PGP Public and Private Keys

 Top  Previous  Next

 

PGP utilizes public key cryptography. Public key cryptography is a scheme that uses a pair of keys for encryption: a public key, which encrypts data, and a corresponding private, or secret key for decryption. You provide your public key to anyone you want to share information with while keeping your private key secret.

 

Anyone with a copy of your public key can then encrypt information that only you can read. Conversely, If you have someone else’s public key, you can encrypt information that only they can read - in other words, only the person who has the corresponding private key can decrypt the information.

 

PGP, as implemented by FileLink, permits you to create keys of three different sizes (measured in bits): 768, 1024, and 2048. Larger keys will be cryptographically secure for a longer period of time. If what you want to encrypt needs to be hidden for many years, you might want to use the largest key.

 

Keys are stored in encrypted form in files called keyrings. As you use PGP, you will typically add the public keys of your recipients to your keyring. If you lose your keyring, you will be unable to decrypt any information encrypted by keys on that keyring. By default, FileLink expects keyring files to be in its current working folder.

 

Keys created by FileLink consist of the following user-supplied elements:

 

•        A user name (required and at least five characters in length)

•        A comment (optional and of any desired length)

•        An e-mail address (optional and of any desired length)

•        A passphrase (required and at least eight characters in length)

 

When encrypting a file, the public key of the recipient must be specified. Keys are identified by any combination of user name, comment, and/or e-mail address. This combination is often referred to as a key ID. These elements may be specified in part or in full. You often see a key ID specified in the following format:

 

       user name (comment) <e-mail address>

 

All that is required within a key ID is enough unique information to locate the desired key. For example, if a key is created using a user name of Dick Tracy and there are no other keys on a keyring with a user name containing Dick, then only the first name is required as part of the key ID.

 

Important

The required key creation elements vary between PGP implementations. For example, not all PGP keys contain a comment element. Some PGP implementations may permit shorter user names and some may not require a passphrase.