A little off topic but could you point me towards some resources for learning about what pgp was meant to solve? I've read back and forth opinions about it on hackernews,reddit, etc but I've not seen a definitive description of how it attempts to solve the problem of encrypted communication that wasn't heavily editorialized.
A lay nutshell summary: there is one giant problem in crypto systems since the dawn of time; how to distribute the keys to locked documents/files and keep those keys out of the "wrong hands". For the majority of history of cryptology, the only option was symmetric keys (the same key is used to lock the document as to unlock it). This is conceptually simple (she who has the key has the access), but at the cost of making distributing these keys a giant challenge of secrecy (anyone can intercept that key in transit and use it to unlock documents; worse, someone can intercept that key and the people who are supposed to use the key might not even be aware someone could be snooping).
Asymmetric key algorithms, where the key used to unlock the document is different from the key used to lock it, were long considered the "holy grail" for cryptography. With an asymmetric key, I can closely guard the "unlock key" (private key), but shout out the "lock key" (public key) from the rooftops or post it on flyers and anyone could send me documents in secret that only I could unlock. (That unlocks the next, and still current, major problem in that how do you as someone looking to send a secret document to me trust that the person shouting that night from the rooftops or posting that flyer is actually me, much less know which flyers to look for or that I might shout it sometimes from rooftops...)
PGP was the first software built "for the masses" that made asymmetric key crypto accessible to the "common computer users".
(PGP is also notable for attempting to build one such potential trust system to find/trust keys, the Web of Trust model. This is where most of the contemporary arguments about the value of PGP these days are targeted. The Web of Trust is a useful solution, but its a complicated solution that doesn't scale as well as it should and has a bad user experience with a sharp learning curve and a long tail of key management complications for even power users.)
> > As a sort of basically reliable swiss army knife for file-based encryption problems, the kinds of problems you'd otherwise use AES passphrase-encrypted ZIP files to solve, PGP not only works but also has a bad rap.
I have a text file. I encrypt it using a key. I send you the encrypted text file. How do you decrypt it? You need the key.
If I can send you the key securely why don't I just send the plain message using that secure mechanism?
