What is GPG?
The internet is an inherently insecure place. The data that is transmitted passed by many hosts for which neither the sender nor the receiver can guarantee that they won’t read or even modify the data they transmit. This leads to a basic question for security-aware people: How can I send my friend data that only she will be able to read? And how do I receive data from my friend in a way that I can be sure that it was indeed she who sent it? These are the questions of privacy and authenticity.
The problem of privacy has been worked on in the field of cryptography for a long time now. The usual cryptographic algorithms—called symmetric ciphers—work by using a secret passphrase to transform texts into unreadable data, which can be translated back into the text using the same passphrase. This moves the problem of transferring the data securely to the receiver to transferring the passphrase securely.
Luckily, an advancement in cryptography has given a solution to this problem. Instead of using one passphrases, these asymmetric ciphers use two which are inherently related. Information encoded with one passphrase can only be decoded with the other, and vice versa. (This is slightly simplified, but sufficient for this explanation)
This little trick allows me to declare one of the two passphrases my public key, while the other is my private key. I distribute my public key wherever I want, but keep my private key secure. If someone wants to send me secure information, she uses my public key to encrypt the data. Only the private key can decrypt it now, and only I have the private key.
Incidentally, this also solves the problem of authenticity. If I encode a small text with my private key, which only I have, this text can only be correctly decoded with the public key. Everyone has access to my public key, and thus can validate that this piece of data has been encrypted with my private key—and that means that it has to originate with me.
These are the basics of public key encryption. There is software that utilizes these algorithms. My favorite of those is the GNU Privacy Guard (GPG). For further information, read the GPG documentation.
