Appearance
Introduction to PGP / GPG
PGP (Pretty Good Privacy) and GPG (GNU Privacy Guard) are tools that let you encrypt data and prove authorship of files or messages. While often associated with software development and security, they are equally useful for student projects, group work, and safe file sharing.
This introduction explains the core concepts you need to understand before using GPG in practice.
PGP vs GPG
- PGP is the original encryption standard and idea.
- GPG is a free, open-source implementation of PGP that is widely used today.
- For students and most practical purposes, GPG is the tool you use; the concepts apply to both.
Encryption vs Signing
These are the two main things you can do with GPG:
Encryption – keeps your data secret.
- Only someone with the correct private key can read it.
- Example: sending a sensitive project file to a teammate securely.
Signing – proves the data came from you and hasn’t been modified.
- Anyone with your public key can verify your signature.
- Example: signing a Git commit or a project submission.
Important: Signing does not hide the content. Encryption does not prove authorship.
Public and Private Keys
GPG uses a key pair:
| Key type | Purpose | Shareable? |
|---|---|---|
| Public key | Encrypt data for you, verify your signature | Yes |
| Private key | Decrypt data, sign data | Never |
- Public key: like a lock you hand out
- Private key: like the key that unlocks it, you keep it secret
The combination lets anyone encrypt to you (with your public key) and verify your identity (with your signature), without ever sharing your private key.
Why this matters for students
- Secure file sharing in group projects
- Protecting sensitive coursework or research files
- Verifying authorship in Git commits or submissions
- Learning good digital security hygiene early
Understanding these concepts first will make the hands-on sections (key management, encrypting/signing, Git signing) much easier to follow.
Next, you will learn key management, including generating, backing up, and revoking keys safely.