Hey, take this lock and secure the box of goodies you’re sending me. I’ll unlock it with my own key!
A long time ago, I frequented blogs and websites where authors provided strange, unintelligible text prefixed with ‘-----BEGIN PGP PUBLIC KEY BLOCK-----’ to be included with any message sent to them. This made me ponder what this text was for. I did some research, but it didn’t make much sense to me then. My curiosity faded, and I stopped bothering to search the internet for answers.
Later in my quest to find an alternative to Gmail, I stumbled upon ProtonMail. I loved the user interface, but my confrontation with PGP (Pretty Good Privacy) prompted me to delve deeper into my previous research. The email service revolves around PGP; without it, the service ceases to be as “private and secure” as they claim. Leveraging my grit, I finally had my “Eureka” moment. Unlike Archimedes, I didn’t discover something entirely new, but I gained a deeper understanding of how PGP ensures security and privacy.
I discovered that:
A message recipient is responsible for generating two keys: a public key (to be shared) and a private key (to be kept secret).
Whenever a sender is sending a message to the recipient, he/she has to include the public key in the message.
The encryption system encrypts the message using the public key and transmits a hash string to the recipient.
The decryption system at the receiver’s end uses the private key to ‘decrypt’ the hash string, revealing the human-readable text to the receiver.
Decryption will be successful only if the sender used the receiver’s public key to encrypt the message.
This is akin to giving someone your lock to secure something that needs to be sent to you. When the item arrives, you use the key that only you know to unlock it and check the contents inside. If the sender uses a lock that is not yours, your key will not be able to unlock it.
What if the sender tempered with your lock?
Top comments (0)