![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
PGP stands for Pretty Good Privacy, a VERY strong crypto system that gives excellent end-to-end encryption for email users. It has been released to security researchers to poke at it to find flaws, it's not yet available to the general public but will be in the form of browser add-ins.
On the plus side: industry-standard and publicly-examined crypto. This should do an excellent job of preventing anyone from reading your email except for the intended recipient. On the down side: it can be slightly clunky to use, though the Gmail integration should make key exchanges more smooth.
In brief, this is how PGP works. The software generates a gobsmackingly-huge prime number and creates two crypto keys, a public one and a private one. You don't need to be concerned about the content of the key because it's just a huge hexadecimal mess. Let's say that you and I want to exchange email, and we've both implemented PGP. Let's call my private key A1 and my public key A2, your private key is Z1 and your public key is Z2. We give our public keys to anyone with whom we want to exchange email, but we jealously guard our private keys. When I want to send you an email, the message is encrypted on my end using A1+Z2, you decrypt it using Z1+A2. At a basic level, that's all there is to it. The software handles combining the keys and encrypting or decrypting the message, it also handles key exchanges. The thing that you have to watch out for is if you ever lose your private key, you have to notify everyone that your key was compromised, your friends delete your public key from their systems, and then you generate a new pair of keys and redistribute your public key.
Which brings up a third negative: you can't use email on a public computer without importing your key in to that system, with potential security risks if that computer has already been compromised. A lot of people store their keys on USB drives which they try to never let out of their personal control. Another negative is that if you're sending big attachments in email, it can take some time for big files to have the crypto applied/removed.
Google is doing a definitely good thing here, opening up the code to the public for review by experts, and at some cost to them: they cannot read the encrypted messages, so they can't do keyword searches and targeted advertising.
http://www.wired.com/2014/06/end-to-end/
On the plus side: industry-standard and publicly-examined crypto. This should do an excellent job of preventing anyone from reading your email except for the intended recipient. On the down side: it can be slightly clunky to use, though the Gmail integration should make key exchanges more smooth.
In brief, this is how PGP works. The software generates a gobsmackingly-huge prime number and creates two crypto keys, a public one and a private one. You don't need to be concerned about the content of the key because it's just a huge hexadecimal mess. Let's say that you and I want to exchange email, and we've both implemented PGP. Let's call my private key A1 and my public key A2, your private key is Z1 and your public key is Z2. We give our public keys to anyone with whom we want to exchange email, but we jealously guard our private keys. When I want to send you an email, the message is encrypted on my end using A1+Z2, you decrypt it using Z1+A2. At a basic level, that's all there is to it. The software handles combining the keys and encrypting or decrypting the message, it also handles key exchanges. The thing that you have to watch out for is if you ever lose your private key, you have to notify everyone that your key was compromised, your friends delete your public key from their systems, and then you generate a new pair of keys and redistribute your public key.
Which brings up a third negative: you can't use email on a public computer without importing your key in to that system, with potential security risks if that computer has already been compromised. A lot of people store their keys on USB drives which they try to never let out of their personal control. Another negative is that if you're sending big attachments in email, it can take some time for big files to have the crypto applied/removed.
Google is doing a definitely good thing here, opening up the code to the public for review by experts, and at some cost to them: they cannot read the encrypted messages, so they can't do keyword searches and targeted advertising.
http://www.wired.com/2014/06/end-to-end/
