PGP vs. RSA: How Are They Different?
With increases in data breaches, the topics of data encryption and its importance are appearing more often in public discussions of data security. There is also increased confusion about the different types of encryption available. Some are more appropriate for internal purposes, such as with large databases. Others may be more effective when you need data migration to an external vendor or other sources.
Adding to the confusion is the number of encryption-related acronyms that are often used interchangeably, but in fact, have different meanings. Some of the acronyms you see are different encryption types, while others are protocols that can be used within different encryption types. We’ll look here at two acronyms that sometimes cause confusion—PGP and RSA.
Asymmetrical vs. Symmetrical Encryption
PGP stands for Pretty Good Privacy, and was originally an application developed by Phil Zimmerman in 1991. It works by using two keys for encryption, instead of the one key used by methods such as Advanced Encryption Standard (AES). The two-key method is known as asymmetrical encryption, while single-key encryption is called symmetrical encryption.
With asymmetrical encryption, you can distribute the public key to anyone who might need to send you encrypted content, such as email. They can then use that key to encrypt their data. When you receive the data, you must use the private key to decrypt it. In symmetrical encryption, parties on both ends must use the same key. If a third party were to learn that key, they would be able to decrypt your data exchanges.
PGP generates a public key for encrypting data, and a private key for decrypting it. OpenPGP, the standard developed from the original PGP application, is often used for encrypting email.
Different Algorithms Possible
PGP can use a number of encryption algorithms to generate its keys. One of those is Rivest–Shamir–Adleman (RSA). RSA is named for its developers, Ron Rivest, Adi Shamir, and Leonard Adleman, who developed the algorithm in 1978.
RSA was one of the first asymmetrical encryption algorithms published. Both its private key and public key can be used to encrypt and decrypt data. Whichever is used to encrypt, the other is used to decrypt.
While it is widely used, RSA is comparatively slower than some other methods, so it is usually used for smaller chunks of data, such as securely sending a decryption key. In this scenario, it is part of a hybrid cryptosystem, where one method is used to encrypt the key, and another method used to encrypt the data being transmitted.
PGP most often uses either RSA to encrypt its public key, or a method called Diffie-Hellman. Either way, it provides the extra layer of protection that comes from asymmetrical encryption.
Interested in learning more? Download our eBook: IBM i Encryption with FieldProc and Assure Encryption: Protecting Data at Rest