In cases addressing other encryption software, however, two federal appeals courts have established the rule that cryptographic software source code is speech protected by the First Amendment (the Ninth Circuit Court of Appeals in the Bernstein case and the Sixth Circuit Court of Appeals in the Junger case). US export regulations regarding cryptography remain in force, but were liberalized substantially throughout the late 1990s.
Phil Zimmermann developed PGP in 1991. PGP and similar software follow the OpenPGP, an open standard of PGP encryption software, standard (RFC 4880) for encrypting and decrypting data. ==Design== PGP encryption uses a serial combination of hashing, data compression, symmetric-key cryptography, and finally public-key cryptography; each step uses one of several supported algorithms.
Popular end-user implementations have suffered from various signature-striping, cipher downgrade and metadata leakage vulnerabilities which have been attributed to the complexity of the standard. ==History== ===Early history=== Phil Zimmermann created the first version of PGP encryption in 1991.
Although many programs read and write this information, few (if any) include this level of certification when calculating whether to trust a key. The web of trust protocol was first described by Phil Zimmermann in 1992, in the manual for PGP version 2.0: The web of trust mechanism has advantages over a centrally managed public key infrastructure scheme such as that used by S/MIME but has not been universally used.
Indeed, in 1995, cryptographer Bruce Schneier characterized an early version as being "the closest you're likely to get to military-grade encryption." Early versions of PGP have been found to have theoretical vulnerabilities and so current versions are recommended.
CAST5) symmetric key algorithm, and the DSA and ElGamal asymmetric key algorithms, all of which were unencumbered by patents. After the Federal criminal investigation ended in 1996, Zimmermann and his team started a company to produce new versions of PGP encryption.
To remove confusion about how it could be that PGP 3 was the successor to PGP 4, PGP 3 was renamed and released as PGP 5 in May 1997. ===Network Associates acquisition=== In December 1997, PGP Inc.
In July 1997, PGP Inc.
Since 2000, compliance with the regulations is also much easier.
After the export regulation liberalizations of 2000 which no longer required publishing of source, NAI stopped releasing source code. In early 2001, Zimmermann left NAI.
Townsend Security partnered with Network Associates in 2000 to create a compatible version of PGP for the IBM i platform.
No license fee was required for its non-commercial use, and the complete source code was included with all copies. In a posting of June 5, 2001, entitled "PGP Marks 10th Anniversary", Zimmermann describes the circumstances surrounding his release of PGP: PGP found its way onto the Internet and rapidly acquired a considerable following around the world.
After the export regulation liberalizations of 2000 which no longer required publishing of source, NAI stopped releasing source code. In early 2001, Zimmermann left NAI.
In October 2001, NAI announced that its PGP assets were for sale and that it was suspending further development of PGP encryption.
In February 2002, NAI canceled all support for PGP products, with the exception of the renamed commandline product.
NAI (formerly McAfee, then Intel Security, and now McAfee again) continued to sell and support the product under the name McAfee E-Business Server until 2013. ===PGP Corporation and Symantec=== In August 2002, several ex-PGP team members formed a new company, PGP Corporation, and bought the PGP assets (except for the command line version) from NAI.
In 2010, PGP Corporation acquired Hamburg-based certificate authority TC TrustCenter and its parent company, ChosenSecurity, to form its PGP TrustCenter division. After the 2002 purchase of NAI's PGP assets, PGP Corporation offered worldwide PGP technical support from its offices in Draper, Utah; Offenbach, Germany; and Tokyo, Japan. On April 29, 2010, Symantec Corp.
For information on other programs compatible with the OpenPGP specification, see External links below. While originally used primarily for encrypting the contents of e-mail messages and attachments from a desktop client, PGP products have been diversified since 2002 into a set of encryption applications that can be managed by an optional central policy server.
In 2003, PGP Corporation created a new server-based product called PGP Universal.
Software Diversified Services also offers a commercial version of PGP (SDS E-Business Server) for the IBM z mainframe. In May 2018, a bug named EFAIL was discovered in certain implementations of PGP which from 2003 could reveal the plaintext contents of emails encrypted with it. ==PGP Corporation encryption applications== This section describes commercial programs available from PGP Corporation.
In 2005, PGP Corporation made its first acquisition: the German software company Glück & Kanja Technology AG, which became PGP Deutschland AG.
It has the capability of delivering e-mail securely when no recipient key is found via a secure HTTPS browser session. With PGP Desktop 9.x managed by PGP Universal Server 2.x, first released in 2005, all PGP encryption applications are based on a new proxy-based architecture.
Additionally, a magistrate judge ruling on the case in November 2007 has stated that forcing the suspect to reveal his PGP passphrase would violate his Fifth Amendment rights i.e.
The current specification is RFC 4880 (November 2007), the successor to RFC 2440.
Townsend Security again ported PGP in 2008, this time to the IBM z mainframe.
In November 2009 a British citizen was convicted under RIPA legislation and jailed for nine months for refusing to provide police investigators with encryption keys to PGP-encrypted files. PGP as a cryptosystem has been criticized for complexity of the standard, implementation and very low usability of the user interface including by recognized figures in cryptography research.
The standard was extended to support Camellia cipher by RFC 5581 in 2009, and signing and key exchange based on Elliptic Curve Cryptography (ECC) (i.e.
In 2010, PGP Corporation acquired Hamburg-based certificate authority TC TrustCenter and its parent company, ChosenSecurity, to form its PGP TrustCenter division. After the 2002 purchase of NAI's PGP assets, PGP Corporation offered worldwide PGP technical support from its offices in Draper, Utah; Offenbach, Germany; and Tokyo, Japan. On April 29, 2010, Symantec Corp.
This acquisition was finalized and announced to the public on June 7, 2010.
The source code of PGP Desktop 10 is available for peer review. Also in 2010, Intel Corporation acquired McAfee.
ECDSA and ECDH) by RFC 6637 in 2012.
NAI (formerly McAfee, then Intel Security, and now McAfee again) continued to sell and support the product under the name McAfee E-Business Server until 2013. ===PGP Corporation and Symantec=== In August 2002, several ex-PGP team members formed a new company, PGP Corporation, and bought the PGP assets (except for the command line version) from NAI.
In 2013, the McAfee E-Business Server was transferred to Software Diversified Services, which now sells, supports, and develops it under the name SDS E-Business Server. For the enterprise, Townsend Security currently offers a commercial version of PGP for the IBM i and IBM z mainframe platforms.
Support for ECC encryption was added by the proposed RFC 4880bis in 2014. The Free Software Foundation has developed its own OpenPGP-compliant program called GNU Privacy Guard (abbreviated GnuPG or GPG).
Software Diversified Services also offers a commercial version of PGP (SDS E-Business Server) for the IBM z mainframe. In May 2018, a bug named EFAIL was discovered in certain implementations of PGP which from 2003 could reveal the plaintext contents of emails encrypted with it. ==PGP Corporation encryption applications== This section describes commercial programs available from PGP Corporation.
All text is taken from Wikipedia. Text is available under the Creative Commons Attribution-ShareAlike License .
Page generated on 2021-08-05