PGP Encryption Explained: How Your Emails Stay Private

The Problem PGP Solves

Before public-key cryptography, if you wanted to send someone a secret message, you had to first securely exchange a secret key with them. But how do you securely exchange a key if you don't already have a secure channel? This is the key distribution problem — and it stumped cryptographers for decades.

PGP solves this elegantly using a mathematical trick: two different but related keys, one public and one private. You can share your public key with the entire world. Anyone who wants to send you a secret message uses your public key to encrypt it. Only your private key — which only you have — can decrypt it.

The Key Pair: Your Lock and Your Key

When you create a PGP-enabled email account, a key pair is generated:

• Public key — like a padlock. You give copies to everyone. They use it to lock (encrypt) messages for you.
• Private key — like the key to that padlock. You keep it absolutely secret. Only it can unlock (decrypt) messages encrypted with your public key.

The mathematical relationship between the two keys is a one-way function: it's computationally trivial to encrypt with the public key, but computationally infeasible to reverse-engineer the private key from the public key. Modern PGP keys use 4096-bit RSA or elliptic curve cryptography — brute-forcing them would take longer than the age of the universe.

Encryption: Sending a Secret Message

When you send an email to another enemail user, PGP works automatically:

1. Your email client retrieves the recipient's public key from the key server
2. A random session key is generated (a temporary symmetric key)
3. Your message is encrypted with the session key using AES-256
4. The session key itself is encrypted with the recipient's public key
5. Both the encrypted message and encrypted session key are sent

On the recipient's end, their private key decrypts the session key, which then decrypts the message. This hybrid approach (asymmetric for key exchange, symmetric for the data) is used because asymmetric encryption is computationally expensive for large messages.

Digital Signatures: Proving You Sent It

PGP also provides digital signatures — cryptographic proof that a message came from you and hasn't been tampered with.

When you sign an email, your email client creates a hash (a mathematical fingerprint) of your message and encrypts it with your private key. The recipient decrypts the signature with your public key and compares the hash to the message they received. If they match, the message is genuinely from you and unaltered.

The Web of Trust

PGP uses a decentralised system called the "web of trust" for key verification. Instead of a central authority vouching for identities (like HTTPS certificates), PGP users vouch for each other. When you verify someone's identity and sign their public key, you're telling others in the network: "I've confirmed this key belongs to this person."

In practice, modern private email providers like enemail handle key discovery and verification automatically through a managed key server, so you don't need to think about trust chains for typical use.

Why PGP Is Still Relevant in 2025

PGP has been around for 30+ years, which sometimes leads people to assume it's outdated. The opposite is true. The underlying mathematics remain unbroken. Modern implementations use strong elliptic curve cryptography. And crucially, PGP is an open standard — it can be audited, reviewed, and verified by anyone, unlike proprietary encryption systems.

When enemail uses PGP, you can verify exactly how your emails are being protected. The cryptography is not a black box.