I have a customer that uses PGP encryption. I am not familiar with this software. Does anyone out there use it? I was told that we need to exchange "keys". Can someone give me a little insight into this software? I can't find much help on the pgp website.

I will try to answer this question without getting too complex or too detailed. PGP stands for Pretty Good Privacy. It is a fairly strong protection algorithm of protecting program files, documents, or e-mail. The PGP system works across many platforms so it is almost "universal." PGP works by locking the file with one "key" and unlocking it with another. The keys are based on HUGE prime numbers. Depending on the strength you want to go with the key can be quite large (2048 bits). When you get the software (its free and available all over the Internet), you generate a pair of keys, one you give away freely to everyone you meet, the other you don't even show your mother! The key the file is locked with is called the PUBLIC key. This is the key you give to everyone and his brother. You store this on "key" servers, send it as plain text in e-mail, post on web pages and so on. You want people to have access to this key so that they can encrypt files to be sent to you. Once encrypted with your key, not even the originator of the encrypted file can get it back (unless they encrypted it with their public key as well). Executable files, pictures, plain text, MP3s, movies, ANYTHING computer related once encrypted can be turned into a simple ASCII text file. Below is an example of (trucated for space) an encrypted file in plain text: -----BEGIN PGP MESSAGE----- Version: PGPfreeware 6.5.3 for non-commercial use qANQR1DBwU4DQY9AHm7Q5lIQCACX2F2mywU/bz40OzKazeyVdWpt6lzZJDBxcS0R w5eGbx536Z5i1LzY8CHLxtJeU7YMpqtXr3KdA3A+e1vGZ+/g4aFJa6VSV+UaHVEA 7fyTmYlGDcD0Mp6/J2Q3bdnTiICAbnHzerKv/JlSqxS7Rb/grQLI686mf52WPAz2 VeTGXNOXPG2Knk+tneUxBu9n4Rk= =w0CO -----END PGP MESSAGE----- The file can also be sent as a PGP proprietary file. When someone gets your public key and wants to send a secure file to you, they use the PGP software and your key to encrypt the file. Then they send it to you. Since this is a fairly secure file, you could even place it on a web page that ANYONE can download and still be reasonablly sure it won't be broken. When you get a file that is meant for you, you use your PRIVATE key to decrypt it. Your private key is to be protected from EVERYONE. Make sure you secure a private key and don't forget to back it up! The private key is futher protected by a PASSPHRASE. Note this is NOT a passWORD but a passPHRASE. This is some sentence or paragraph. The larger the phrase, the more secure your PRIVATE key is from hacking, should it fall into someone's hands. When you get the file, you must have your PRIVATE key on your computer with the PGP software. You select the file and run the decryption on it. If a valid PRIVATE key for the encrypted file is on the computer, you will be prompted for the PASSPHRASE. Simply enter the passphrase and tell the software where you want the decrypted file to go. After a brief moment, your file will be decrypted and you can see what it is. Just how good is PGP? Microsoft uses 128 bit encrytion. This is a number that is 96 characters long. It is 2 ^128. This is a BIG number. It would take a normal workstation just under a year to crack this number. And the Microsoft encryption number changes each time it makes a connection. It is fairly secure. The low end PGP encryption is 1024 bit. This produces a number of 317 decimal places. (That is a number consisting of 317 digits!) To give you an idea of how long it would take to crack this number, a 200 digit number would take 52 MILLION YEARS TO CRACK! And most people are using 2048 bit encryption with PGP which produces a number with 617 decimal places. So now what? If you want to use the software, go DL and install it. The version of PGP I have been using works with several e-mail programs and with all flavors of Windows. I can simply right click on any file on my computer and select PGP and encrypt it. Depending on how I have it setup, the software either creates an encrypted file and leaves the original intact or encrypts the file and and deletes the original. When I receive an encrypted file, I do one of two things. If it is sent as plain text, I copy the text to a text file and change the extension to .PGP. I then double click the file and enter my passphrase. Most of the time the encrypted file is sent as a .PGP file already. All I do then is double click and enter the passpharase.