You may have heard of “PGP” before. What is PGP?

E-mail communication is often compared to traditional letter mail. A flaw in email messages that is often not considered is the “lack of confidentiality”. All communication is usually completely open. You can imagine sending an email like sending a postcard. From the postal worker who accepts the card to the sorting system to the postman, everyone can read or even change the contents. When it comes to email, it concerns the path between the computer and the provider's mail server.

The question now is whether and how you can effectively protect yourself from the loss of privacy. The answer to this is PGP (Pretty Good Privacy). PGP is based on an asynchronous encryption process. Sending and receiving PGP-encrypted emails works with a key pair consisting of a public and a private key. The public key is passed on to everyone from whom you want to receive encrypted messages. It is used to encrypt the message and only works in this one direction. The emails can only be decrypted with the private key. n't pass this on .

Image: How PGP works
Image: How PGP works

Let's say person A wants to send person B an encrypted message. Then you have to:

  • Both people use the PGP standard
  • Person A must have Person B's public key
  • In order to respond to Person A, Person B needs Person A's public key

Exchanging the public keys is no problem; it can be done quickly via email. If you want to make your public key available to every communication partner, you can use a so-called key server. These store a large number of public keys and the associated personal data.

In order to verify the authenticity of a public key, each key has a unique “fingerprint” in the form of a checksum.

A fingerprint looks like this: EBFA E62A 1852 E10C EB58 A43A 450D 0B5C 081B 53FA

It is best to compare this fingerprint with the owner in person or at least over the phone. To rule out that the key has been replaced by another one. When comparing this data, it is important to be absolutely sure that you are receiving it from the right person.

Encryption via PGP is now a simple method of maintaining the confidentiality of your own data, especially thanks to email programs such as Mozilla Thunderbird. Of course, not every email needs to be encrypted, but if emails contain important business data, this is a sensible approach.

PGP encryption tools

For users of Mozilla Thunderbird ( https://www.thunderbird.net/de/ ), there is (as already mentioned) a particularly convenient method of using PGP. Since version 78, Thunderbird has integrated encryption with OpenPGP directly into the email program. The operation is as simple as possible.

Image: Encryption with Mozilla Thunderbird
Image: Encryption with Mozilla Thunderbird

If you don't use Thunderbird or don't want to use it, the free open source program GnuPG ( https://gnupg.org/ ) is a good alternative. GnuPG is available for the most common operating systems (Linux, Mac OS X and Windows). The program is command line based. Therefore, you need to know some parameters to use GnuPG. Alternatively, there are a number of graphical interfaces that make these processes much easier, for example GnuPG Shell, Cryptophane, Seahorse, KGPG and Kleopatra.

For beginners as well as advanced GnuPG users, we recommend installing the Gpg4Win installation package ( https://www.gpg4win.de/ – for Windows). In addition to GnuPG, all additional components published as part of the GnuPG project are integrated into Gpg4Win. Essentially, Gpg4win consists of GnuPG (the encryption program) and Kleopatra (the user interface). The very beginner-friendly GPG4Win compendium (155 pages) offers help with installation and use: https://files.gpg4win.org/doc/gpg4win-compendium-de.pdf

important safety instructions

  • PGP encryption is only secure as long as the private key remains secret.
  • Server-side applications (e.g. antivirus software like ClamAV) cannot check encrypted emails for malicious code. This makes it all the more important to protect your computer with a virus scanner.

In general, you should not blindly trust any sender, even if they communicate with each other in encrypted form. An infected computer belonging to a known communication partner is enough to e.g. B. Let malware reach your inbox without any further obstacles. If the email content still appears consistent, you may only be one click away from a malware infection.

When using email, it is generally recommended to adhere to the following security rules:

  • You should not run executable programs that you received via email. Unless the sender is trustworthy and has previously pointed out the executable program (in a personal conversation). The same precaution also applies to links you receive via email.
  • When you receive a Microsoft Office document that contains macros, the Office program asks whether you want to run the macros. At least the same precautions apply to execution as to executing programs in the previous point.
  • Executable programs usually (but not only) have the ending exe or vbs. If you don't know a file extension, you should proceed as if it were an executable program.

Author: René Hifinger (IT security expert)

Related to the topic: What is...? Explanations of various technical terms on the Internet

If you enjoyed this post and value the importance of well-founded information, become part of the exclusive Mimikama Club! Support our work and help us promote awareness and combat misinformation. As a club member you receive:

📬 Special Weekly Newsletter: Get exclusive content straight to your inbox.
🎥 Exclusive video* “Fact Checker Basic Course”: Learn from Andre Wolf how to recognize and combat misinformation.
📅 Early access to in-depth articles and fact checks: always be one step ahead.
📄 Bonus articles, just for you: Discover content you won't find anywhere else.
📝 Participation in webinars and workshops : Join us live or watch the recordings.
✔️ Quality exchange: Discuss safely in our comment function without trolls and bots.

Join us and become part of a community that stands for truth and clarity. Together we can make the world a little better!

Join the Mimikama Club now and support our work

* In this special course, Andre Wolf will teach you how to recognize and effectively combat misinformation. After completing the video, you have the opportunity to join our research team and actively participate in the education - an opportunity that is exclusively reserved for our club members!

To home page
Sign up for the Mimikama newsletter

Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )