Pretty Good Privacy: Difference between revisions
imported>Sandy Harris (fix my blunder) |
imported>Sandy Harris (add some detail) |
||
| Line 7: | Line 7: | ||
The original PGP used a block cipher called Bassomatic, devised by Zimmerman. This was quickly shown to be weak, and replaced with [[IDEA]] in version 2.0. In version 3.0. they switched to [[CAST-128]] which, unlike IDEA, was free of patent restrictions. | The original PGP used a block cipher called Bassomatic, devised by Zimmerman. This was quickly shown to be weak, and replaced with [[IDEA]] in version 2.0. In version 3.0. they switched to [[CAST-128]] which, unlike IDEA, was free of patent restrictions. | ||
Upon original release, it was famously subject to the [[United States]] export control of encryption technologies which prevented it's distribution outside of the US. Visitors to the PGP website who attempted to download the software from a non-US IP address were denied. Zimmerman was investigated by the US Customs Service, | Upon original release, it was famously subject to the [[United States]] export control of encryption technologies which prevented it's distribution outside of the US. Visitors to the PGP [http://web.mit.edu/network/pgp.html website] who attempted to download the software from a non-US IP address were denied. Despite this, PGP quickly found its way to various non-US sites. Zimmerman was investigated by the US Customs Service, for possible violations of the [[ITAR]] controls on export of arms. Under those regulations, strong [[cryptography]] such as PGP was considered a "dual use" item with military as well as civilian applications, so its export was controlled. Eventually, the investigation was dropped [http://www.gimonca.com/personal/archive/philzim2.html]. | ||
Later, Zimmerman gave testimony to the US Senate, arguing for a change to the export control laws on the basis of the importance of privacy for civil liberties and human rights. PGP and subsequent encryption software has been used by human rights campaigners and dissidents to protect the privacy of communications and data used in the fight for civil rights in oppressive regimes<ref>Phillip Zimmerman, [http://www.philzimmermann.com/EN/letters/index.html Letters to Phil from human rights groups]</ref>. | |||
Not only export restrictions have affected PGP. At one point, the US patent on [[RSA]] meant some versions were restricted in the US that were not elsewhere. This no longer applies; the patent was released into the public domain. Also, some versions are commercial products which may not be freely used or copied. However, [[PGP Incorporated]] has usually offered a free version of the commercial for personal use. An index of free versions is at [http://www.pgpi.org/ PGP International]. | |||
There is an Internet standard for "[[Open PGP]]", RFC 4880 <ref name="opgp">[http://tools.ietf.org/html/4880 Open PGP Message Format] RFC at the [[IETF]]</ref>. | There is an Internet standard for "[[Open PGP]]", RFC 4880 <ref name="opgp">[http://tools.ietf.org/html/4880 Open PGP Message Format] RFC at the [[IETF]]</ref>. | ||
Revision as of 21:39, 29 November 2008
Pretty Good Privacy or PGP is a hybrid cryptosystem for email security, originally developed by Phil Zimmerman.
All versions use a public key cryptosystem to provide digital signatures and to manage keys for a block cipher which does the actual message encryption.
The original PGP used a block cipher called Bassomatic, devised by Zimmerman. This was quickly shown to be weak, and replaced with IDEA in version 2.0. In version 3.0. they switched to CAST-128 which, unlike IDEA, was free of patent restrictions.
Upon original release, it was famously subject to the United States export control of encryption technologies which prevented it's distribution outside of the US. Visitors to the PGP website who attempted to download the software from a non-US IP address were denied. Despite this, PGP quickly found its way to various non-US sites. Zimmerman was investigated by the US Customs Service, for possible violations of the ITAR controls on export of arms. Under those regulations, strong cryptography such as PGP was considered a "dual use" item with military as well as civilian applications, so its export was controlled. Eventually, the investigation was dropped [1].
Later, Zimmerman gave testimony to the US Senate, arguing for a change to the export control laws on the basis of the importance of privacy for civil liberties and human rights. PGP and subsequent encryption software has been used by human rights campaigners and dissidents to protect the privacy of communications and data used in the fight for civil rights in oppressive regimes[1].
Not only export restrictions have affected PGP. At one point, the US patent on RSA meant some versions were restricted in the US that were not elsewhere. This no longer applies; the patent was released into the public domain. Also, some versions are commercial products which may not be freely used or copied. However, PGP Incorporated has usually offered a free version of the commercial for personal use. An index of free versions is at PGP International.
There is an Internet standard for "Open PGP", RFC 4880 [2].
An Open Source implementation of that standard, GNU Privacy Guard (GPG), is available [2].
References
- ↑ Phillip Zimmerman, Letters to Phil from human rights groups
- ↑ Open PGP Message Format RFC at the IETF