Home Blog Projects Contact Links

Christopher Hatton

Personal Portfolio

A Beginner's Guide to PGP Encryption

28th September 2023

Christopher Hatton

Given that it is now illegal for online services to provide encryption to their customers (see here), it is a necessity to learn how to keep your digital life private. This is where PGP encryption comes in.

To put it simply, PGP encryption is used to encrypt data between a sender and their intended recipient. This data can be anything, such as text, images, or audio. This sort of encryption is called "End-to-End Encryption", or "E2EE", because the data is encrypted from the beginning (you, the sender), to the end (the recipient), with only the recipient being able to decrypt the data - not even the sender.

If you're anything like my mum, you'd be wondering: "what is the point in encryption? I have nothing to hide". Well, yes, you do. Just think of all the personal & sensitive information go through your emails and texts. Information about divorce, medical tests, employment, your daily life. Would you want some random guy on the streets knowing you about your sexual health, or that you have an upcoming promotion? That person could work for Google or Microsoft, and they can read through all of your plain text emails, messages, and photos. Even Apple, a supposed privacy-conscious company, is guilty of it.

To truly trust what something's doing, you first need to understand how it works. PGP uses asymmetric encryption, which involves the use of two keys. Think of these keys as if your mailbox, but significantly more advanced & secure. You are given a public key and a private key. These keys are just like normal keys; they consist of a completely unique and mathematically random set of numbers and characters. Once you've set up this so-called key pair,you should share your public key, and ONLY your public key.

With your public key, other people will be able to encrypt all sorts of data before they send it to you. Using the mailbox analogy, this data is sent to your public key (your public mailbox), and can ONLY be decrypted by your private key (your key to unlock the mailbox), despite, counterintuitively, being encrypted by your public key. That's where the term asynchronous encryption comes from. Additionally, you can encrypt files for yourself using your public key.

So, how do you actually use PGP encryption?

You'll need an app to set up and use this technology. Many different apps are available for all platforms, such as iOS, Android and PC. I personally use OpenKeychain for mobile and Kleopatra for desktop.

Simply follow the instructions of your chosen app to set up a key pair, and then you'll be able to send encrypted messages to whomever you'd like.

"Terrorism, of course, was the stated reason why most of my country's surveillance programs were implemented, at a time of great fear and opportunism. But it turned out that fear was the true terrorism, perpetrated by a political system that was increasingly willing to use practically any justification to authorize the use of force." - Edward Snowden