What Is PGP? And Why You Need To Know

September 30th, 2010   Submitted by Paul Rosenberg

I am always disappointed to see how few liberty folks know what a PGP key might be, much less have one to share. This is a huge omission, and I aim to fix it.

THE CITY WALLS

Imagine life in the old days, with walled cities and roving bands of knights, brigands and thieves. When trouble was close, everyone withdrew to within the city walls for safety. To stay outside would have been to invite disaster. This is a very close analogy of the situation we find ourselves in now.

The Internet is being massively monitored by states, spies (of many types) and myriad crooks, both organized and rogue. Hanging around in the open is ridiculous… but that is precisely what you are doing without encryption.

You don’t feel unsafe? Then wise-up; you are anyway. Denial and childish oblivion is not territory you should defend.

Our city walls are encryption, and it is embarrassingly cheap. Not using it is simply foolish.

As far as anyone knows, good encryption has never been broken. The proof of this is that quite a few more people would have been detained for questioning if it were.

PRETTY GOOD PRIVACY

The type of encryption that is best used for messages (like emails) is called public-key cryptography, and the standard version of it is called Pretty Good Privacy, or PGP.

PGP was written by a young cryptographer named Phil Zimmerman – who nearly went to jail when his friends released it to the world. Believe it or not, encryption programs were classified by the US government (and others) as “munitions” prior to that time. The state did not want cryptography to be available to people.

Zimmerman nearly spent years in jail to give cryptography to you – spend a few minutes learning about it now.

TWO KEYS

When using PGP and other programs of the same type, you start by generating a key-pair. (Keys are merely long, unique strings of numbers.) That is, the program creates two keys for you. One is called a private key; the other is called a public key.

The public key is the one you give to all your friends. It allows them to encrypt messages to you.

The private key is the one that you use to decrypt messages from your friends.

The two are related to one another, but not in any way you should worry about – it’s all crypto stuff inside the program.

The above cannot be too hard for you to understand.

THE PROCESS

Is easy! Sure, like anything with computers, it takes longer the first time. Get over it.

To send a message to your friend:

  1. Write the message in your word processor.
  2. Highlight and cut.
  3. Click on your encryption icon, and then click “encrypt message.”
  4. Pick the keys to encrypt to: your friend’s and yours.
  5. Click encrypt. (Your clipboard now contains the encrypted text.)
  6. Paste into an email.
  7. Send.

Is that too hard?

To decrypt a message from your friend:

1.      Copy the text of the email.

2.      Click on your encryption icon, and then click “decrypt message.”

3.      Enter your passphrase into the window that pops up. (Your clipboard now contains the encrypted text.)

4.      Paste the decrypted text into a document.

5.      Read it.

Terrifying, huh?

Oh wait, I said “passphrase.” Another terror, there: It’s just a long password. Use a phrase and toss in a number or two for spice. Ho hum.

DO IT

Get off your butt and do it. Here’s how:

PGP: http://www.pgp.com/ The for-pay version. Not expensive and they really help you.

GPG: http://www.gnupg.org/ The free version. Does the same thing, without the extras.

GPG for Windows: http://www.gpg4win.org/

So, there you have it. Spend half an hour and act like a serious person. Either that, or be like the guys who march around with signs and say, “Oh, yeah, we’ll triumph over the state, but we’ll just ignore the fact that we’re doing it from inside their armed camp. We can’t be bothered to go inside the walls.”

People – even most liberty people – avoid facing-up to any threat from their enemies. “Ignore that stuff, it’ll always be painless and we don’t have to really risk anything.”

So, are we serious, or are we pretending?

© Copyright 2010 by Paul A. Rosenberg

Paul Rosenberg is the CEO of Cryptohippie.com

26 Responses to “What Is PGP? And Why You Need To Know”

  1. Seth KingNo Gravatar says:

    For the record I am already glad I’ve followed these steps. Encryption always seemed confusing to me and while I may be a noob, I am already finding it much easier than I originally thought.

    Part of the reason why I am happy that I’m learning about PGP is that when I downloaded gpg4win it came with a program called Claws Mail. I’ve been using Outlook 2000, which I hate, because the newer Outlook costs money(not that I want any version of Outlook) and the alternative mail client(I can’t remember the name) I tried was crap as well. I am already liking Claws Mail a lot because it is free, easy to use, and it specifically designed for security. So, if you download gpg4win it will ask you what you want to install, make sure you click Claws Mail if you want a better mail client.

    Lastly, if you’re a noob like me, the whole process, including reading the user manuals, will take several hours to get going. It’s definitely no 30 min setup. But I think it’s well worth it. If you have any questions setting it up, feel free to ask here.

  2. RJ MillerNo Gravatar says:

    I’ve been looking for something along the lines of an open source encryption program for a while now! I’ll probably get PGP sometime in the future (as I have been meaning to for a while now), but for now I’m glad you gave links to some free alternatives.

    Based on your comment Seth, I think gpg4win will become a staple in my daily life.

  3. augustNo Gravatar says:

    Sounds like a good idea, but you ended on a sour note: copyright. really?

  4. Seth KingNo Gravatar says:

    I know. I asked him about that. He says he does it to protect himself against plagiarism. =P

    • LinuxNo Gravatar says:

      He does it to prevent plagiarism? Still doesn’t seam to justify using a mark of coercion (copyright). To me plagiarism is an ethical issue only, and that using force to prevent or draw compensation from someone for plagiarizing your work is wrong.

      Discus?

  5. JdLNo Gravatar says:

    Excellent column! Would you consider a follow-up on steganography? It’s becoming vital to hide not just the encrypted contents of a message, but also the fact that there IS a hidden message, as government thugs become more insistent that there be NOTHING they can’t peer into whenever they please.

    Another commenter says, “… you ended on a sour note: copyright.” Please spare us your whining! You sanctimonious would-be freeloaders really give me a pain. Have you ever produced anything useful? Apparently not, or you’d understand the legitimacy of and need for copyright.

  6. MamaLibertyNo Gravatar says:

    Unfortunately, your “holier than thou” attitude pretty much destroyed an otherwise good article idea. I’m sure all the folks you called stupid and lazy will just flock to encryption now.

    I’ve used PGP, and now OpenPGP in a Linux environment, for almost as long as it has been available. Some other people choose to use it, and many do not. Encryption is not a panacea or the answer to all problems.

    There are times to get inside the walled cities… and sometimes one must kill the brigands by any means necessary – OUTSIDE the walls.

  7. RJ MillerNo Gravatar says:

    Seth, I’m definitely starting to see what you mean by this not being any typical 30 minute set-up… I hope to see later on today whether or not I’ve set it up right, but if not I’ll ask some questions here since I’ve never even used anything resembling Outlook before.

    • Seth KingNo Gravatar says:

      I should have been more specific. You don’t need claws mail for your PGP to work. You can use yahoo, gmail, whatever. Claws Mail is simply a better mail client than Outlook(in my opinion). But if you don’t use a mail client then don’t worry about Claws Mail.

  8. JustSayNoToStatismNo Gravatar says:

    “Oh, yeah, we’ll triumph over the state, but we’ll just ignore the fact that we’re doing it from inside their armed camp….

    So, are we serious, or are we pretending?

    © Copyright 2010 by Paul A. Rosenberg”

    …..Mocks us, asks a question, and answers it in the next line…..
    Looks like Rosenberg’s the one working in their armed camp. Copyright? Using the state to make something artificially scarce. And then to call us pretenders!! Hah!

    I would like to try this encryption stuff if I ever get time though.

  9. reformedneoconNo Gravatar says:

    Don’t you think this could flag you to the goons in government? Couldn’t they have it set up that whenever you log on to pgp.com they start to track you? Why not just fly under the radar? The idea is interesting – just worries me a bit.

    • Seth KingNo Gravatar says:

      I’ve wondered that myself. The mere practice of encrypting one’s messages is a flag. But, the more people that do it the less relevant it becomes.

      Of course you have to remember that the state is not the only enemy. There are tons of others out there that will invade your privacy if they can.

  10. boniekNo Gravatar says:

    Somebody tell the author that is someone plagiarizes his article he should be happy – that means his ideas are worthwhile to be plagiarized. Besides it helps spreading the message around. Proving who written what in age of internet is easy – just look at the date of publication of article through google or webarchive – oldest one wins 😉

  11. boniekNo Gravatar says:

    Government can only exist because people police themselves. I have never in my entire life been aggressed against by the state because of my ancap beliefs – ordinary people do it all the time.

  12. For those who aren’t old enough to remember, there used to be people called Political Officers in the old socialist states. It was their business to assure that everyone remained ideologically pure. In so doing, they threatened, harassed, and worse.
    That is what we are NOT to be.
    I was disappointed with the way my recent article on encryption was received by some readers. I was asked to give you tools to use, to keep yourselves safe and to build actual free structures. In response, I got insulting comments on the use of a copyright notice.
    Let me be clear about this: You are playing the “ideological purity” game, and it leads to nowhere and nothing. I’m trying to give you tools for action, and you’re playing talking games, which, by the way, are almost never, ever followed by action.
    I don’t give a damn about state copyright law. I use the notice as a fast, convenient way of saying, “I’m paying attention.” You see, I’ve actually had books ripped-off. I sometimes use a Creative Commons notice, but other times I just slap up the usual notice. I don’t like to waste time and effort on trivial things.
    If any of you were actually concerned about me, I would have received a letter that said something like this:
    Dear Mr. Rosenberg, I’m concerned that you are making an error by using a copyright notice. I think that its use imputes legitimacy to the state, ending up with you building that which you also seek to destroy.
    That would have been a comment worthy of some thought and a thoughtful response. Alas, I got insulting remarks.
    If you are interested in schoolyard word-wars, please don’t read anything I write: I write for people of good will and action: People who want to build, rather than push others downward.

    • RJ MillerNo Gravatar says:

      So far your post has single handedly changed my life – using the free program you linked to is now part of my daily life thanks to you!

      Doing heavy research over the past few weeks has gotten me into the prospects of post-quantum cryptography. Do you think it’s likely the NSA or some other group will have one anytime soon? Might they have one now?

    • LinuxNo Gravatar says:

      Comparing us to ideology police (implying statism, violence) for criticizing your use of an illegit monopoly is rather rude. I see major inconsistencies in your comment. Your articles on privacy have been great, but your inconsistencies with regards to copyrights put a damper on things.

  13. PaulNo Gravatar says:

    Thanks so much, RJ. Very pleased I could contribute.

    I haven’t followed quantum crypto well enough to have a real opinion, but I would love it to become practical. I strongly doubt that the NSA has it now, but I’m sure they would fight to keep it out of our hands. 🙁

  14. donaldNo Gravatar says:

    Can someone offer some help?

    poster Seth said he got it to work with gmail and yahoo … I tried with hotmail and gmail and can’t get it working … has some hang up with decrypting the adele bot’s message to me … “not proper text or utf 8 encoding” … very frustrating … I don’t really want to use a client like tbird or claws, probably about 5 hours into this, reading the manuals and trying this and that …
    did somebody say 30 minutes???

    • Seth KingNo Gravatar says:

      I don’t think, or should I say I don’t know if, yahoo or gmail or hotmail will actually encrypt or decrypt your mail for you. Only email clients can do that. If you’re not ready to switch to an email client, that’s okay, you can still send and received encrypted messages.

      You just have to have the program do the encrypting and decrypting for you. I’ll do my best to help.

      Tell me, which OS are you using? Windows? Linux? Mac?

      Secondly, which website did you get your PGP software from?

      Lastly, did you take the encrypted message adele sent you and paste it into the clipboard and click decrypt?

      • donaldNo Gravatar says:

        thanks Seth,

        got it from gpg4win.org, which was annoying right off the bat as it said I should
        verify that the .exe prog was in fact genuine and instructions to do this were in
        the read me file … there were no instructions in read me file

        i’m using windows vista

        ya, I don’t believe hm yh gmail will encrypt-decrypt … I tried to decrypt by pasting on the clipboard inside the program and also even copying them into text files and using “decrypt files” in kleopatra …. in both cases I would be
        prompted to put in my password which it would take but then comes the
        message “Error in operation result: No valid UTF-8 at position 42” – I tried reformating the adele message 3 different ways using .txt files but none would work.

        fairly frustrating, I had originally figured I would try thunderbird-enigmail route but t-bird seemed to auto sign in to my email as it had my password but
        there was no password for the t-bird itself …. that sure didn’t sound very secure to me … maybe i’ll take another look at that

        donald

        • Seth KingNo Gravatar says:

          Hey Donald,

          I’m sorry you’ve been frustrated by this whole ordeal. To tell you the truth, I had the SAME exact experience. I used to use Windows XP, downloaded from gpg4win, got it working, sort of, for a few days, then I ended up getting errors just like yours and was ready to jettison the whole thing. I also had put SEVERAL hours into it, including setting up CLAWS MAIL.

          I’m going to be honest with you. GPG and an open-source email client can be had VERY EASILY on Linux. I switched to Linux shortly after the whole GPG fiasco, and ever since, the installation of GPA and Evolution Mail and all of that has been a CAKE WALK.

          I think the reason is that these programs are open-source, which is geared towards ease of use and privacy and security(and ethics!), and they’re built for LINUX users. Programming them for Windows is like an afterthought. And as such, they don’t get worked on by the community NEARLY as much as the Linux versions.

          Did you read my latest article that I posted?

          http://dailyanarchist.com/2010/11/24/linux-and-anarchy/

          Honestly, if you make the switch to Ubuntu(Linux) as I have done you’ll wish you did so years ago. Programs install so much easier on Linux. They work better, and they are a zillion times safer. If I were you, I would migrate over to Linux. Then you’ll find your GPA and mail client problems will cease to exist.

          Let me give you just one reason why you should. Let’s say you get GPA working on Windows. That would be like putting a really nice deadbolt on your front door when you’ve got a gaping hole in the side of your house that any burglar can walk right through. Windows is THE NUMBER ONE security threat to your information. Linux is the way. I am telling you this because I want what is best for my readers, because my readers deserve the best. Check out my article on Linux and make the transition. If you have any problems I will gladly help to walk you through them in the comment section, like we’re doing here.

  15. donaldNo Gravatar says:

    thanks Seth,

    Some searching says a couple people had this problem and it may just be the adele bot not working. I’ll just forget about that bot and see if I can swap messages back and forth to myself using 2 different practice accounts.

    Ya, sounds like Linux would be a better idea for this … actually used Linux in
    parallel with windows about 5 yrs ago but it was not user friendly (my tech geek friend said ya it’s great, easy and secure … he ended up reconfiguring my computer every time Linux wouldn’t do something simple, several hours of his own time when you add it all up).

    Yes indeed, the world is full of various holes … I came to this site via someone else’s link to Mr. Rosenberg’s article as I knew that he was one
    of the premier hole pluggers. Read a couple weeks later that his vaunted criptohippie still had some servers in USA … some humour in that I guess.

    When I get chance I’ll try and report back in a couple weeks if the whole
    windows PGP thing was able to work for me or not.

    • Seth KingNo Gravatar says:

      Two last things I would like to mention:

      I also used Linux about 6 years ago and yes, you really had to be a geek to operate it. I was hesitant to try it again this time because I’m not a geek, but I did so for security reasons. To my pleasant surprise, Linux has become VERY user friendly. I think Linux is even more user friendly than Windows, and I’m not just blowing smoke.

      Lastly, if you need help with anything don’t be afraid to say so either in the comment section or in the forums. I, and others, will do our best. Good luck!

  16. Alexander MildenhallNo Gravatar says:

    Awesome website you have here but I was curious about if you knew of any forums that cover the same topics discussed in this article? I’d really love to be a part of community where I can get responses from other knowledgeable people that share the same interest. If you have any suggestions, please let me know. Thanks a lot!

  17. mad at pgpNo Gravatar says:

    Do not let the author fool you,. PGP specifically I downloaded Kleopatra is not easy to use unless – apparently – you are already familiar with terms like crypto?

    First and foremost. Scenario: Private messaging. I have moved from a forum discussion to private messaging and I want to encrypt the conversation with my buddy who we had previously traded keys.

    You want to ” This is a huge omission, and I aim to fix it.”

    For the love of god. I highlight the text, and right click………..can I please have”encrypt” appear under cut copy paste? Where is this icon you proclaim

    Highlight and cut.
    Click on your encryption icon, and then click “encrypt message.”

    What program? has this function. I am no dummy and this whole
    encryption thing has me pulling my hair out.

    I am of the age to witness my mothers pleas to write thank you notes from birthday and christmas gifts. all those notes went into envelopes. Given the ability of those who are nosy and want to read my electronic mail. I simply feel better about putting my thank you notes in an electronic envelope ie. the pgp key

    So here i sit reading through a 186 page tutorial that came with the free gpg 123 4 mac win what ever the hey it is….

    and it doesn’t contain the simple function to encrypt a simple private message. All kinds of info on who trusted certificates and creating a wha? c’mon you techies.. dumb this crap down so at least us smart arses can use it.. please..

    BTW Ive sent a few emails and if weren’t for version numbers in the header of the encryption would i have know i even did it corrrectly. and how the hey did I accidently post my private key?

    seems to me some one has gloriously screwed up something so simple (as outlined by the OP in the beginning of this article.

    I have tried my buddy google. he is nt of any help.

    best pgp for private messaging? anyone?