The Quest For Something Simplerįrom a cryptographic standpoint, PGP is rock solid. When possible, other users who have already established a web of trust with someone validate such public keys–in the past, at public key-signing parties, where people would hand around drivers’ licenses or other documents. In PGP, users creates their own key pair, and then distribute the public key widely–people even put them in their email signatures or Twitter profiles. Then only valid receivers can decrypt the data, no matter how it’s disseminated, including on publicly available websites. When encrypting data with PGP, a strong symmetrical key–used both to encrypt and decrypt–is itself encrypted with one or more recipients’ public keys. A message signed with a private key can only have been validated by the possessor of the private key. The Bitcoin virtual currency system is entirely based on PK: the private keys are essentially the currency, and public keys are “addresses” at which money can be received.Ī message encrypted with a public key can only be decrypted by someone who possesses a private key. The private key must be kept secret the public key may be freely distributed. Public-key cryptography relies on generating a public/private key pair using an algorithm that involves very large prime numbers that aren’t susceptible to cracking. Instead of using PK for everything, Zimmermann relied on it just as a method of securing a strong encryption key that was optimized for speed and encrypting runs of text or data. (PGP is also now widely called GPG–GNU Privacy Guard–for the free-software alternative that now dominates.) Phil Zimmermann, creator of PGPĪt the time Zimmermann devised PGP, public-key cryptography (PK for short) was used primarily in corporate settings for highly specific needs, in part because it was too computationally taxing for garden-variety computers. In addition, such a system would be resistant to man-in-the-middle attacks. He had the notion that the way to aid people around the world opposing tyranny would be to provide strong encryption that governments would be unable to foil, and which didn’t rely on a central point of failure. My publicly-auditable identity:Ĭonsider the keybase command line program.PGP is a nifty system designed 25 years ago by Silent Circle founder Phil Zimmermann.
With the key ASCAHd5HOUJfLpkEmAjDJx-govTve7PlS686WdvnXi6p4Qo, yielding the signature: hKRib2R5hqhkZXRhY2hlZMOpaGFzaF90eXBlCqNrZXnEIwEggB3eRzlCXy6ZBJgIwycfoKL073uz5UuvOlnb514uqeEKp3BheWxvYWTESpcCCMQgcQgFRVkHK43r7ma6rc28PiV11EnKprkWNOcIfNmapbbEIIw0WUL85M2TIMEyx4sdBMN61wmDtVtxU6SwzIHYTSz2AgHCo3NpZ8RApHYp6jysqLTBxblMesZDNBYUOYIsRNCe7MTCjstGLfPreYq5T8j7iGXjZ4v4GV3NmHgEyuqX+uPsDiiY8y+ODahzaWdfdHlwZSCkaGFzaIKkdHlwZQildmFsdWXEILwZZuBQDuzXzl9RkKppQGIXVWGaWaxQZRFJ8loZ5GiGo3RhZ80CAqd2ZXJzaW9uAQ=Īnd finally, I am proving ownership of the github account by posting this as a gist.