In order to answer the question of “Is using an encrypted system like PGP a good idea of individuals and organizations?” I need to first explain what PGP is. I would also like to present information pertaining to why PGP has been created, its purpose and another encryption system named S/MIME, which is PGPs current rival.
PGP or Pretty Good Privacy is a public-key encryption program. It uses three known algorithms to encrypt, sign, decrypt, and authenticate messages. It converts the digitally encoded message or signature into a format suitable for text transmission by use of `Radix-64′. Because PGP operates with the use of asymmetric encryption `keys’, only the intended recipient of the message may decrypt it. To use PGP, you must generate a pair of keys. One key is the public key; the other is the private key. The private key allows you to decrypt a message sent to you by some other user. To allow other users to encrypt a message intended only for you, you must provide them with a copy of your public key. A public key will not allow decryption of an encoded message. A special command issued to the PGP program begins a process of creating your own personalized pair of keys. You respond to the requests of PGP (to questions it asks) to generate those special keys for you. It will ask you for a pass phrase to allow the newly created private key to remain unusable by anyone but you. Additionally, PGP can be used to authenticate that a message was sent by the key holder of the message. By generating an electronic signature, the sender cannot deny that he sent the message. An example of this would be someone sending an email request for work to be performed and then later denying that he made the request. Certainly this could be a troubling situation for anyone who is in the business world. Most persons and companies like to get paid for their work. Upon receipt of the request, the sender’s identity can be verified by using the sender’s public key to confirm that the message was indeed sent by the party it appears to have come from. This feature certainly has some major benefits for the business world, which we will discuss in further into this paper.
This is to be contrasted with S/MIME, which was developed by the IETF using classical Standards Organization processes, similar to PGP (Secure Multipurpose Internet Email Extensions). A new version of the MIME protocol that supports encryption of messages. S/MIME is based on RSA’s public-key encryption technology. Specifies formatting non-ASCII messages so that they can be sent over the Internet. Many email clients now support MIME, which enables them to send and receive graphics, audio, and video files via the Internet mail system. There are many predefined MIME types, such as GIF graphics files and PostScript files. It is also possible to define your own MIME types. In addition to e-mail applications, Web browsers also support various MIME types. This enables the browser to display or output files that are not in HTML format.
Now that I have explained what PGP is and how it works, let us identify the advantages and disadvantages it may have for either individual use or organizational use.
PGP combines two encryption methods, the convenience of public-key encryption with the speed of conventional encryption. Its conventional encryption is about 100 to 1,000 times faster than public-key encryption, which solves the problem of slow encryption with symmetric algorithms. Public-key encryption provides a solution to key distribution and data transmission issues when using symmetric encryption. When used together, performance and key distribution are improved without any sacrifice in security. PGP is good hybrid solution; it ties together the advantages of public key and symmetric cryptography, while also providing a feasible solution to the disadvantages of both.
PGP also has its disadvantages. Using PGP can be a complex process and its concept is often difficult for some people to grasp. In order to resolve this, people will require more training. Both parties must be able to use PGP, meaning it is impossible to use PGP unless people at both ends of the connection are capable of using some version of PGP. Though I read that PGP has resolved this by implementing a self-decrypting archive (SDA), which creates an executable file that uses conventional, symmetric encryption. Key management is a challenge at first within the program and can be a little awkward for users to learn. Again, providing users with more training will help resolve this issue.
So now that I have informed you about the advantages and disadvantages PGP brings to the table, let us determine if the individual or the organization would best utilize this encryption method.
From what we have learned, PGP is completely compatible with modern day email exchange. The individual user today already uses PGP, since it is the most common encryption standard. For organizations, PGP is definitely an option to consider, but today you will find the use of the above mentioned S/MIME encryption, due to its comparative maturity, support for centralized key management via x.509 certificate servers and widespread technical support.
Works citied: