Ok for those who don’t know what PGP is let’s first give a brief explanation. PGP stands for Pretty Good Privacy. PGP encryption uses public-key cryptography and includes a system which binds the public keys to a user name and/or an e-mail address. Basically, PGP can be used to detect whether a message has been altered since it was completed and to determine whether it was actually sent by the person/entity claimed to be the sender (aka it’s a digital signature). In short it allows you to encrypt information, check the received information was not altered, and verify that it is in fact who it came from.
I know that sounds all complicated, so let me try to break it into lamens terms. You download PGP and create a public key and a private key. They are both called keys… but I prefer to look at it like this: Public Key = lock, Private Key = key. Your public key can be shared with anyone. They can use your public key to encrypt anything they want and send it to you. Once they encrypt it with your public key (aka the lock) nobody can open it but you with your private key (aka the key)… not even the sender.
Phil Zimmermann created the first version of PGP encryption way back in 1991. It’s gone through several revisions since then, changed hands many times, and has finally landed back in the hands of several ex-PGP team members who formed a new company, PGP Corporation. Confusingly PGP stands for both the company, and the technology. In reality their are open source (free) implementations of PGP that you can use.
When PGP first hit it scared the CRAP out of the government. The spooks wanted to control strong encryption, at the time PGP was created Cryptosystems using keys larger than 40 bits were then considered munitions by the government; PGP has never used keys smaller than 128 bits so it qualified at that time. Penalties for violation, if found guilty, were substantial. Zimmerman found a very novel approach to getting around this which you can read up on here.
I’ve been a PGP user for a LONG time. Most people don’t understand why. To be honest, I have very few people with whom I can send encypted or digitally signed emails too. And that’s a shame. Most people don’t understand that email travels around the net UNENCRYPTED. That’s right… it’s just like writing a letter and not even putting it in an envelope.
Ok so what’s this have to do with Google and Gmail? Apparently, a new Gmail feature was spotted that checks if the PGP signature attached to a message is valid. The following was spotting in Gmail recently:
So Google is playing around with public key cryptography to provide a method for employing digital signatures. Digital signatures enable the recipient of information to verify the authenticity of the information’s origin, and also verify that the information is intact. Sweet… if Google does this, digital signatures for the masses! Google has been pumping out new Labs features at a furious pace lately… hopefully we can expect to see this very soon!
To see code snippets and read more check out Google Operating System.