GPG standard – a word on encrypting confidential data

Some users want it 101% safe. If the files we share via cloud services really need that extra layer of protection, encrypting them with a GPG standard might be a good idea.

The GPG standard is a tool for encrypting and signing both e-mail messages and attached files. It also allows us to verify the authenticity of the sender of the correspondence. GPG tools are particularly valued in the banking industry, which, due to the types of information it processes, has very strict security requirements, but general business operations can benefit from it too without much hassle.

Unlike classic encryption methods, the GPG standard is based on the use of asymmetric key pairs generated for specific users – a public key that enables data encryption and a private key that is used during the decryption process. This solution is much safer because users only exchange public keys, while private keys are not shared with unauthorized persons.

Cloud providers are aware of the threats related to information security in current business reality and many introduce a GPG communication encryption standard. They understand the importance of data security not only at the level of the services offered, but also in the business environment as such. For this reason, in addition to using the encryption method internally, they encourage their clients to introduce similar standards in their organizations too.

The use of GPG encryption gives us confidence that the content of each message or content of the transmitted file will not fall into the wrong hands. The matryoshka-type method, where a file is encrypted with GPG first outside the cloud, and then sent via the very GPG encrypted cloud itself might bit of an exaggeration to some, yet a true ally to other. The GPG standard increases the level of security and reliability of transmitted data immensely. The mechanisms built into the software not only prevent wrongdoers from decrypting files in case they are intercepted, but also allow us to verify the authenticity of the sender of the correspondence.

FORDATA, for instance, uses the GPG standard on a daily basis in internal correspondence and with selected clients. We strive for every business partner to at least find out that such standards exist and to make a conscious decision whether to apply them. Every conscious organization should consider introducing similar safeguards. Of course, the GPG standard is not a solution to all problems related to information security, as it is the user who will always remain the weakest point. However, GPG significantly raises the security standards used in the organization, so the more unsure you feel about the security of your everyday online practices, the more advisable it is for you to start taking countermeasures.

To start using the GPG encryption standard, follow these steps:

• Install GPG software (eg. Kleopatra),
• Generte a pair of keys (private and public),
• Exchange public keys with potential recipients of our correspondence,
• Manage public keys of other people, i.e. adding the public keys of colleagues or friends to the database.

After configuring the software, there is nothing else but to start working properly with the program, i.e. encrypting / decrypting messages and files. The person who wants to send the encrypted message encrypts it with his public key and then selects the recipients of the message. This message can only be decrypted with the use of the recipients’ private keys. If the sender makes a mistake and sends the message to a person who should not see him, the recipient will only see a string of illegible characters.