PGP Encryption Explained in Plain English

What Is PGP?

PGP stands for Pretty Good Privacy. Despite the humble name, it's one of the most trusted encryption standards in the world, used since 1991 to protect emails, files, and communications.

At its core, PGP uses something called asymmetric cryptography — which sounds intimidating, but the concept is surprisingly simple.

The Lockbox Analogy

Imagine you have a special lockbox with two keys:

• 🔓 Public key — anyone can use this to lock (encrypt) a message for you
• 🔐 Private key — only you have this, and it's the only way to unlock (decrypt) the message

Here's how it works in practice:

1. You share your public key with anyone who wants to send you a secure message
2. They use your public key to encrypt their message
3. The encrypted message can only be decrypted with your private key
4. Even if someone intercepts the encrypted message, they can't read it without your private key

That's it. That's the entire foundation of PGP encryption.

How Keys Are Generated

When you set up GmailKrypt, the extension generates a key pair for you:

┌─────────────────────────────────┐
│          Key Generation         │
│                                 │
│  🔓 Public Key (shareable)      │
│     Used to ENCRYPT messages    │
│     Safe to post anywhere       │
│                                 │
│  🔐 Private Key (secret!)       │
│     Used to DECRYPT messages    │
│     Never share this with       │
│     anyone, ever                │
│                                 │
└─────────────────────────────────┘

Both keys are generated locally on your device. Your private key is stored in Chrome's local storage and is never sent to any server — not even ours. This is what we call zero-knowledge architecture.

Digital Signatures: Proving It's Really You

PGP isn't just about encryption — it also provides digital signatures. When you sign a message:

1. GmailKrypt creates a unique hash (fingerprint) of your message
2. That hash is encrypted with your private key
3. The recipient uses your public key to verify the signature

If even a single character of the message was changed after signing, the verification fails. This proves:

• ✅ The message was sent by you (authentication)
• ✅ The message wasn't modified in transit (integrity)
• ✅ You can't deny sending it (non-repudiation)

Key Exchange: The First Step

Before you can send encrypted emails, you and your recipient need to exchange public keys. With GmailKrypt, this is simple:

1. Click "Attach Key" in the compose toolbar — your public key is appended to the email
2. The recipient imports your key — either through GmailKrypt or any PGP-compatible tool
3. They send you their public key — and you import it the same way
4. You're set! — all future emails between you can be encrypted

Pro tip: You can also share your public key on your website, social media profiles, or key servers. Public keys are meant to be public — that's the whole point!

What Does an Encrypted Email Look Like?

When you encrypt an email with GmailKrypt, the entire body of the message is replaced with a PGP-encrypted block:

-----BEGIN PGP MESSAGE-----
Version: OpenPGP.js v5.x

hQEMA7Vj8+t5rZ7aAQf+N2M7j8K2vF9xD3nE1yP4mR6sQ
8tA5bC7dF0gH3iK6lN9oR2sU5vX8yB1cE4fG7hJ0kL3mO
6pS9tW2xA5zC8dF1gI4jL7nQ0rU3vY6aD9eH2iK5lN8oR1
...more encrypted data...
=x7Fp
-----END PGP MESSAGE-----

To anyone without the private key — including Google, hackers, and surveillance systems — this is meaningless noise. The recipient opens the email, GmailKrypt detects the PGP block, and decrypts it automatically (or with one click).

Common Questions

Is PGP outdated?

No. The OpenPGP standard continues to be updated. GmailKrypt uses OpenPGP.js, which implements the latest specifications including modern elliptic curve cryptography.

Can PGP be cracked?

With current technology, properly implemented PGP with strong keys (4096-bit RSA or Curve25519) would take billions of years to crack by brute force — even with the world's fastest supercomputers.

What if I lose my private key?

If you lose your private key, you cannot decrypt any messages that were encrypted with your corresponding public key. This is why GmailKrypt lets you export and back up your keys. There's no "forgot password" reset — this is a feature, not a bug. It means nobody (including us) can access your encrypted messages.

Getting Started

PGP sounds complex, but GmailKrypt handles all the heavy lifting. You don't need to understand the math — just know that when you hit "Encrypt," your message becomes unreadable to everyone except the person you're sending it to.

Install GmailKrypt and start encrypting in under a minute.