Wednesday, May 27, 2026

GPG, PGP and SSH

All these terms relate to asymmetric (public-key) cryptography, a system where you use two mathematically linked keys: a public key that you share with everyone and a private key that you keep secret.

1. Public Key (The Basics)

Think of a public key like a padlock that you leave wide open for anyone to use, and the private key as the physical key only you have.

Encryption: Anyone can use your public key to lock (encrypt) a message so that only you can unlock (decrypt) it with your private key.
Signing: You can "sign" a file with your private key to prove it came from you. Others use your public key to verify that the signature is valid and the file hasn't been tampered with.

2. PGP vs. GPG

These two are often used interchangeably because they do the same thing: encrypt and sign data.

PGP (Pretty Good Privacy): The original encryption program created in 1991. It is now a proprietary/commercial product owned by Symantec.
GPG (GNU Privacy Guard): A free, open-source version of PGP. It follows the "OpenPGP" standard, making it compatible with PGP.
Primary Use: Securing emails, signing software packages, and encrypting files at rest.

3. SSH (Secure Shell)

While PGP/GPG is mostly for securing data, SSH is a protocol specifically for securing connections between computers.

How it works: You put your SSH public key on a remote server (like a GitHub account or a Linux VPS). When you try to log in, the server uses that public key to challenge your computer. Your computer "proves" its identity using your matching private key.
Primary Use: Logging into servers remotely or pushing code to repositories without typing a password every time.

Key Differences at a Glance

Feature GPG / PGP SSH
Main Goal Protecting data (emails, files) Protecting access (logging into servers)
Trust Model Web of Trust: Users sign each other's keys to verify identity Trust on First Use: You manually approve the server's key the first time you connect
Typical Format Often looks like a block of text starting with
-----BEGIN PGP PUBLIC KEY BLOCK-----
Often a single line starting with
ssh-rsa or ssh-ed25519

Pro Tip

You can actually use a GPG key for SSH authentication by using a GPG Agent, which lets you manage all your security needs with a single master key.

For RS Chandras Tech Blog By -

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

GPG, PGP and SSH

All these terms relate to asymmetric (public-key) cryptography, a system where you use two mathematically linked keys: a public...