Site icon SEPA for Corporates

9 Things I Learnt & You Might Too About PGP Encryption

The Edward Snowden revelations have played a significant role in raising the profile of encrpytion over the last few years. That debate will clearly continue to run, but with heightened cyber security threats the use of encryption is something very relevant for corporates – particularly where payments are concerned. And it is with payment security in mind that i write this post, but encryption and related themes covered below are applicable across applications and processes.

1. What is Crytography?

Crytography comes from the Greek kryptós (hidden) and gráphein (to write).

There are lots of definitions out there for cryptography – but fundamentally they state that it is the science that enables information to be stored or transferred in a form that is not readable by an unauthorised person. The intended recipient however is able to convert the seemingly jumbled up and random looking characters and/or symbols into a meaningful message.

One frequently cited example of this conversion into random looking messages was that used by Julius Caesar, the so-called “shift by 3” rule. Private messages that Julius Caesar sent his generals replaced A with D, B with E and so on. Only those trusted sources that knew the rule could interpret and read the private message.

2. What is Encryption?

Encryption is the process of converting plain text into scrambled up, essentially unreadable, data – also known as ciphertext

3. What is Decryption?

Decryption is the reverse of encryption! Decryption is the process that unscrambles the ciphertext into plain text that is readable by the intended (hopefully!) recipient.

4. What is a Key?

In Julius Caesar’s day, most of the data being transferred was by hand. Nowadays, most information that is being transferred is over the internet or over public networks. So it is likely that your data will be exposed and maybe even read by some sources. If it is in plain text, and the information is private, confidential or sensitive that might be a problem for you. But if the message is encrypted, its not a big deal – because even though some guy can see the scrambled data, he/she will not know what it is actually saying.

But you need a way for the sender and recipient to be able to encrypt (sender) and decrypt (recipient). This is where keys become important. As the name suggests keys are used to lock (encrypt) and unlock (decrypt) the data. Sounds very James Bond!

5. Sounds simple so far… What is a Public Key and a Private Key?

Okay, so this is where it gets a bit tricky….

The first thing to note is that “Keys come in two’s:

6. What is a Signature?

A digital signature is just like a hand written signature, it allows the recipient to be sure that the information was sent by the correct party.

 

A digital signature is created by encrypting data with your private key, and when the recipient receives the data they will be able to decrypt it using your public key. Since the public and private keys are related, this is possible.

You can choose whether you want to only encrypt data, or only sign data, or do both!

 

7. Why is a Signature Important?

Couple of reasons:

8. But you still havent told me about PGP Encryption…?!?!

Yeah, you need to know all of the above to understand PGP encryption. PGP encryption stands for Pretty Good Privacy.

Its funny, because Pretty Good Privacy sounds like its okay, just okay. Here is what you need to know:

9. How is PGP encryption relevant for Payments?

Corporates send payments to their banks for processing, but the problem is that the payments or payment files might be intercepted either at source (within your company) or en-route and somebody may modify the payment file and either add unauthorised payments or change the payment recipient details. That is a scary but real prospect.

This is where PGP encryption might be useful. You may want to consider using PGP encryption to scramble the payment file data so that the payment file cannot be read and in turn modified in anyway. In order to do this, you will need to setup PGP encryption and decryption processes within your company and find out the PGP encryption capabilities at your payment service providers.

Hope that helps!

Sources:

Exit mobile version