PGP and Self-Signed Digital Certificates

PGP (Pretty Good Privacy) is a popular encryption product used on e-mails, disk data, and backup systems, for encryption and digital signing. It uses the system of self-signed digital certificates and a hierarchical trust model, for public keys for users.

The certificate contains information to identify the owner, and the signature authenticates ownership and provides for non-repudiation. This system is effective, as the digital signature, apart from the self-signing, can also contain multiple signatures.

Each additional signature is a stamp of recognition of the authenticity of the owner and gives the certificate increased validity and trust. Having more than one signature reduces the risk of incorrect authorization. PGP requires “one Completely trusted signature or two Marginally trusted signatures” to establish a key as valid.