Problem solve Get help with specific problems with your technologies, process and projects.

Is messaging in symmetric encryption better than PGP email security?

Is symmetric encryption or PGP the more reliably secure way to send email? Learn more in this expert response from Randall Gamby.

Suppose two people exchange messages using symmetric encryption; every time they communicate, a session key is generated that encrypts the message using a protocol that handles session keys like SSL. They could, alternatively, use PGP to exchange messages. Do you think in this scenario that PGP or symmetric encryption would offer better security?
It depends on how trusted the local environment is. Symmetric encryption will ensure non-disclosure between "systems" by encrypting all message packets between mail servers using a shared encryption key. PGP ensures non-disclosure of an individual message by encrypting the actual message and making it viewable only by the sender and recipient. PGP is a bit more flexible as it can be used when the message traverses an unsecured network channel between two systems or even if the recipient is on the same system. As a general guideline, if you have a trusted messaging environment, but the network between servers is in question, then symmetric encrypted sessions like SSL will work. If you're exchanging messages that are so sensitive in nature that even the messaging system administrators shouldn't have access to the message content, like legal or executive communications, I'd use PGP.
This was last published in May 2010

Dig Deeper on Email and Messaging Threats-Information Security Threats

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.