PGP is an encryption package available for most platforms and operating systems.

PGP stands for 'Pretty Good Privacy'. This is a self-depreciating joke, since PGP uses 'military strength' strong cryptography, to provide privacy, confidentiality and validity to your data and that of other peoples.

The software was first released in 1991, and was distributed by, (among others) Kelly Goen, who used several pay-phones, each miles apart, and an acoustic coupler to upload it to various BBS', USENET groups, and FTP sites within the US, staying at one location for several minutes before moving on. From there it spread rapidly, and quickly disseminated to Europe and Australasia, among other places.

The first version of PGP was coded by Phil Zimmermann. It used RSA public key cryptography in conjunction with a homegrown cipher in a hybrid cryptosystem. It was under development for a number of years. Then in April 1991 Phil Zimmermann was made aware of a rider to Senate Bill 266, which required that all telecommunication companies allow government access to plaintext. This rider, added at the request of the FBI, was withdrawn before the bill passed, but it had the effect of increasing the perceived urgency of the development. Goen professed to the journalist Jim Warren:

...the intent here is to invalidate the so-called trapdoor provision of the new Senate Bill coming down the pike before it makes it in to law.

There are two versions of how PGP was released:

  • The original version:

    This was the version disseminated before the statute of limitations ran out, when it was still possible for the US Government to prosecute for exporting cryptographic software.

    Export controls were not considered in any detail when the software was released, although Goen was careful only to upload PGP to sites in the US. Encryption export controls originally meant that it was illegal to export encryption software above a certain (very low) key length in compiled or source code format on electronic media. Because of this, and because PGP was so obviously available outside of the US, Phil Zimmerman and Kelly Goen were the subject of a three year investigation by the US Customs and a grand jury which started in 1993 and was dropped in 1996.

  • The truth:

    Now that the statute of limitations has expired, and prosecution is no longer possible, there was no longer any point in hiding the truth. Phill Zimmerman spoke out after keeping this under his hat for ten years:

    PGP was created by Phil Zimmerman specifically with human rights workers in mind. He admitted as much in his ''PGP Marks 10 Year Aniversary'' note1:

    ''First, I sent it to Allan Hoeltje, who posted it to Peacenet, an ISP that specialized in grassroots political organizations, mainly in the peace movement. Peacenet was accessible to political activists all over the world.''

    He then goes on to say how Kelly Goen was given the program, with the explicit marking of ''US only''.

PGP was also responsible, along with Tim May and Eric Hughes, for triggering the birth of the cypherpunk movement. The freeware version of PGP (now at version 6.5.8) is available to anyone on the Internet. The source code has been exported in book format, thereby circumventing the export controls.

As of mid-1999, the export controls were relaxed. While there is still a large barrier of paperwork for anyone wishing to export encryption, it is now possible to buy 'PGP International' outside of the US.

Version two was created with the help of several programmers in Switzerland, New Zealand and the US, with Zimmerman acting as project coordinator. It was first released in Auckland and Amsterdam, partly as a way to circumvent the export restrictions, and partly because of the (now expired) patents existing on the RSA algorithm.

The home-grown (and rather weak) symmetric cipher was replaced with IDEA, a Swiss cipher believed at the time to be stronger than DES, and allowed users to 'sign' other peoples public key. This was a partial solution to the problem of authenticating keys. If Alice trusts Bob's public key and signs it, and Carol trusts Alice, then Carol can be introduced to Bob. This differs from the traditional hierarchical CA-based standards such as the X509 PKI standard. In PGP there is a 'web of trust' - where there is no strict hierarchy, and what keys are signed follow more approximately actual social relationships.

Since it's initial release, PGP has evolved considerably. Network Associates has taken the PGP brand and expanded it to take the form of a complete personal security/privacy package. The standard tools are now:

  • Email encryption - this is the main use case. It is now capable of using Diffie-Hellman algorithms as well as RSA. There are plug-ins for the most common email clients.

  • File encryption - Apart from the possibility of using public key encryption in email, it can also be used on traditional files. PGP uses strong encryption such as CAST, IDEA, Triple DES, and in the latest version Rijndael.

  • File wipe - in most operating systems, when you delete a file, it isn't really gone. All that has been deleted is the pointer to the file's location - the bytes which that file used to consist of still exist, and can be recovered using commonly available tools, and can be recoverable even after they actual bytes have been overwritten by special forensic tools.

    PGP contains a utility which directly over-writes the bytes of the file with pseudo-random data up to thirty-two times. At the highest setting, it takes about four hours to wipe a gigabyte of data. Recent advances in data recovery using very expensive atomic-level imaging equipment may circumvent even this.

  • Disk cleaner - this simply writes over all the free space on your hard-drive in the same method as above. This is used for making sure that any programs you've used do not leave sensitive temporary files half-deleted. It's best to leave this running overnight, unless you sleep in the same room as your computer, in which case it's too noisy - it thrashes your hard-drive, after all :-)

  • Secure networking protocol suite - if anyone's actually used this, feel free to add a w/u below. Or I could get off my butt and do it myself.

Version 7 and above, in the windows/mac versions at least, includes a personal fire-wall. The company that sells the PGP software is a division of Network Associates, who are not known for being nice guys - rather the opposite in fact. Phil Zimmermann recently resigned because of a dispute over releasing the source for future versions.

In the past, the entire program had it's source code available for inspection by the crypto community, for debugging, and also as a way of verifying the cryptographical integrity of the program. The management at NAI has new and disproved opinions on whether or not this will be done in the future.

PGP has also established the openPGP message format which is now used by several applications such as GPG. PGP has occasionally made the headlines for having various flaws discovered.

The most recent one was an attack by two Czech cryptologists, Vlastimil Klima and Tomas Rosaon, on the openPGP format which allowed modification to be done to a private keyring to obtain the DSA and RSA private signature keys, by bypassing the strong encryption used to protect them by changing specific bytes in the file storing the keys.

To guard against this, keep your private key on media that you trust not to be available to an attacker, i.e. your home PC under a further (different) layer of encryption, a disk in your wallet, or, if you don't trust disks, burn a CD and keep it with you - If you feel that someone might want access to your encrypted conversations that badly.

Other vulnerabilities discovered meant that additional decrypting keys (ADKs) could be appended to the end of a public-key without any error checking. This 'feature' was originally included in version six and above for corporate use - as a message recovery feature. However, it was discovered that it was possible to add additional ADKs without PGP including them in the key-block hash function checking procedure. Anything encrypted with that public key-block would then be available to the owner of the appended key.

Despite these two flaws (and probably others which happened before my time), PGP remains one of the most user-friendly encryption tools around. However, if you run a NIX variant, GPG is recommended, as the whole thing is GPLed, and they generally fix flaws such as the ones described above within weeks as opposed to months.

1: See also PGP: Happy Birthday To You

Phil Zimmerman on the CodeCon 2002 Legality Panel (mp3)
Applied Cryptography - Bruce Schneier
Handbook to Applied Cryptography - Menezes et al
Intro to Crypto - PGP Documentation
Crypto - Steven Levy

20/07/01 spelling fixed. Thanks khym chanur
14/04/01 corrected PGP release story