The PGP Trust Model

Pretty Good Privacy [3], or PGP, is a milestone in the history of cryptography, because for the first time it makes cryptography accessible to the wide mass of privacy hungry on-line public. PGP was created primarily for encrypting email messages using public or conventional key cryptography. The latter are used mainly to encrypt local files. With public key cryptography, PGP first generates a random session key and encrypts the plaintext with this key. The session key along with the ciphertext are then encrypted using the recipient's public key and then forwarded to the recipient. Other features include generating message digests, generating digital signatures, management of personal 'key rings' and distributable public key certificates. It is also designed to work off-line to facilitate e-mail and file encryption, rather than on-line transactions.