What is cryptography?

Cryptography is the process of taking and jumbling up in such a way as to render completely unreadable except to the intended recipient(s), ordinary, every-day data that is easily read by humans or computers. From this description, the casual observer might assume that the last sentence was encrypted. But alas, the casual observer would be mistaken. Look at the text below, and compare it to the first sentence in this paragraph. Yes, they both say the same thing.

-----BEGIN PGP MESSAGE-----
Version: 2.6.3a

hIwCyI3ZzhK4ztEBA/9ZUIMnpwWSREyfS59T/aY8ZmX/lsmu+RX1m9LAYXicvKwn
lNr6/rdUaOyOy1478WO9d8NqNAnNhqEOQoUoZh8y9m8BIDfIL34oG+ch+hfZmN3M
2Y64iHmEqfdi2QmPoT/tdC6aRPFvkmFe8fjHvxzphAxHhWPgJwNpH6plPv79rKYA
AAC1F4W84Y3rqG3oIIpCNcnGGvJUvhnCSbCTrwBimqNyE2JVKNQQiQ7AWo5/+p0c
m9reNiBHvLoexeq3XY1rfoL39x+WU+W2Zd9sNZuY8/G3f/Cf0saWqhsFjADEYj5D
q9W/VnCu8TowVf1fXVPh88VG46SU3peQTR+R3m34uvInajPPFEQ/UOvo3NFbq427
nWJ66TAYlTRgWhkOq4U4TcZAN8Wly9ZJ9c4yHtMd7wU97TkHRFnyYA==
=hldi
-----END PGP MESSAGE-----

This mass of jumbled letters, numbers, and punctuation is called cyphertext. The casual observer might casually observe that the cyphertext is noticeably longer than the original text (plaintext), and wonder what the point of encrypting something is if you don't gain any advantages. Well, from above you should have learned not to be a casual observer. (You learn something new every day....) Indeed, through encryption, one gains many advantages. Suppose you were sending e-mail to a friend or acquaintance. This mail could be routed through dozens of computers before it reached its final destination. And any one of these computers could be the home of someone who likes to read other people's mail. This is startlingly easy for some people to do. So, if you want any privacy, or security, in your email you should encrypt this email, and then only the intended recipient can read it.

• Anyone who is discussing sensitive subject matter via e-mail, such as company secrets, private e-mail , illicit romance, or (heaven forbid) illegal activities.
• Anyone who, without being involved in any of the above activities, feels that they want a little bit of privacy. You may be sending love-letters to your S.O.. Would you send letters via the United States Postal Service if you knew that there was a chance that the postmaster was going to open and read your letter? Perhaps even make photocopies for his bar-buddies? Well, I wouldn't. And for the same reason, I would never send unencrypted e-mail on any subject matter that I would not be comfortable posting to a legitimately public forum, such as USENET.
• Anyone who sends e-mail. Period.

You can get a copy of PGP ,Free  from this Web page. The internal archive is encrypted, because I have to be able to prevent people outside of the USA from having access to it. Read the file GET_PASS.WRD in the archive (or follow the instructions at the previous link) for instructions on how to decrypt it.

Pretty Good Privacy is not an extremely user-friendly program. Yes, it runs from the DOS command line (if, of course, you use it on a DOS machine). It does, however, handle most of the tricky stuff itself. And if you have difficulty, you still have no excuse; you can get one of the freely distributed or shareware 'shells' for PGP, that run from either Windows or DOS.

I won't go into PGP's public-key encryption schemes right now. All you need to know as a beginner is that with PGP you have two 'keys.' One of these keys is a 'public' key, which you can give to anyone you want, and distribute widely. With this key, other people can encrypt messages to you. But they cannot read your messages. Once they encrypt a file to you, they cannot decrypt that file again, unless they also encrypted it to themselves. Your other key is your 'secret' key, which you must guard with your life. Do not let that key leave your sight, because it is the key that is used to decrypt the messages sent to you. Don't worry too much, though, because your secret key is protected by a pass-phrase that you decide upon. It's like a password, but really, really long. Hopefully with some random stuff thrown in. That way, even if someone gets your secret key, they can't decrypt your mail without your pass phrase. The public key functions like a padlock, while the secret key is the padlock's key. You give your padlock to anyone who wants it. They take a message and use that lock to secure the message. Once they've secured the message, nobody but you (the holder of the padlock's key), can open it. Not even the person who locked it in the first place can open the message.

So basically, PGP allows you to encrypt messages to friends, acquaintances, partners, lovers, and others, and they can decrypt the messages without first having to set up a secure channel to transmit the cypher key.

PGP also allows you to digitally 'sign' messages, using your secret key. People who have your public key can check your signature, and this will verify to them that you really were the person who sent this e-mail. I won't go deeply into the signature process, either, as that would require massive research on my part in the areas of message digests, one-way hash functions, and the actual workings of the public-key cryptography system employed by PGP.