Pretty Good Privacy

☆ Save On Wikipedia ↗
Pretty Good Privacy
Original authors
DeveloperBroadcom Inc.
Release1991 (1991)
Stable release
11.4.0 Maintenance Pack 2 / May 23, 2023 (2023-05-23)[2]
Written inC
Operating systemmacOS, Windows[3]
Standards
TypeEncryption software
LicenseCommercial proprietary software
Websitewww.broadcom.com/products/advanced-threat-protection/encryption Edit this on Wikidata

Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. Phil Zimmermann developed PGP in 1991.[4]

PGP and similar software follow the OpenPGP standard, whose current specification is RFC 9580. RFC 9580 obsoleted RFC 4880, the earlier OpenPGP message-format specification. Modern versions of PGP are interoperable with GnuPG and other OpenPGP-compliant systems.[5]

Design

Most aspects of PGP design apply more broadly to OpenPGP and are described at OpenPGP § Design.

Security quality

To the best of publicly available information, there is no known method which will allow a person or group to break PGP encryption by cryptographic or computational means. Indeed, in 1995, cryptographer Bruce Schneier characterized an early version as being "the closest you're likely to get to military-grade encryption."[6] Early versions of PGP have been found to have theoretical vulnerabilities and so current versions are recommended.[7] In addition to protecting data in transit over a network, PGP encryption can also be used to protect data in long-term data storage such as disk files. These long-term storage options are also known as data at rest, i.e. data stored, not in transit.

The cryptographic security of PGP encryption depends on the assumption that the algorithms used are unbreakable by direct cryptanalysis with current equipment and techniques.

In the original version, the RSA algorithm was used to encrypt session keys. RSA's security depends upon the one-way function nature of mathematical integer factoring.[8] Similarly, the symmetric key algorithm used in PGP version 2 was IDEA, which might at some point in the future be found to have previously undetected cryptanalytic flaws. Specific instances of current PGP or IDEA insecurities (if they exist) are not publicly known. As current versions of PGP have added additional encryption algorithms, their cryptographic vulnerability varies with the algorithm used. However, none of the algorithms in current use are publicly known to have cryptanalytic weaknesses.

New versions of PGP are released periodically and vulnerabilities fixed by developers as they come to light. Any agency wanting to read PGP messages would probably use easier means than standard cryptanalysis, e.g. rubber-hose cryptanalysis or black-bag cryptanalysis (e.g. installing some form of trojan horse or keystroke logging software/hardware on the target computer to capture encrypted keyrings and their passwords). The FBI has already used this attack against PGP[9][10] in its investigations. However, any such vulnerabilities apply not just to PGP but to any conventional encryption software.

In 2003, an incident involving seized Psion PDAs belonging to members of the Red Brigade indicated that neither the Italian police nor the FBI were able to decrypt PGP-encrypted files stored on them.[11]

A second incident in December 2006, (see In re Boucher), involving US customs agents who seized a laptop PC that allegedly contained child pornography, indicates that US government agencies find it "nearly impossible" to access PGP-encrypted files. Additionally, a magistrate judge ruling on the case in November 2007 has stated that forcing the suspect to reveal his PGP passphrase would violate his Fifth Amendment rights i.e. a suspect's constitutional right not to incriminate himself.[12][13] The Fifth Amendment issue was opened again as the government appealed the case, after which a federal district judge ordered the defendant to provide the key.[14]

Evidence suggests that as of 2007, British police investigators are unable to break PGP,[15] so instead have resorted to using RIPA legislation to demand the passwords/keys. In November 2009 a British citizen was convicted under RIPA legislation and jailed for nine months for refusing to provide police investigators with encryption keys to PGP-encrypted files.[16]

History

Early history

Phil Zimmermann created the first version of PGP encryption in 1991. The name, "Pretty Good Privacy" was inspired by the name of a grocery store, "Ralph's Pretty Good Grocery", featured in radio host Garrison Keillor's fictional town, Lake Wobegon.[17] This first version included a symmetric-key algorithm that Zimmermann had designed himself, named BassOmatic after a Saturday Night Live sketch. Zimmermann had been a long-time anti-nuclear activist, and created PGP encryption so that similarly inclined people might securely use BBSs and securely store messages and files. No license fee was required for its non-commercial use, and the complete source code was included with all copies.

In a posting of June 5, 2001, entitled "PGP Marks 10th Anniversary",[18] Zimmermann describes the circumstances surrounding his release of PGP:

It was on this day in 1991 that I sent the first release of PGP to a couple of my friends for uploading to the Internet. First, I sent it to Allan Hoeltje, who posted it to Peacenet, an ISP that specialized in grassroots political organizations, mainly in the peace movement. Peacenet was accessible to political activists all over the world. Then, I uploaded it to Kelly Goen, who proceeded to upload it to a Usenet newsgroup that specialized in distributing source code. At my request, he marked the Usenet posting as "US only". Kelly also uploaded it to many BBS systems around the country. I don't recall if the postings to the Internet began on June 5th or 6th. It may be surprising to some that back in 1991, I did not yet know enough about Usenet newsgroups to realize that a "US only" tag was merely an advisory tag that had little real effect on how Usenet propagated newsgroup postings. I thought it actually controlled how Usenet routed the posting. But back then, I had no clue how to post anything on a newsgroup, and didn't even have a clear idea what a newsgroup was.

PGP found its way onto the Internet and rapidly acquired a considerable following around the world. Users and supporters included dissidents in totalitarian countries (some affecting letters to Zimmermann have been published, some of which have been included in testimony before the US Congress), civil libertarians in other parts of the world (see Zimmermann's published testimony in various hearings), and the 'free communications' activists who called themselves cypherpunks (who provided both publicity and distribution); decades later, CryptoParty activists did much the same via Twitter.

Criminal investigation

Shortly after its release, PGP encryption found its way outside the United States, and in February 1993 Zimmermann became the formal target of a criminal investigation by the US Government for "munitions export without a license". At the time, cryptosystems using keys larger than 40 bits were considered munitions within the definition of the US export regulations; PGP has never used keys smaller than 128 bits, so it qualified at that time. Penalties for violation, if found guilty, were substantial. After several years, the investigation of Zimmermann was closed without filing criminal charges against him or anyone else in 1996.[19]

Zimmermann challenged these regulations in an imaginative way. In 1995, he published the entire source code of PGP in a hardback book,[20] via MIT Press, which was distributed and sold widely. Anybody wishing to build their own copy of PGP could cut off the covers, separate the pages, and scan them using an OCR program (or conceivably enter it as a type-in program if OCR software was not available), creating a set of source code text files. One could then build the application using the freely available GNU Compiler Collection. PGP would thus be available anywhere in the world. The claimed principle was simple: export of munitions—guns, bombs, planes, and software—was (and remains) restricted; but the export of books is protected by the First Amendment. The question was never tested in court with respect to PGP. In cases addressing other encryption software, however, two federal appeals courts have established the rule that cryptographic software source code is speech protected by the First Amendment (the Ninth Circuit Court of Appeals in the Bernstein case and the Sixth Circuit Court of Appeals in the Junger case).

US export regulations regarding cryptography remain in force, but were liberalized substantially throughout the late 1990s. Since 2000, compliance with the regulations is also much easier. PGP encryption no longer meets the definition of a non-exportable weapon, and can be exported internationally except to seven specific countries and a list of named groups and individuals[21] (with whom substantially all US trade is prohibited under various US export controls).

PGP 3 and founding of PGP Inc.

During this turmoil, Zimmermann's team worked on a new version of PGP encryption called PGP 3. This new version was to have considerable security improvements, including a new certificate structure that fixed small security flaws in the PGP 2.x certificates as well as permitting a certificate to include separate keys for signing and encryption. Furthermore, the experience with patent and export problems led them to eschew patents entirely. PGP 3 introduced the use of the CAST-128 (a.k.a. CAST5) symmetric key algorithm, and the DSA and ElGamal asymmetric key algorithms, all of which were unencumbered by patents.

After the Federal criminal investigation ended in 1996, Zimmermann and his team started a company to produce new versions of PGP encryption. They merged with Viacrypt (to whom Zimmermann had sold commercial rights and who had licensed RSA directly from RSADSI), which then changed its name to PGP Incorporated. The newly combined Viacrypt/PGP team started work on new versions of PGP encryption based on the PGP 3 system. Unlike PGP 2, which was an exclusively command line program, PGP 3 was designed from the start as a software library allowing users to work from a command line or inside a GUI environment. The original agreement between Viacrypt and the Zimmermann team had been that Viacrypt would have even-numbered versions and Zimmermann odd-numbered versions. Viacrypt, thus, created a new version (based on PGP 2) that they called PGP 4. To remove confusion about how it could be that PGP 3 was the successor to PGP 4, PGP 3 was renamed and released as PGP 5 in May 1997.

Network Associates acquisition

In December 1997, PGP Inc. was acquired by Network Associates, Inc. ("NAI"). Zimmermann and the PGP team became NAI employees. NAI was the first company to have a legal export strategy by publishing source code. Under NAI, the PGP team added disk encryption, desktop firewalls, intrusion detection, and IPsec VPNs to the PGP family. After the export regulation liberalizations of 2000 which no longer required publishing of source, NAI stopped releasing source code.[22]

Asset split

In early 2001, Zimmermann left NAI. He served as Chief Cryptographer for Hush Communications, who provide an OpenPGP-based e-mail service, Hushmail. He has also worked with Veridis and other companies. In October 2001, NAI announced that its PGP assets were for sale and that it was suspending further development of PGP encryption. The only remaining asset kept was the PGP E-Business Server (the original PGP Commandline version). In February 2002, NAI canceled all support for PGP products, with the exception of the renamed commandline product.[23][24]

McAfee

NAI, now known as McAfee, continued to sell and support the commandline product under the name McAfee E-Business Server until 2013.[25] In 2010, Intel Corporation acquired McAfee. In 2013, the McAfee E-Business Server was transferred to Software Diversified Services (SDS), which now sells, supports, and develops it under the name SDS E-Business Server.[25][23]

For the enterprise, Townsend Security currently offers a commercial version of PGP for the IBM i and IBM z mainframe platforms. Townsend Security partnered with Network Associates in 2000 to create a compatible version of PGP for the IBM i platform. Townsend Security again ported PGP in 2008, this time to the IBM z mainframe. This version of PGP relies on a free z/OS encryption facility, which utilizes hardware acceleration. SDS also offers a commercial version of PGP (SDS E-Business Server) for the IBM z mainframe.

PGP Corporation

In August 2002, several ex-PGP team members formed a new company, PGP Corporation, and bought the PGP assets (except for the command line version) from NAI. The new company was funded by Rob Theis of Doll Capital Management (DCM) and Terry Garnett of Venrock Associates. PGP Corporation supported existing PGP users and honored NAI's support contracts. Zimmermann served as a special advisor and consultant to PGP Corporation while continuing to run his own consulting company. In 2003, PGP Corporation created a new server-based product called PGP Universal. In mid-2004, PGP Corporation shipped its own command line version called PGP Command Line, which integrated with the other PGP Encryption Platform applications. In 2005, PGP Corporation made its first acquisition: the German software company Glück & Kanja Technology AG,[26] which became PGP Deutschland AG.[27] In 2010, PGP Corporation acquired Hamburg-based certificate authority TC TrustCenter and its parent company, ChosenSecurity, to form its PGP TrustCenter[28] division.[29]

After the 2002 purchase of NAI's PGP assets, PGP Corporation offered worldwide PGP technical support from its offices in Draper, Utah; Offenbach, Germany; and Tokyo, Japan.

Symantec

On April 29, 2010, Symantec Corp. announced that it would acquire PGP Corporation for $300 million with the intent of integrating it into its Enterprise Security Group.[30] This acquisition was finalized and announced to the public on June 7, 2010. The source code of PGP Desktop 10 is available for peer review.[31]

In May 2018, a bug named EFAIL was discovered in certain implementations of PGP which from 2003 could reveal the plaintext contents of emails encrypted with it.[32][33] The chosen mitigation for this vulnerability in PGP Desktop is to mandate the use SEIP protected packets in the ciphertext, which can lead to old emails or other encrypted objects to be no longer decryptable after upgrading to the software version that has the mitigation.[34]

Broadcom

On August 9, 2019, Broadcom Inc. announced they would be acquiring the Enterprise Security software division of Symantec, which includes PGP Corporation.

PGP Corporation encryption applications

This section describes commercial programs available from PGP Corporation. For information on other programs compatible with the OpenPGP specification, see External links below.

While originally used primarily for encrypting the contents of e-mail messages and attachments from a desktop client, PGP products have been diversified since 2002 into a set of encryption applications that can be managed by an optional central policy server. PGP encryption applications include e-mails and attachments, digital signatures, full disk encryption, file and folder security, protection for IM sessions, batch file transfer encryption, and protection for files and folders stored on network servers and, more recently, encrypted or signed HTTP request/responses by means of a client-side (Enigform) and a server-side (mod openpgp) module. There is also a WordPress plugin available, called wp-enigform-authentication, that takes advantage of the session management features of Enigform with mod_openpgp.

The PGP Desktop 9.x family includes PGP Desktop Email, PGP Whole Disk Encryption, and PGP NetShare. Additionally, a number of Desktop bundles are also available. Depending on the application, the products feature desktop e-mail, digital signatures, IM security, whole disk encryption, file, and folder security, encrypted self-extracting archives, and secure shredding of deleted files. Capabilities are licensed in different ways depending on the features required.

The PGP Universal Server 2.x management console handles centralized deployment, security policy, policy enforcement, key management, and reporting. It is used for automated e-mail encryption in the gateway and manages PGP Desktop 9.x clients. In addition to its local keyserver, PGP Universal Server works with the PGP public keyserver—called the PGP Global Directory—to find recipient keys. It has the capability of delivering e-mail securely when no recipient key is found via a secure HTTPS browser session.

With PGP Desktop 9.x managed by PGP Universal Server 2.x, first released in 2005, all PGP encryption applications are based on a new proxy-based architecture. These newer versions of PGP software eliminate the use of e-mail plug-ins and insulate the user from changes to other desktop applications. All desktop and server operations are now based on security policies and operate in an automated fashion. The PGP Universal server automates the creation, management, and expiration of keys, sharing these keys among all PGP encryption applications.

The Symantec PGP platform has now undergone a rename. PGP Desktop is now known as Symantec Encryption Desktop (SED), and the PGP Universal Server is now known as Symantec Encryption Management Server (SEMS). The current shipping versions are Symantec Encryption Desktop 10.3.0 (Windows and macOS platforms) and Symantec Encryption Server 3.3.2.

Also available are PGP Command-Line, which enables command line-based encryption and signing of information for storage, transfer, and backup, as well as the PGP Support Package for BlackBerry which enables RIM BlackBerry devices to enjoy sender-to-recipient messaging encryption.

New versions of PGP applications use both OpenPGP and the S/MIME, allowing communications with any user of a NIST specified standard.[35]

See also

References

  1. "Where to Get PGP". philzimmermann.com. Phil Zimmermann & Associates LLC. February 28, 2006. Archived from the original on February 26, 2014. Retrieved March 10, 2016.
  2. "Symantec Endpoint Encryption 11.4.0 Maintenance Pack 2 Release Notes". techdocs.broadcom.com. Archived from the original on October 5, 2024. Retrieved February 16, 2024.
  3. "System requirements for Symantec Endpoint Encryption Client". techdocs.broadcom.com. Archived from the original on October 5, 2024. Retrieved February 16, 2024.
  4. Zimmermann, Philip R. (1999). "Why I Wrote PGP". Essays on PGP. Phil Zimmermann & Associates LLC. Archived from the original on June 24, 2018. Retrieved July 6, 2014.
  5. "Gnu Privacy Guard". GnuPG.org. Archived from the original on April 29, 2015. Retrieved May 26, 2015.
  6. Schneier, Bruce (October 9, 1995). Applied Cryptography. New York: Wiley. p. 587. ISBN 0-471-11709-9.
  7. Messmer, Ellen (August 28, 2000). "Security flaw found in Network Associates' PGP". Network World. Vol. 17, no. 35. Southbourough, Massachusetts: IDG. p. 81. Archived from the original on October 5, 2024. Retrieved May 2, 2017 via Google Books.
  8. Nichols, Randall (1999). ICSA Guide to Cryptography. McGraw Hill. p. 267. ISBN 0-07-913759-8.
  9. "United States v. Scarfo (Key-Logger Case)". Epic.org. Archived from the original on October 8, 2021. Retrieved February 8, 2010.
  10. McCullagh, Declan (July 10, 2007). "Feds use keylogger to thwart PGP, Hushmail | Tech news blog – CNET News.com". News.com. Archived from the original on March 24, 2017. Retrieved February 8, 2010.
  11. Grigg, Ian (2003). "PGP Encryption Proves Powerful". Archived from the original on October 5, 2024. Retrieved February 15, 2022.
  12. McCullagh, Declan (December 14, 2007). "Judge: Man can't be forced to divulge encryption passphrase | The Iconoclast - politics, law, and technology - CNET News.com". News.com. Archived from the original on October 5, 2024. Retrieved February 8, 2010.
  13. McCullagh, Declan (January 18, 2008). "Feds appeal loss in PGP compelled-passphrase case | The Iconoclast - politics, law, and technology - CNET News.com". News.com. Archived from the original on October 10, 2008. Retrieved February 8, 2010.
  14. McCullagh, Declan (February 26, 2009). "Judge orders defendant to decrypt PGP-protected laptop". CNET news. Archived from the original on January 9, 2022. Retrieved April 22, 2009.
  15. John Leyden (November 14, 2007). "Animal rights activist hit with RIPA key decrypt demand". The Register. Archived from the original on August 10, 2017. Retrieved August 10, 2017.
  16. Chris Williams (November 24, 2009). "UK jails schizophrenic for refusal to decrypt files". The Register. p. 2. Archived from the original on October 5, 2024. Retrieved August 10, 2017.
  17. Holtsnider, Bill; Jaffe, Brian D. (2006). IT manager's handbook: getting your new job done (2nd ed.). Morgan Kaufmann. p. 373. ISBN 978-0-08-046574-6.
  18. "PGP Marks 10th Anniversary". Phil Zimmermann. Archived from the original on March 9, 2022. Retrieved August 23, 2010.
  19. Zimmermann, Phil. "Significant Moments in PGP's History: Zimmermann Case Dropped". philzimmermann.com. Archived from the original on October 5, 2024. Retrieved February 16, 2024. The U.S. Attorney's Office for the Northern District of California has decided that your client, Philip Zimmermann, will not be prosecuted in connection with the posting to USENET in June 1991 of the encryption program Pretty Good Privacy. The investigation is closed. page also contains NPR morning radio recording on this matter
  20. Zimmermann, Philip (1995). PGP Source Code and Internals. MIT Press. ISBN 0-262-24039-4.
  21. "Lists to Check". US Department of Commerce, Bureau of Industry and Security. Archived from the original on January 12, 2010. Retrieved December 4, 2011.
  22. "Important Information About PGP & Encryption". proliberty.com. Archived from the original on January 28, 2022. Retrieved March 24, 2015.
  23. "Long Live E-Business Server for Enterprise-Scale Encryption" (PDF). Software Diversified Services. August 11, 2013. Archived (PDF) from the original on March 3, 2022. Retrieved June 30, 2015.
  24. Conger, Kate (April 3, 2017). "Intel Security is McAfee again". TechCrunch. Archived from the original on October 5, 2024. Retrieved January 8, 2018.
  25. "McAfee partners with Software Diversified Services to deliver E-Business Server sales and support". January 17, 2014. Archived from the original on March 4, 2016. Retrieved June 30, 2015.
  26. "glueckkanja.com". glueckkanja.com. Archived from the original on April 11, 2021. Retrieved August 6, 2013.
  27. "pgp.de". pgp.de. Archived from the original on April 25, 2019. Retrieved August 6, 2013.
  28. "pgptrustcenter.com". pgptrustcenter.com. January 26, 2010. Archived from the original on January 9, 2014. Retrieved August 6, 2013.
  29. "News Room – Symantec Corp". Pgp.com. Archived from the original on May 10, 2010. Retrieved March 23, 2012.
  30. "Symantec buys encryption specialist PGP for $300M". Computerworld. April 29, 2010. Archived from the original on July 4, 2014. Retrieved April 29, 2010.
  31. "Symantec PGP Desktop Peer Review Source Code". Symantec.com. September 23, 2012. Archived from the original on November 16, 2011. Retrieved August 6, 2013.
  32. "Critical PGP and S/MIME bugs can reveal encrypted emails—uninstall now [Updated]". arstechnica.com. May 14, 2018. Archived from the original on October 5, 2024. Retrieved May 14, 2018.
  33. "EFAIL". efail.de. Archived from the original on May 14, 2018. Retrieved May 18, 2018.
  34. "Cannot decrypt PGP Zip files created with earlier releases of Encryption Desktop". Archived from the original on October 18, 2021. Retrieved October 18, 2021.
  35. "Archived NIST Technical Series Publication" (PDF). nist.gov. Archived (PDF) from the original on July 14, 2024. Retrieved July 14, 2024.

Further reading