PGP & GPG | Privacy Technology for Medical Doctors - University of Illinois at Urbana-Champaign

What is PGP and GPG?

PGP stand for Pretty Good Privacy. GPG stands for GNU privacy Guard. Both of these programs are used to encrypt and decrypt data, messages, and emails. The difference between the two is that GPG is open-sourced where PGP is not. The technical explanation behind how these two programs work is very complicated and rigorous. However the basic idea behind them is just as useful to understand. These programs use mathematical algorithms to generate two keys for each person using them. One key is known as the public key and is available for the general public. The other key is a private key and should only be known by the individual. When two people use these programs, they exchange their public keys but not their private keys. The only way to decrypt the message sent from one individual to the other is by using their own private key. Here is a video that better explains the idea:

How to use GPA/GPG?

The following list of steps are used for setting up encrypted email on a given computer.

1. Go to http://www.mozilla.org/en-US/thunderbird/ and download Mozilla Thunderbird

2. After Thunderbird is downloaded, go to http://gpg4win.org/ and download Gpg4win

3. Select GPA as one of the downloads

4. Once GPA is downloaded, open GPA and press ctrl+N to generate a new key

5. You will have to enter your name and email address before the program starts generating a key

6. While its generating the key, the program will ask you to enter a passphrase NOTE: this passphrase is used in the instance your private key is compromised, another auntecation level is needed to access your email.

7. After your public and private key is generated, go to Thunderbird and click on Add-ons.

8. In the Add-ons, search for Engimail and download this add-on.

9. After all these steps have been fulfilled, your computer is ready to send encrypted emails.

10. Go to Thunderbrid and click on “Write”

11. In the taskbar, click on “OpenPGP” and click on “Encrypt Message”

12. Enter the recipients email address. NOTE: You must have the recipient public key.

13. Enter the text in the subject line and type the email.

14. Click Send.

15. The recipient should receive the message and would have to enter their passphrase to decrypt the message.

Uses of Encrypted Emails in the Medical Field

Encrypted Emails can change the way doctors and patients communicate because unlike regular emails, encrypted emails are many folds more secure. Without the private key or the passphrase, compromising a patient’s or doctor’s email would be virtually impossible. Although PGP and GPG are similar to Cryptocat in that they send encrypted messages, PGP and GPG would only be used if the patient and doctor are not having a back and forth conversation. Cryptocat is useful in that it is much more apt for real time, back and forth conversation.