The most chilling phrase in the online world is “I know your secrets.” We all have sensitive information, whether it’s financial records, personal or professional e-mail, or confidential business plans. PGP Personal 8.0 takes a direct approach to safeguarding that information: encrypting e-mail messages and files so that only you and your chosen recipients can read them.
PGP uses a technique called public-key cryptography to control access to an encrypted file or disk. Traditional security tools (including options in programs such as Adobe Acrobat) allow you to password-protect files, but that creates a paradox: How do you get the password to your recipient over an insecure channel? The answer is public-key cryptography, which lets you encode items with your recipient’s publicly available key, making those items unreadable to everyone except the recipient, who has a second, descrambling private key.
With a comprehensive set of features, PGP Personal 8.0 gracefully encodes and decodes items, hiding the computational and management complexity. It also helps you create and manage keys, and it lets you create secure virtual disks on which you can store vital files. For users who routinely exchange critical data or who work at insecure locations, PGP Personal 8.0 will be a vital program.
Running on OS X
PGP 8.0 is the first version of the long-standing Pretty Good Privacy software to run natively in Mac OS X. This release works only with OS X 10.2 and later, although the keys, files, and disks it creates interact seamlessly with PGP Personal 8.0 for Windows. The package also includes PGP Personal 7.2 for OS 8.6 through 9.X, in case you need to run the program on an older Mac.
Managing public and private keys is the core function of PGP 8.0. In the PGPkeys window, you click on the New Key button to create a pair of keys, link them to your name and e-mail address, and enter a long passphrase that secures the private part of the key. It’s then easy to submit your public key to several public-key servers on the Internet, making it available to anyone who wants to send you encrypted information. Likewise, it’s easy to find the public key of anyone you want to contact — choose Search from the Server menu, and an interface for searching the key servers appears. (Recipients don’t need version 8.0, but they do need a PGP-based program to decrypt your documents or messages.)
Wrestling with the Interface
The previous version of PGP consisted of several programs; each handled a different encryption task. Version 8.0 has been simplified somewhat, with the tools for key, disk, and e-mail-message encryption combined in a single program. (There’s a free version for people who don’t need all the tools; see “Pieces of 8.0: A Treasure Trove of Components.”) Still, some clunkiness remains. We found that it was difficult at first to determine the appropriate tool for various tasks. For instance, to encrypt files with someone’s public key, you use PGPmail, whether or not you plan to e-mail the document.
You can access the document options from PGP itself, from PGP’s Dock icon, and from the Services submenu of the Application menu (in programs that support Services — Qualcomm’s Eudora, for example). Apple’s Mail supports PGP directly, and PGP Personal 8.0 includes plug-ins that enable PGP support from within Microsoft Entourage X. With a forthcoming update, Bare Bones Software’s Mailsmith will also support PGP Personal 8.0 from within its interface. The more direct PGP support software developers offer, the more pervasive PGP-encrypted mail can become.
PGP 8.0’s PGPdisk tool creates encrypted disk images for groups of files or entire volumes, and you can mount these images just as you would in Apple’s Disk Copy — but PGPdisk surpasses Disk Copy in speed, versatility, and level of protection. PGPdisk unmounts disk images automatically if there is no activity, so you can walk away from your computer without leaving your data vulnerable.
There is one significant risk that comes with using PGPdisk: Any data corruption in the disk-image file could render the entire disk unreadable; you should back up your data frequently when you use PGPdisk.
Macworld’s Buying Advice
PGP Personal 8.0 is an excellent and inexpensive solution for people who must regularly protect the contents of files or disks, or who frequently need to send and receive secure documents. The rewards for mastering its learning curve are peace of mind and industrial-grade protection.