PGP (Pretty Good Privacy)
Yes, that’s really what it stands for
In the latest instalment of “Orphans of Apollo”, when Isaac Underwood approaches Christian Larsson, he hands him a business card with a PGP key on. More accurately, it would likely have been his public key fingerprint as it is not possible to write your whole public key on the back of a business card.
I first became aware of PGP from Edward Snowden. Whether you agree with his motivations or not, his book “Permanent Record” is well worth a read. When Snowden wanted to contact journalists in order to leak the NSA documents he “liberated”, he needed a secure way of contacting them. Isaac Underwood also wanted a secure way of communicating with Christian Larsson, so I thought it would add more authenticity to include PGP in the story. PGP is also not very user friendly, as Edward Snowden attests to as he tries to teach journalists how to use it. There are now arguably better alternatives to PGP, but I thought it fun to include.
I am no expert on encryption and only understand it at a high level, but I think it is something all of us should have an appreciation of. It is also something those of us who are fortunate not to live under oppressive regimes possibly undervalue.
So what is PGP and how does it work?
PGP, which stands for Pretty Good Privacy (really, could he not think of a better name?) was created by Phil Zimmermann in 1991. Zimmermann designed PGP to provide cryptographic privacy and authentication for data communication. He initially distributed it as freeware, making it accessible to a wide audience, which helped it gain popularity quickly. PGP uses a combination of symmetric and asymmetric encryption, which was innovative at the time and remains a cornerstone of modern encryption methods.
To explain how it works, let’s look at an analogy using the concept of mailboxes and keys. Imagine you have two keys for your mailbox: a public key and a private key.
Public Key (The Lock):
You share your public key with anyone who wants to send you a secure message. This is like giving out the key to a lock which secures the letter slot on your mailbox.
When someone wants to send you a message, they use your public key (the lock) to secure the message inside the mailbox.
Private Key (The Key):
Only you have access to your private key. This is the only key that can open the lock on the mailbox and retrieve the letter.
When you receive a message, you use your private key to unlock the mailbox and read the message.
This process ensures that only the intended recipient can read the message, as only they possess the private key required to unlock the mailbox. But how do you actually do this?
First, you need to generate a key pair (a public key and a private key) using PGP software such as GnuPG or a PGP plugin for your email client. Then you have to share your public key, otherwise nobody can use it to contact you. Other than writing on the back of your business card as Isaac did, you can publish it on a key server which allows users to upload and search for public keys. You can also, of course, share it via email or websites by including your public key in your email signature or hosting it on your website.
To prevent man-in-the-middle attacks, it’s essential to verify the authenticity of public keys. This can be done by exchanging key fingerprints through a different, secure channel (like a phone call or in person) to ensure the key is genuinely from the intended person. Or a web of trust. Have mutual acquaintances sign your key to establish a trust network. This helps others know that your key is legitimate if they trust those acquaintances. Once you receive someone’s public key, you need to import it into your PGP software. This will allow you to encrypt messages to that person.
So you can see it all starts to get a little cumbersome. While PGP is still widely used, it is often criticised for being complex and not very user-friendly. As a result, modern alternatives have emerged that offer easier-to-use encryption for everyday communication. You are probably using some of them without even knowing it.
Signal is a messaging app known for its strong security features and end-to-end encryption. Developed by Open Whisper Systems, Signal’s encryption protocol is used by other messaging apps, including WhatsApp. Signal ensures that only the communicating users can read the messages, and no one else, not even Signal, can access the content.
WhatsApp, owned by Meta, also uses the Signal Protocol to provide end-to-end encryption for its users. This means that all messages, calls, photos, and videos sent via WhatsApp are secured and can only be read by the sender and recipient.
ProtonMail is an email service that provides end-to-end encryption for email communications. It is designed to ensure that only the sender and recipient can read the emails. ProtonMail uses a combination of PGP and other encryption methods to protect user data.
Tutanota is another secure email service that offers end-to-end encryption. It encrypts the entire mailbox, including the subject line and address book, providing a high level of security for email communications.
Encrypted communication ensures that our personal information, such as emails, messages, and financial transactions, remains private and inaccessible to unauthorised parties whilst in transit. This is essential for maintaining the integrity and confidentiality of our communications and online activities.
Perhaps most importantly of all, for those living under oppressive regimes, encryption is a vital tool for protecting freedom of speech and ensuring that individuals can communicate without fear of surveillance or reprisal.
To close and slightly off topic, I just finished listening to the podcast series “Helen Lewis Has Left the Chat”. It’s a fascinating look at the use of instant messaging, especially in the UK government and well worth a listen.
If you know someone you think would enjoy “Orphans of Apollo” or any of the other writing in “Explorations” please share this publication with them.
Orphans of Apollo - S1 E5
From the ashes of forgotten space dreams, a new era of exploration begins.