrypted text:
"Hi. This is a quick demonstration of OpenPGP Encryption and how it works."

 

Encrypted text:
-----BEGIN PGP MESSAGE-----
Charset: ISO-8859-1
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
hQEMA151kPhLHUvNAQf+I9sHISzDjwqMFlMIH7xy1l2aSaFuHFPZZN/Osyv7UkC0
JBnBR3kBqi+gzTXYlt7921EMBxkE1SjFPECWAjrm94kpH7W7GDM+5g6gqZ7sFbRk
zNqnviOlvxHG4Su4uqMLJpA32pDf8E2JH9/4vUJdgOox22RAgG2VE9CfFSt5gZVC
vBzCqG0YqMll5EkWDb6hEbgUJ0sve7iuNPFuJv072w4CAMQB/MDwmpWQ72iVr21o
3kBqMQB/MDwmpPECWAjrm94kpH7W7GDMvBzCqG0YqMll5EkWDb6hEbgUJ0s
w7tbQWIGRJyRTIK5JVfoqJ8El8DqhFsCX7oPSYehSfXB/puchyhG9QSPYP9vLzSs
wxd5rw+vDnGUw1GqdjvWClU6nH7GmJmsKavsYB5UGtKyAaWruStBqvQ2wtJskmEI
w7tbQWIGRJyRTIK5JVfoqJ8El8DqhFsCX7oPSYehSfXB/puchyhG9QSPYP9vLzSs
1CFH0/E9UKj97uZc4J2O/PBEFxhDSuFx5lSkjOUF+pPOV8boIDVvqiN2WyFo4PlP
1oMP8x48sR85XoDjcLAhDxfc94PYoiur5lxZZG07M7Kl7ivMD64UCPgYjY9yHEOw
aYuM+RMuGJKChVEMMhieBWcpLA==
=EBB/
-----END PGP MESSAGE-----

 

If you sign a message, it is still readable by others, but some PGP Text is included.  This additional text is translated by OpenPGP to verify who the sender is and if the message has been altered in any way. Your private key is used to generate the signature on an email, thus "proving" that you were the originator since you are the only person who knows the passphrase and has access to your private key. For example:

 

Unsigned text:
"Hi. This is a quick demonstration of OpenPGP Encryption and how it works."

 

Signed text:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
 
?Hi. This is a quick demonstration of OpenPGP Encryption and how it
works.?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iQEVAwUBQ621U151kPhLHUvNAQjj8ggAia1C+t8QqCrPZypn/ZRCU8BWtEhfTAS/
hE5KiCtapQfIzEaPXdbI+I39aCphROszw2f0aunsrKzBbVD8ufs/VQkSpRYBzIho
rjNGz5zy+30IUWLCCKBaiu4Mr0MpAE3P98lL2VQmVGgDxV5VLFkkBsvJIYAs8mkl
hGYFYFtfft655YFFfJO+okIHUU/UTTtytfgh65hdrRfj:OojihygfttyfDRVBVDK85rfbKLOO8
MqeEScjWyDKh20wgLfPw3oiOaKazKTgtDRIgs7lP8uTFsHGQXs3abANw4S3Je11B
rjNGz5zy+30IUWLCCKBaiu4Mr0MpAE3P98lL2VQmVGgDxV5VLFkkBsvJIYAs8mkl
29qJJ7NKD9BY9tpKF0ZCDXw8iSlqsHO/Xfe5zwAC1dF2Vqe84+Ywyw==
=zJBS
-----END PGP SIGNATURE-----

Enigmail output:

Enigmail Output

Enigmail's clean interface removes all the scrambled text, translates it into something meaningful then makes a comment on it for you.  Above is an example of a "good" signature - Enigmail removes the "coded text" so all that's left in the "message" window is the text the sender typed to you.

PGP/MIME

PGP/MIME works in a slightly different way than the standard OpenPGP encryption / signing method shown above. If you want to create a formatted-text email using Bold, Italic, Underline etc, or use different fonts and sizes, you actually create an html file that displays all the formatting.  If you convert it to plain text, you lose all the formatting you've created and all the recipient will see is plain, unformatted text and all your time and care has been wasted.

PGP/MIME allows you to send formatted text by saving the formatted text as an html file. These files can be read by virtually all mail clients. Enigmail then signs or encrypts the file rather than the text so your recipient will see your email the way you want them to.  This works in the same way that PGP/MIME encrypts and signs files.  You can send encrypted files via Enigmail, but to sign and/or encrypt the file as well as the text, you must use PGP/MIME. If you don't, the email will be signed / encrypted, but the files will be accessible to anyone.  If you need to encrypt documents and send them via email, you must use PGP/MIME.


Copyright e-ignite.co.uk | e-ignite is powered by ihws.net | About e-ignite