PGP-Keys

PGP is an abbrevation of "pretty good privacy". In the meantime it has developped to a keyword for anything compatible to the format of keys, messages and signups Phil Zimmermann developped with his PGP 1.0 more than 10 years ago, when he decided not to follow the intention of american secret services to limit the access to good encryption codes for the rest of the world outside north america.

PGP is based on a number of algorithms, which have one thing in common: for the encryption and the decryption of messages you need two pieces of text (the key parts), one of them is public and the other is private. The private part of my key is only known by me, whereas the public part of the key is available at a number of key servers in the internet, where you can look up my keys. The public parts are not protected in any manner, the only thing you have to check is their authenticy (that means, you must be shure, that these keys are really belonging to my secret key, so I am the only one who can decrypt the message).

My Keys

The public part of my PGP-Keys can be found following these links:

public part of my DH/DSS-key set (exported without picture of me, readable from older versions of PGP which understand DH/DSS keying)

public part of my DH/DSS-key set (complete, requires version 6 of PGP)

(These parts of my public keys can be used to encrypt e-mail messages for me or to check the authenticy of a e-mail signed by me with one of my private keys)

Attention: In principle, any computer can be hacked. So it is impossible to secure that these keys are authentic. Bevore someone trusts these keys (to trust a key means to be shure, the key is really belonging to the private part of my key), he (or she) shall check with me the "fingerprint" of the key (at the phone or possibly with the fingerprint on my visiting-card). Only if this signature is identic, you can be assured that this key is identic with the key I have generated. 

Why shall I encrypt e-Mails?

Well, that is very simple to explain: E-mails are sent "naked" over the internet, without a protecting envelope. Any computer the mail passes on the way between sender and receiver can temporarily save the message and check it for key words, forward them to the chief, give the FBI message that the word "snow" was in the last message of your skiing hollidays and so on. The encryption of PGP can be imagined as a protecting envelope around the message. And the special: this envelope can only be opened by me. This is necessary, because a digital envelope does not show any signs of destruction after having been opened (successfully hacked) by unathorized persons. 

As second function PGP enables signing of e-mails. This can be regarded as a digital signatur, which can only be generated by the person with the right private part of the key. This digital signature is attached as a text block to the mail. With the aid of the public parts of the key it is possible to check the authenticy of the signed message (that means, you can assure that the message is truely from me an has not been altered on the way to you).

How secure is PGP?

This is depending on the finding of an algorithm for the "discrete logarithm", with which the code of approximately 80% of all encryption algorithms could be broken - all of them are relying on the property of large prime numbers and their products. But there exist serious intentions, that such an algorithm does not exist. With "brute force" (evaluate all possible key values) it takes (depending on the algorithm) between 2 hours and some days on a "normal" PC to hack an 40 bit sized key. With every bit more length of the key, the time consumption approximately doubles (it increases more, because normal PC's have only the capacity to calculate 32 bit of a number at one time; larger multiplications and additions have to be split up). PGP allows key lengths of up to 4096 bit!
In the moment, you can assume that a 512 bit wide key is unbreakeable even for the best secret services - at least in a time, in which the enclosed information can be of use. This holds only, if no more extra information is available on the key (which would limit the number of key you have to check in order to break the encryption)!

Where can I get PGP?

For private use, PGP is free of charge, only for comercial use you have to buy a licence. You can download PGP at www.pgpi.com. Various versions of PGP are also part of several Linux-distributions.

A PGP-compatible, free encryption software is GnuPG, which is developped following the Gnu Public License. GnuPG can be downloaded from the server of the GNU organisation under www.gnu.org.

For windows systems, a good bundle to get PGP work as plug-in on major eMail client programs is GPG4Win, it can be downloaded under www.gpg4win.de . It also contains plug-ins which work under Eudora mail and Microsoft Outlook.