Impossible tri-bar

Digital Phenomena - Your first stop for internet consultancy 
Data Encryption Tutorial — Lesson 1

Page 2 — Public/Private Key-Based Encryption

In public-key cryptography, a user has a pair of keys: public and private. As their names suggest, the private key is kept private, while the public key is distributed to other users. The owner of the private key never, ever shares the private key with anyone. A second, public key is distributed to other users. The public and private keys of a particular user are related via complex mathematical structures in such a way that inexorably links one key with the other. This relationship is crucial to making public/private key-based encryption work, as you will soon see.

The public key is used as the basis for encrypting a message, while the private key is necessary for the recipient to decrypt the encrypted message. Only the bearer of the private key can decrypt the message. Even the person who did the encrypting cannot decrypt the message he just encrypted, because he does not hold the private key.


OK ... let's try this again:

Suppose that Joe User has a public key and a private key. Jane User also has a public key and a private key. Joe and Jane want to send encrypted messages to each other, so they exchange public keys. Now Joe has his own private key and Jane's public key. Jane has her own private key, and Joe's public key.

Keys are kept on key rings: One ring is for private keys and another is for public keys. They are not unlike real key rings that hold your car, house, and other keys together. On Joe's public key ring, he has Jane's public key. On Jane's public key ring, she has Joe's public key. Both Joe and Jane also have private key rings, that hold only their own private keys. Their private key rings should only ever hold their own private keys.

When Joe wants to send an encrypted message to Jane, he uses his encryption software to scramble the message based on Jane's public key. Jane receives the message, then uses her encryption software and her private key to decrypt it. Only Jane will be able to decrypt a message that has been encrypted by someone using her public key.

In the early 1990s, Phil Zimmerman developed PGP, or Pretty Good Privacy, which quickly became a very popular piece of software for email and file encryption using public and private keys. Due to the United States' export regulations and the import regulations of other countries regarding encryption algorithms, however, the OpenPGP standard was developed, and the GnuPG software was built around it. Unlike PGP software, GnuPG does not use patented or restricted encryption algorithms, and thus, it has become a popular alternative to PGP.

Although US export laws were recently modified, both PGP and GnuPG will likely continue to co-exist in the developer community. In the next section, you'll learn to use either PGP or GnuPG with PHP to encrypt and send messages, so now is a good time to decide which you'd like to use. Here are some basic differences:

  • To use PGP commercially, you must pay a fee, while GnuPG is free for all types of uses.
  • GnuPG is primarily Unix-based, although a Windows version does exist. PGP has versions for Unix, Windows, and even the Mac.
  • Both PGP and GnuPG have some restrictions or warnings regarding export and distribution, although this problem hits PGP users harder than GnuPG.
  • Both PGP and GnuPG are easy to install and subsequently use, but PGP has an extensive built-in GUI.

Take a look at both Web sites ( and and decide for yourself. After determining which encryption software you want to use, follow the steps outlined in either of the following sections to learn how to set up PGP or GNUPG on your Web server and on your personal system, so you can use PHP to invoke the encryption and send your Web-based order forms and whatnot to yourself as encrypted messages.

next page»

|Home|About Us|Services|Search|
W3C validatedW3C validated CSSCompatible with all browsers