How does PGP email work? How can I use it for my emails? How secure is PGP encryption? I forgot my passphrase, secret key ring
Phoebe Brown | Jun 22, 2022 | 11 mins read
Table of Contents
Pretty Good Privacy (PGP)… sounds like a children’s detective agency novel doesn’t it?
Instead, PGP is a tried and true encryption system that has been in widespread use since 1991 (long before flashy tech names were the standard). PGP encryption provides layers of protection that email senders (aka everyone nowadays) can use to mask sensitive information while it travels through the internet.
Everything that can be sent in an email: pictures, body, attachments, etc. can be protected by PGP. It even goes beyond sending correspondences securly. Other uses include a) verifying the identity of the sender and receiver of an email and b) encrypting files stored on your device or in the cloud.
In this article we’ll cover basic PGP FAQ’s by answering everything you’ve ever wanted to know about:
For decades, PGP has been the de facto email security tool for anyone and everyone.
Over the years, that “everyone” has extended from “in the know” tech wizards to the general public. With tools like our Canary SecureSend toggle function, email security has become widely accessible.
Its common usage, however, has obscured Pretty Good Privacy’s gripping inception and backstory. Here’s a brief timeline for you historian types:
The history continues on, but those are the major beats of how PGP became widely used and trusted. In short, its notoriety is built on its free availability and its use of two encryption types: symmetric and public- key.
Lately, however, the best PGP services (like Canary) come with a negligible price tag. One that covers the service’s improved accessibility and additional email functions. Therefore, mitigating the need for an unwieldy amount of add-ons, extensions, apps, and etc.
Well, To operate in the digital age, we must have an email id. An email is required to sign up for any social media account, and any other internet service. Email is also used extensively for internet banking, shopping, and financial activities. Most email providers give some degree of protection against spying or manipulation of their users’ emails, but do not provide the highest level of privacy and security. Every individual deserves email security, making sure no one can access his/her messages. This is why we encrypt your emails from beginning to end (with SecureSend or PGP).
Canary encrypts your email with PGP encryption. This article discusses the technology that enables us to keep our security promise.
Pretty Good Privacy is an abbreviation for Pretty Good Privacy. It is the world’s most extensively used email encryption technology. In short it has two basic functions: encryption and authentication.
It has been extensively tested over years of use, has few known flaws, and is widely compatible with various encryption clients. PGP is the core of CanaryMail security architecture for these reasons.
PGP is a cryptographic way of communicating secretly over the internet. When you send safely a message using encryption software, your device converts the message into unreadable cipher text before sending it over the web. The receiver is the only one who can turn the text into a readable message on their device.
PGP software additionally confirms the sender’s identity and that the communication was not altered while in transit.
To safeguard emails symmetric and asymmetric encryption are being used.
PGP begins by employing symmetric encryption to generate a random session key. This key is exclusive and is used to encrypt the email’s contents. Then the session key is encrypted with the recipient’s public key and transmitted along with the encrypted email to the recipient. The recipient uses his/her private key to decrypt the session key which in turn can then be employed to decrypt the encrypted email.
It works unobtrusively when employed properly while delivering the utmost safety, anonymity, and authorization for your emails.
The following examples show how PGP works in Canary Mail:
Alice is registered with Canary and wants to send safely an email to Bob who may be registered with Canary or be an external recipient. To encrypt an email, Alice will require Bob’s public key which she can store in Canary’s PGP keys. After the encrypted email is sent, to decrypt the email on Bob’s end, he will need his Private key which is only accessible to him. Thus, only Alice and Bob will have access to the email information.
Now that you have a sense for what PGP does, here are some need-to-know phrases that describe the functions PGP completes for you:
PGP is the benchmark for communication security. Its goal is to prevent data from being read or covertly manipulated by eavesdroppers other than the sender and recipient(s). The sender encrypts the messages, but the third party has no way of decrypting them and storing them protected. The receivers obtain and decrypt the encrypted data on their own.
The encryption in canary is based on PGP key pairs. Every key pair has two keys, a public key, and a secret key. To encrypt an email, the sender would require the recipient’s public key. The recipient would use their Secret key to decrypt the message the sender sent them. Similarly, to receive encrypted emails, you would have to share your public key. This public key, which you share, will be used by others to send you encrypted emails. The encrypted emails in turn would only be decrypted by your secret key. As the name suggests, secret keys should never be shared and stay with their owner, whereas the public key is shared with people who wish to send encrypted emails to you.
For more info on how it works, you can read the CanaryMail guide to end-to-end encryption.
When an email is sent, it is transported from server to server until it reaches the receiver’s inbox. TLS (Transport Layer Security) is used by all major email providers to offer an encrypted path for the email as it travels between servers. This ensures that a user’s communication remains private during transmission.
TLS encryption method lets email providers to securely carry emails, but there are major security risks if the emails are not end-to-end encrypted. TLS encryption decrypts the emails once they reach your email provider’s server rather than when they reach the receiver’s device. This allows such email providers to access all communications stored on their servers.
On the other hand, Emails that are secured with PGP are less vulnerable to being attacked. End-to-end encrypted email is unreadable to anyone except the intended receiver, making it far more secure. End-to-end encrypted email is encrypted on the sender’s device and decrypted only when it reaches the receiver’s device.
Can PGP encrypted emails be hacked?
While emails sent using PGP are far more secure than emails sent with TLS, no email can be claimed to be “unhackable.”
If you use the same password for multiple services, it’s likely that your password will be disclosed if one of them suffers a security breach. If you use a strong and unique password for every account and device, you can rest certain that even if one password is compromised, the rest of your online accounts will be safe. End-to-end email encryption is most effective when used along with other internet privacy safeguards such as using a VPN to hide your browser activities and enabling two-factor authentication wherever feasible, as well as using strong passwords.
The easiest way to encrypt your emails with PGP is using SecureSend by Canary Mail. Canary Mail offers provider-independent support for encryption on iOS, macOS, Android and Windows.
Canary supports standard PGP that is compatible with all leading tools, apps, and services that support PGP, such as GPGTools, ProtonMail, Tutanota, K-9 Mail, Enigmail, Posteo, etc. Canary’s key search is tied into SKS, Keybase, OpenPGP.org & ProtonMail keyservers.
With Canary you can create new PGP keys right on your device, as well as use and manage all your existing encryption keys. Secret keys are stored securely in encrypted form on your device, and are never sent to the server. You can choose to save your key passphrase on the device for a limited time, or enter it as needed. In addition, Canary allows you to secure the app with FaceID or TouchID.
Canary uses the open source Bouncy Castle encryption library, which supports all modern encryption algorithms.
Our wide range of support for all your encryption needs. Our services are as simple or as customizable as you feel comfortable with. Besides that, our apps have other tools built in for inbox management and overall productivity.
Yes, TLS encryption doesn’t quite make your email HIPAA compliant on its own. TLS can fail, leaving your personal information vulnerable to eavesdroppers. As a result, Pretty Good Privacy data encryption is the most prevalent method of encrypting HIPAA-compliant messages.
PGP encryption has the advantage of being virtually indestructible. Because of this, media and activists still use it and is frequently thought to be the ideal method for enhancing cybersecurity. In summary, breaking this encryption is practically hard for anyone, even cyber criminals, and the NSA.
A secure passphrase is the next generation in passwords that consists of several phrases that may create a sentence as well as other sequences of words in a particular context that are simple for the user to remember.
Passphrases tend to be longer in comparison to passwords, which makes them more secure. The most important thing here is the length and not complexity.
Avoid using a password that is simple for someone else to decipher; i.e., your favorite quotation. Additionally, refrain from using frequent phrases seen in children’s literature and hit song lyrics.
Unfortunately, PGP does not have a “recover my password” option. If you can’t figure it out, your only remaining option is to generate new keys. You can follow the below mentioned steps:
No, not until your secret passphrase has also been hacked or if an exhaustive search attack can be used to crack your passphrase. Without the other, neither is valuable. Nevertheless, you must deactivate that key and create a new key pair with a new passphrase. You might want to add a new user ID with the information of your new key ID before deactivating your old key so that others are aware of your change of address.
This may be a real issue, especially if you need to use a couple of dozen passwords on a daily basis. The entire point of passphrases would be compromised if you had to write them down somewhere so you could remember them. Unfortunately, there is no viable way to avoid this. Either you can recall it, or you can write it down and run the danger of having it compromised.
Relationship between PGP and AI: While PGP itself is not directly related to AI, AI technologies can be applied in the context of PGP to enhance certain aspects of its functionality:
It’s important to note that the application of AI in the context of PGP should align with privacy principles. Any AI-based analysis of PGP-encrypted data should be performed in a way that preserves the confidentiality and privacy of the communications.
In summary, while PGP and AI are distinct concepts, AI technologies can be applied in the context of PGP to enhance key management, threat detection, and user behavior analysis. These applications can contribute to improving the security and privacy of PGP-encrypted communications.
The whole Canary Mail team is dedicated to building the best email encryption services of 2022 and beyond. SecureSend’s user-friendly interface will give you complete control of your data and documents in just a few clicks. Canary Mail is available as a native app on iOS, macOS, Android, and Windows.
So, let us take care of all your encryption programming needs so that you can focus on doing what you love
With us, you never have to worry about who has access to your information ever again.
As a British writer and productivity coach, I’m passionate about unraveling the intricacies of email, SaaS, and artificial intelligence. With a knack for making the complex simple, my work empowers individuals and teams to harness these tools for maximum impact.
A Smarter Way to Email
We're the only email client that can write emails for you. Powered by AI.
All of your Emails, in One Place
Switching between inboxes is a waste of time. Streamline your communication with our unified inbox.
Latest posts
Tailoring Your Outreach: Segmentation Strategies for Custom Apparel Email Campaigns
Best Secure Email apps in 2024
5 Email Strategy Mistakes Sales Pros Never Make
