GnuPG – general information on encryption methods

GnuPG is an email encryption software which can be installed on university computers from the Software Center.

    Definitions

    The following definitions of terms apply to this and other instructions related to encryption:

    • A key is a character string used for the encryption and/or decryption of data content with a suitable algorithm
    • A secret key is the key used for symmetrical encryption and its decryption
    • A private key is the key pair half used for decryption and electronic signatures in the public key method
    • A public key is the key pair half used for the encryption of data and the verification of electronic signature in the public key method

    Encryption

    The general purpose of encryption is to change the presentation of data into such a format that only the party knowing how to decrypt the data is able to read the contents. On a principal level this is done by processing the data content using an encryption method and an encryption key so that the end result cannot be read as such without the information on both the method used and the key. This allows sending information between parties even through unsecure communications channels.

    Additional information:
    https://fi.wikipedia.org/wiki/Salausmenetelmä
    https://en.wikipedia.org/wiki/Cryptography

    Encryption methods are divided into two groups

    Symmetric encryption

    In the symmetric key method, the same key is used both for encryption and decryption. For the recipient to be able to decrypt the message, the parties have to agree on a process for agreeing the encryption method and the key in advance or transferring them using a secure channel.

    Additional information:
    https://fi.wikipedia.org/wiki/Symmetrinen_salaus
    https://en.wikipedia.org/wiki/Symmetric-key_algorithm

    Asymmetric encryption or the public key method

    In the public key method, encryption and decryption are done using different keys. The public key of the key pair is one which can only be used for encrypting data. The other half of the pair, the private key, is one which can only be used for decrypting data. The parties therefore only need to make their public keys available to others in order to be able to encrypt data. No secure communications channel or method agreed in advance are needed for key exchange.

    The method for sending the public key varies according to usage. In the case of the PGP used for the encryption of e-mail, for example, the public keys are usually sent to the key server acting as a "phone directory" of a kind or published on the person's website.

    The public key method has another benefit over the symmetric key method – it allows you to create electronic signatures. The holder of a private key can use their key to create a signature of the desired content containing the verification information. This allows anyone holding the public key corresponding to the private key in question to verify whether the content has been changed after the signing and whether the correct private key was used for signing the content. This allows the verification of the content, origin and original status of an e-mail message, for example.

    Additional information:
    https://fi.wikipedia.org/wiki/Julkisen_avaimen_salaus
    https://en.wikipedia.org/wiki/Public key_cryptography

    Give feedback

    The instructions site of the University of Helsinki's IT Helpdesk helps you with IT-related issues related to your work. Let us know how we can improve our instructions. We greatly appreciate your feedback!

    How would you improve these instructions?
    Back to top