This page was last updated 21 August 2018.

What's a PGP key?

PGP stands for Pretty Good Privacy, originally invented by Phil Zimmerman. It's a package of tools that allows you to send me mail (or files) encrypted so that only I can read them. Without encryption, anyone who has access to one of the many computers that the mail passes through on its way to me can read the content. Some governments with little respect for their citizens' privacy, such as the US and Chinese governments, routinely record personal communications. Unencrypted mail is like an open postcard, except that there are lots of mailmen on the way...

Many mailers now support PGP natively, or simple plugins or add-ons, that make encryption as easy as pressing a button. Also, PGP is not the only encryption package, GPG (Gnu Privacy Guard) has very similar features and is fully compatible. For Apple MacOS, check out GPG Tools , which adds GPG support to the Apple Mail program.

But your mailer must know the recipient to know how to encrypt the mail. It knows that by importing my personal public PGP key. Usually you just click on that link, save it on disk, and then tell your mailer about the file. The mailer will put the key into its ``keyring'', and you can then send me secure mail.

If you are curious, this is what a PGP key looks like:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.10 (GNU/Linux)

mQINBFIuzrcBEADeZyaBI7Fh8O0i2kPH/JBF8ZoilXF+LKKjcpQ5XSvA4XC/1oYn
DZzMseFiroHiNUEtQ9nN2KW7C18ESS2g4Yg0EB+/BduTPHBUduOUax4DTFr7xVHu
4j6BipqQLTq+Vqjq4n2pj77T9sRYVM2iD7DVv1p1zhKFhSIXsSjbD6k29nOun1sm
mGuZhDCPJahgKa2t6FndeZE7Fq8iDhj5yGLM2UcKDykRgySvtWWQ/zj6VcNWNhJ8
gEpmFzrwEtulZtD5YXsRmYdkcG91orfUwGsFYNdwKoZZ18CBzxptSt5ctYY0GJRi
MIxbYRWNXaht2kaU8Xf8fYd3kBTGht01G6vS2cPW51V3CCepq/5G90eUHr6ZBVaN
w83y1fgEY2TWpVd4/48rOgSx8//2n54vd0qIRch921BP2pJY0Xq1ClshTDqGe4Oh
2JCZ6zUHFUGwvFM1Vjvp5ZRBqxC6r4WV1Ka/vPP85ndkNZATldatL13ieFyVfgZI
uuI8NHW7sZGnU8f6ju7Q1EnhoUfUQenTYpSX35jhg3a6vPV3SE7yu0qPoMxZoO8z
R+etR/jL2nNW5wn82vwaZypCAdraJUEB47HwR0ccT98Gex7SBVUIIDreKAAeMeCf
l0gtzQLU+fDzrD5yGbb+rKEyCduH16dNITmmil4mzFxJ/cPJ+kNoDK4SUwARAQAB
tC1UaG9tYXMgRHJpZW1leWVyIChwdWJtYWlsKSA8dGhvbWFzQGJpdHJvdC5kZT6J
AjkEEwECACMFAlIuzrcCGwMHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAKCRAg
5WpgXQaXL4kvEACXvbc2vPMM0dVk4hHLqBUYvGZd89oG5CkMwLe4lSmdWI1IIXlw
xJ7j3Tl3z5shm7hO7rXtkUIzwAfOxVmFpcCblnl6e7K/Paf/0jjg5BERYxqpHzSS
3/rAbInS7xf3WV9sVnNBnoAVt2wpxFgr44ot8gUcqr/UmahIs0NxWRstRCICk6Qu
t6EwI1BJNa5szjzuvsKQ1k30N51YJko1G3baRWlEsKORf8n50jsrp7nYkMRJBmnq
bHkKAxyG3wScvYnOnFUFm9xyesKUIrj0RIr+tBPRpeEOXZDB2DmbR9sKbz2tdU/2
lROFdoRqIcEuV7Z6J2U0/yfTI+R4bGptA3y1WzWY4hz37CXeZBqAm/ZIIag8dR2y
1pc8rdc12HKXwVAa2hpKRHnMTxLTsol6Zv9lOgAOLO6RJQ/s8qKiyOFdz5fPpYbk
XMovnsmInsJOPU8R/8jyRNB1F2ZW48bobVpElfvZ2HDwWnFuRRdAEujbPSERpgeT
w50NMymwB9S5c9JLsEP9ei3dAeFXC7DpViKQIHbnorWHZ9RSpSmM5YXufNGIohHr
bGssWiumoR53FEOF+9tDC23kWbh6hGzjbxK/z+b7BTxNW1IEZabhofsIKtBTNTGr
YTx50hzR5yU7RnqW7ZIzpIh1JxERI+xqbQWTK4WT6SoceuV1bKil/uy+F4hGBBMR
AgAGBQJSaSRVAAoJECuuPPba/7AAt1QAoIe3gGwKSBMhjkXyhExP6jZC6j+GAKCS
3VqMkohPCPec6Jfn95Z0BVxIzbkCDQRSLs63ARAA2Ru1EbYisWE0SU/u9L6JTr+T
fTho4TQ5qNhMUnmlJS+8gJkaEBNiAhCDZiaVkUXidkEx37Jc+ObgHVjMQsUf0Y3f
l+NcToG0mkoCVSn7hiUsRsdJJjjnBlTDrOMFcY+gs8pfOL/GtlTHiii/bnYL+h0Z
1jGSCQiCbKj0M4fON2MhahI08gyIX7Qka/jz/KL143Xt0Vz6+xzbMFuSuqLyKs3w
JdUBOXjubwAOQaGyTRYBVxZqnPDpY/ak/GqRqpOZM9qFPA1sgUQ0iDn2O4WciTJE
WATNx8g0mfGPNP8/T7dMyRE2Ue2mMMx523yokSFpI/AUnuF151lMEtnc8oXZ4axD
c0UuhJXIQjI7ZMvyI3yBQeygIpHZ42Yt8Tq6XLic0DMTInhskJRf9g2KJ1/VAt0M
SESJbBKWog8JzOjLD2e48KZmnqlugg5IhKtLsiIzzva9urLiWTW58of866lMvFIA
R1aTkAlxTmM931R801Rpn92UXaYwPK6IJRoVN//HEONb1YPbLTJaD6sWSnUIwrPr
TQ4iZbPjUOuIbAyqpY72e38l77StuTIwz7pIVhHEPR7Re/KiJsE6+vgNXglxWHcw
gEnmEsZ9C7A7pxMUIj23Wa8BP8/5aD9S+SperHcFA6s8U/K06qnaJ84g0T2diJAs
U6KZMOYrilf/349shZ8AEQEAAYkCHwQYAQIACQUCUi7OtwIbDAAKCRAg5WpgXQaX
L4L9D/wI3zoa1hxwLZJxAZMuVp9H0wY0nQjjK6LnMVKUSFbsIw0/noAtLKqSy3yJ
4VAs6vAj6Z5LzCCQerB+hJJ1pgzowI9Ds4NHDg5c1QQmT+hMIR9d78Ovhr7sJW8m
Wa4SaT3ZWBZ7SclpRhRqgOQGuwrosTqZmTnLtHnO3JcS2l+HwWj2ZgvXWgxlbFXj
/LznjoBCA7n9z2TI7ZDOjaMortyVM1b5uWdlgod9dWHujux7PxX8+Dtabfol2zHn
WLoYmGtYMH2PnAHF8fWYnhEt+lykb1XUQk8Z3XfcSpYsg1g36+cxwIZRJzO5hsZO
K5Pv8tuEMCz7fnyVIsveuF7opLqJTrODHl/UjIJt+xFpcixEfyuRkuk4RuVp8zwH
QNFu4MUJVaeSrCxOAwYO6RUP+hi2EoWhDJUy21dHM/Fu55PLRqHoGwYck+unPe8A
OP5mDy0NpujQkwPyjzdrYTwR3enZC/iWVtheWSogxoQmyym/h9SvZ0khVSjiaS0O
MUjvjnfrr3/b5WzOiIAkpVtiVc1yM9PyqItAdGMYSk4fXyjGhP0zc42vE2aXqYjK
JqOAf/a7B3Gr6eJKBaYwqXJHTQPQ7URYdI840KJD5icXs6zysQnjLfO8l2W7RcpA
xGs8sjXdohc1rW+Op2sQo6RnuMIkocb7XQhZzeRoeKNsHWxQcA==
=RE0K
-----END PGP PUBLIC KEY BLOCK-----

And if you are wondering why I can publish this key without allowing everyone to read my secure mail: the neat thing about PGP is that there is one key for encrypting (the one you see here) and another key for decrypting it again (I keep that one secret). That's called an asymmetric cipher.

Paranoid people now wonder if the page you are looking at has been tampered with, and you are seeing a forged key. That's called a man-in-the-middle attack. To get around this, you can ask your mailer to tell you the key's fingerprint, a short string that uniquely identifies the key so you don't have to call me and verify the huge text block you see above. My key's fingerprint is

4D1A 2192 63DB 1B74 9AA7  CCCE 20E5 6A60 5D06 972F

Now you may wonder how you can be sure that the fingerprint isn't forged too. Well, you can call me up and ask me to verify it, but usually it's considered sufficient to scatter the fingerprint widely. For a long time I have put it in every mail I sent. An attacker would have a very hard time intercepting and forging them all.

In this day and age many people feel it's a good idea to routinely encrypt all mail. Would you send all your personal letters on open postcards? You can consider encryption as the electronic equivalent of putting your letter into a sealed envelope, except it's much more difficult to ``open'' an encrypted mail than steaming open an envelope. So, go ahead, send me secure mail!

Here is a good article with technical details.

Tell me if you found this information interesting or useful, or if you have comments.