Gnu Privacy Guard is an open and free encryption standard that works on the idea of Public Key Encryption

“If privacy is outlawed, only outlaws will have privacy.” - Philip Zimmerman

Several people I know feel that Internet surveillance is not a cause for worry when your general activities conform to known laws and social norms. Some even argue that the success of projects such as Loon compensate for Google’s unethical snooping and the subsequent profit it engenders

While the recent Prism controversy was being debated, I happened to read a 1991 essay by Philip Zimmerman, creator of the PGP standard.

PGP, Pretty Good Privacy, is an encryption standard that helps you make data and communication unreadable by anyone but the intended recipient. Last updated in 1999, the essay, ‘Why I wrote PGP’, is profoundly relevant 14 years later. The mindsets of governments, it appears, does not advance as quickly as technology.

Zimmerman justifies the use of encryption by everyone when he asks: “What if everyone believed that law-abiding citizens should use postcards for their mail? If a nonconformist tried to assert his privacy by using an envelope for his mail, it would draw suspicion. Perhaps the authorities would open his mail to see what he’s hiding. Fortunately, we don’t live in that kind of world, because everyone protects most of their mail with envelopes. So, no one draws suspicion by asserting their privacy with an envelope. There’s safety in numbers.”

Cryptography is already highly restrictive in countries such as Russia, China, Iran and Iraq. Zimmerman believes that popularising cryptography will help prevent other governments from criminalising it.

Unlike the patented PGP, Gnu Privacy Guard (GPG) is an open and free encryption standard. GPG works on the idea of Public Key Encryption (PKE).

What are keys?

Keys are like ciphers; they rattle up your plaintext message and turn it into gibberish before it is sent. To understand PKE, imagine a scenario where you are receiving some gifts on your birthday and you don’t want someone who intercepts the packages to open them. So you give each of your friends a copy of the same padlock and ask them to lock their gift with it. When the gifts reach you, you unlock the gift packets with the only copy of the key that can open the padlock. The padlock, in a PKE system, is called a public key; it can be published on the Internet so that everyone can use it to lock (encrypt) your messages. The key in the PKE system is called a private key, known only to you, and used to decrypt your messages. Before starting to encrypt with GPG, you would have to create such a keypair. The general size of a key is about 2048 bits, and it would take a computer, making 1 million guesses per second, about 1.5 million aeons to break a key.

Besides encrypting your information, GPG allows you to create webs of trust on the Internet. A web of trust is a small circle of people who know each other and use encryption to communicate with each other. This personal kinship between communicators provides an additional wall of security since it dispels any fears of key impersonation. Traditionally, GPG has always had an elegant and popular command line interface that is still in use. There are also several graphical front ends for GPG, available free of cost, that provide services ranging from key management and authentication to encryption. Some examples are wija, Seahorse and Kgpg.

Several email clients such as Evolution, Enigmail and Mutt that use GPG make encryption very easy. GPG is available for free download at http://www.gnupg.org/. The website also provides comprehensive information on getting started with GPG and being aware of the measures to be taken to keep your keys safe.

(The author is a free software enthusiast and contributor.)

The Hindu invites articles from professionals in the IT industry to write for The Edge, a weekly feature on the industry. The articles can be in the nature of a commentary or opinion or new ideas on trends, practices, technologies or applications in the IT industry. Submissions should be limited to about 600 words and sent in Word or Open Document Format. A photograph of reasonably high resolution should be sent for publication with the article. Authors should send their contact details, including postal address and a telephone number.

Submissions should not have been sent for publication elsewhere and should be sent to theedge.thehindu@gmail.com by Thursday noon.

GNU is an open and free encryption standard that works on the idea of PKE