The PGP Underpinnings
Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. Phil Zimmermann developed PGP in 1991. PGP and similar software follow the OpenPGP standard (RFC 4880) for encrypting and decrypting data.
The XcooBee Implementation
As you see PGP is a complex mathematical encryption scheme and despite being very useful, it is difficult for the average consumer to understand and deal with. Thus, we at XcooBee, wanted to make this easier and allow most users to use the technology without even have to think about it. PGP support is backed into the core platform and available for all basic users and above subscription levels. Whenever possible we will automatically enable PGP for transfers between users. We will check the conditions on both ends and if possible use it to secure your files and sign them in such a way that the recipient knows that only people with the right keys can originate them.
Private and Public Keys
To work properly with PGP you will need one key that is split into a public and private part. A key is a numeric sequence of bytes. The private key should not be shared or given out to others, while the public key should be published as widely as possible in order for people to be able to send you properly encoded messages or accept messages from you as appropriate sender.
Users can generate the appropriate PGP keys in their settings area. You can select different key length based on your need, though we recommend at least a 2048 bit key to be used. Your can also supply a password you want to use with your private key. You will have to always supply that password to decrypt or encrypt a document with your key.
After the generation of the private and public keys you will be asked to download the keys for safekeeping. This is the last time you will be able to access your private key from the system. Once you have downloaded the key pair, you can activate it by saving the key pair.
Managed Private Key Option
If you have elected for XcooBee to manage your private key (you control this in your settings), we will save your private key using a concept called envelope encryption. In essence, no one at XcooBee will be able to read your private key. It will be supplied to the system only during processing when it is needed and immediately destroyed afterwards.
Automatic Encryption and Decryption
A XcooBee managed private key will allow XcooBee to manage encryption and decryption for you automatically. When you send out documents to other users, we will automatically encrypt them to the recipient if we detect that the recipient has enabled PGP as an option.
Similarly, XcooBee will decrypt your document just before you download it and supply the plain text document to you. XcooBee will not store the decrypted document.
You can disable automatic decryption simply by going to your settings and disabling the option that allows XcooBee to store your private key.
Key Storage Options
Of course, you have full control. Since we are XcooBee we allow you to bring your own keys that you have already generated and used somewhere else. We will not accept external private keys, however, you can supply your PGP public key for us to use and publish on your behalf.