Cornell Home Page Computing at Cornell Authentication

Glossary of Useful PGP Terms

PGP - Pretty Good Privacy, a system of protocols, standards, and client applications that use Public Key Infrastructure to encrypt, decrypt, and digitally sign data. Often associated with e-mail messages, but can be used for any form of electronic document.

PGP Identity - essentially, a name and e-mail address pair associated with a key. There can be more than one Identity bound to the same key, but for the sake of simplicity and maximum security it is good practice to have only one.

PGP public key - the main portable element of your "PGP key", often interchangeable with more generic references to such. Has a unique 8-digit Hexadecimal string and one or more associated with it.

PGP private key - a shadow component to your PGP key which is needed to decrypt and verify PGP e-mail sent to your public key's Identities. Often simply stored in a default place on the user's hard drive and password protected, so that any prompts for a private key during a PGP transaction are equivalent to a "login popup".

PGP key ring - a local file/database of keys maintained by PGP client software. Ideally should have all keys that the user plans to correspond with, any keys that have 'signed' the user's primary key, and only one private key (that belonging to the user). A public key ring has all the public keys, while a private/secret ring stores any private keys.

PGP key server - a networked repository for storing, retrieving, and searching for public keys. Does not use any actual PGP protocol or technology to do this, although most PGP client software has functionality for directly interfacing with key servers. Key servers can use a few standardized protocols, among them LDAP, HTTP, and SMTP as public interfaces. A PGP key server is basically a centralized networked PGP public key ring.

PGP signature - A digital code created with a private key. Signatures allow authentication of information by the process of signature verification. When you sign a message or file, the PGP program uses your private key to create a digital code that is unique to both the contents of the message and your private key. Anyone can use your public key to verify your signature.

fingerprint - A uniquely identifying string of numbers and characters used to authenticate public keys. This is the primary means for checking the authenticity of a key. Key fingerprints are displayed in the Key Properties dialog box, and on a public key server search when the appopriate options are checked off.

Cornell Directory - An LDAP service provided by Cornell/CIT that stores information for all Cornell NetIDs.

Return to Cornell's PGP Pilot home page | Authentication site | Information Technology Security Program

Last modified: May 25, 2007