Having data in digital form makes it very easy for other people to view, copy or even steal. If you have logins and passwords on your computer for different accounts such as banks and medical records and private records for work perhaps, it would be relatively easy for someone to access them if your computer was stolen, for example. Having a password to log on to a laptop isn't going to stop someone bypassing this and seeing what you have on your hard drive. The solution is to encrypt your files. Encryption is a technique that takes data and scrambles it using a 'key' so that it doesn't make any sense until you decrypt the message using the same key. The key is actually a complex maths algorithm that is almost impossible to guess or work out.
A very simple example might be a key that uses A = 1, B = 2, C = 3 .... Z = 26 You could then substitute each letter with a number to get a code that doesn't at first glance make any sense e.g. 8 5 12 12 15 23 15 18 12 4 you would need the key to be able to read the message. Clearly, the above algorithm isn't very good. It wouldn't take long to work out the key. What is needed is something stronger!
Encryption using PGP
Pretty Good Privacy, or PGP, is a very secure method of encrypting data. It takes a message and applies some complex maths to it to scramble the data. PGP is freeware so you can download a copy of PGP from http://www.tucows.com/ and try it out. There are lots of people interested in PGP - if you do a search for it on the Internet, you will find a lot of information about PGP. It is very easy to set up (it's all automated usually) and you can then encrypt anything that's digital, from emails you send to files you store on a computer or on a pen drive. There are encryption programs available for mobile phones, too. Another very useful application is a tool for remembering lots of different logins and passwords. You put all of your different accounts' details into this program and it encrypts them. You can get access to all of your accounts' details by entering in just one password. You don't have to keep remembering logins and passwords each time you set up a new account for something! An excellent program that does this and is free is called Keepass and you can download it from here.
How does a pupil called Max use PGP to send secure messages to his friend Alfred?
1) Alfred and Max both download and set up the PGP program from http://www.tucows.com/
2) When Alfred sets up the PGP program on his computer, the program generates two software keys for him. These are known as his public key and his private key.
3) The private key stays with Alfred on his computer. He sends the public key to whomever he wants to communicate with, in this case, Max. It doesn’t matter if this key is intercepted by anyone. It is a ‘public’ key.
4) Now when Max wants to send a secure message to Alfred, Max writes his email and then using his PGP program and Alfred's public key, he encrypts it. Then he sends the encrypted message.
5) Alfred receives an encrypted message from Max.
6) Alfred uses his PGP program and his own private key to decrypt and read the message.
If Alfred wants to return a secure message, he must ask Max to send him his Public Key first.
Q1. What is meant by encryption?
Q2. What does ‘authorisation’ mean?
Q3. What is a ‘public key’ as used in PGP?
Q4. What is a ‘private key’ as used in PGP?
Q5. How can you get a public and private key?
a) Download and set-up a PGP program. Send and receive encrypted emails to and from a friend.
b) Download and set-up Keepass. Store some user account details in it. Try to open the file it creates without the password.