This page is about theory of public-private key cryptography. And, additionally, gives you a more information about practical use of this method.

To make it more useful, a links for the specific software how-tos were placed at the end of this page.

Please read this page carefully if you're not familiar with public-private cryptography and signing. Knowing the base things are helpful to manage things in a practice.

GPG is a reimplementation of the old well known PGP (Pretty Good Privacy). Both GPG and PGP are widely used at present day.

GPG (GnuPG) is a most common software used for this encryption scheme. GPG might be used for instant message communication, sms/mms, file encryption, mail …

Nowadays gpg is used for emails quite actively, and to make this easy MUA (mail clients) has a special support to handle pgp, or, at least has a plugin to do so.

Classically you're need a one key to encrypt data and the very same key to decrypt this data. The problem is you cannot send this key because others had the opportunity to obtain this key thus making this crypto scheme useless, because if somebody else is able to obtain this key your goal is failed.

To avoid this problem a new scheme was introduced. Instead of having one key let's use two keys:

• Public key: used to spread across public channels and it's accessible for everyone
• Private key: the actual secret (this part isn't accessible for everyone, instead it's a secret of this key owner)

This system is implemented to make conversion from public key to private impossible. Well, in this scheme the sender is encrypting a data with a receiver public key, and encrypted data might be ridden only with receiver private key.

NOTE: NEVER SEND YOUR PRIVATE KEY(S) OVER ETHERNET AND KEEP IT PRIVATE.

Another problem is a way to check a data authenticity e.g. ability to check if a message was really sent by alleged sender. To mitigate this problem a concept of digital signature was proposed. If you have a senders public key and signature for a received data you are able to check this data authenticity.

Everything has a weak point, the weak point of this cryptography scheme is the spreading of public keys. Some user could bring a false public key with someone's else ID. To prevent this each public key might be signed by other users, and public key might be published on the key server to spread it.

NOTE: always check a new public keys, if you're able to check the identity of the public key owner this is a best way to do so.