Pretty Good Privacy (PGP) is a secure email program that provides a confidentiality and authentication service that can be used for electronic email and file storage applications. PGP achieves confidentiality and authentication by the following steps:

1. The sender creates a message M
2. SHA-1 is used to generate a 160-bit hash code of the message
3. The hash code is then encrypted with RSA using sender’s private key.
4. The result is concatenated with the original message. (Pts. 1-4 covers authentication)
5. Also, a 128-bit number is generated which is going to be the session key for the current session only.
6. The message from step 4 is encrypted using CAST-128 and the session-key
7. The session-key is then encrypted with RSA using the recipient’s public key and is attached (prepended) to the message. (Pts. 5-7 covers confidentiality)
8. Message is transferred through the medium.
9. The receiver uses RSA to with its private key to decrypt and recover session key
10. Now since the session key is obtained , the remaining message is decrypted using sender’s public key and RSA
11. The receiver then generates a hash code for the message and compares them it with the decrypted hash code. If they match, the message is considered as authentic.