Editing Pretty Good Privacy

{{Distinguish|GNU Privacy Guard{{!}}GNU Privacy Guard (GPG)}}
{{short description|Computer program for data encryption, primarily in email (PGP)}}
{{multiple issues|
{{update|OpenPGP standards|date=November 2024}}
{{More citations needed|date=November 2023}}
{{Overly detailed|date=November 2023}}}}
{{split|OpenPGP|date=February 2024|discuss=Talk:Pretty Good Privacy#Split proposed}}
{{Use mdy dates|date=August 2016}}
{{Infobox software
| title = Pretty Good Privacy
| name = Symantec Endpoint Encryption; Pretty Good Privacy (formerly)
| author = {{unbulleted list
 |[[Phil Zimmermann]]
 |PGP Inc.
 |Network Associates
 |[[PGP Corporation|PGP Corp.]]<ref>{{cite web
 |url=https://philzimmermann.com/EN/findpgp/
 |title=Where to Get PGP
 |date=28 February 2006<!--from Firefox page info-->
 |website=philzimmermann.com
 |publisher=Phil Zimmermann & Associates LLC
 |access-date=March 10, 2016
 |archive-date=February 26, 2014
 |archive-url=https://web.archive.org/web/20140226011248/http://philzimmermann.com/EN/findpgp/
 |url-status=live
 }}</ref>
}}
| developer = [[Broadcom Inc.]]
| released = {{Start date and age|1991}}
| ver layout = simple
| latest release version = 11.4.0 Maintenance Pack 2
| latest release date = {{Start date and age|2023|05|23}}<ref>{{cite web |title=Symantec Endpoint Encryption 11.4.0 Maintenance Pack 2 Release Notes |url=https://techdocs.broadcom.com/us/en/symantec-security-software/information-security/encryption/11-4-0/release-notes-main-page/see-11-4-0-maintenance-pack-2-release-notes.html |website=techdocs.broadcom.com |access-date=February 16, 2024 |archive-date=October 5, 2024 |archive-url=https://web.archive.org/web/20241005182403/https://techdocs.broadcom.com/us/en/symantec-security-software/information-security/encryption/11-4-0/release-notes-main-page/see-11-4-0-maintenance-pack-2-release-notes.html |url-status=live }}</ref>
| programming language = [[C (programming language)|C]]
| operating system = [[macOS]], [[Windows]]<ref>{{cite web |title=System requirements for Symantec Endpoint Encryption Client |url=https://techdocs.broadcom.com/us/en/symantec-security-software/information-security/encryption/11-4-0/sys-req-home-page/see-client-sys-req.html |website=techdocs.broadcom.com |access-date=February 16, 2024 |archive-date=October 5, 2024 |archive-url=https://web.archive.org/web/20241005182349/https://techdocs.broadcom.com/us/en/symantec-security-software/information-security/encryption/11-4-0/sys-req-home-page/see-client-sys-req.html |url-status=live }}</ref>
| genre = [[Encryption software]]
| license = [[Commercial software|Commercial]] [[proprietary software]]

| size = 
| standard = {{unbulleted list
|OpenPGP: {{IETF RFC|4880|5581|6637|9580}}
|PGP/MIME: {{IETF RFC|2015|3156}}
}}
}}

'''Pretty Good Privacy''' ('''PGP''') is an [[encryption software|encryption program]] that provides [[cryptographic]] [[privacy]] and [[authentication]] for [[data communication]]. PGP is used for [[digital signature|signing]], encrypting, and decrypting texts, [[Email|e-mails]], files, directories, and whole disk partitions and to increase the [[security]] of e-mail communications. [[Phil Zimmermann]] developed PGP in 1991.<ref name=":0">{{cite web|last=Zimmermann|first=Philip R.|author-link=Phil Zimmermann|date=1999|title=Why I Wrote PGP|url=https://www.philzimmermann.com/EN/essays/WhyIWrotePGP.html|website=Essays on PGP|publisher=Phil Zimmermann & Associates LLC|access-date=July 6, 2014|archive-date=June 24, 2018|archive-url=https://web.archive.org/web/20180624122110/https://philzimmermann.com/EN/essays/WhyIWrotePGP.html|url-status=live}}</ref>

PGP and similar software follow the OpenPGP standard (<nowiki>RFC 4880</nowiki>), an [[open standard]] for [[encryption|encrypting]] and decrypting [[data]]. Modern versions of PGP are [[interoperability|interoperable]] with [[GnuPG]] and other OpenPGP-compliant systems.<ref>{{cite web |url= https://www.gnupg.org/faq/gnupg-faq.html#compatible |title= Gnu Privacy Guard |publisher= GnuPG.org |access-date= 2015-05-26 |archive-url= https://web.archive.org/web/20150429192132/https://www.gnupg.org/faq/gnupg-faq.html#compatible |archive-date= 2015-04-29 |url-status= live }}</ref>

The OpenPGP standard has received criticism for its long-lived keys and the difficulty in learning it,<ref>{{Cite web |date=2019-07-16 |title=The PGP Problem |url=https://www.latacora.com/blog/2019/07/16/the-pgp-problem |access-date=2024-11-22 |author=Latacora |language=en}}</ref> as well as the [[EFAIL|Efail]] security vulnerability that previously arose when select e-mail programs used OpenPGP with S/MIME.<ref>{{Cite web |title=Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels |url=https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-poddebniak.pdf}}</ref><ref>{{Cite web |last=Yen |first=Andy |date=2018-05-15 |access-date=2025-01-22 |title=No, PGP is not broken, not even with the Efail vulnerabilities |website=Proton |url=https://proton.me/blog/pgp-vulnerability-efail}}</ref> The new OpenPGP standard (<nowiki>RFC 9580</nowiki>) has also been criticised by the maintainer of [[GnuPG]] [[Werner Koch]], who in response created his own specification LibrePGP.<ref name="LibrePGP"></ref> This response was dividing, with some embracing his alternative specification,<ref>{{Cite web |last1=Tse |first1=Ronald |last2=Olshevsky |first2=Nickolay |date=2024-07-22 |access-date=2025-01-22 |title=RNP proudly supports LibrePGP |website=RNP |url=https://www.rnpgp.org/blog/2024-07-22-rnp-and-librepgp}}</ref> and others considering it to be insecure.<ref>{{Cite web |last=Gallagher |first=Andrew |date=2024-09-11 |access-date=2025-01-22 |title=A Summary of Known Security Issues in LibrePGP |url=https://blog.pgpkeys.eu/security-issues-librepgp-2024-08.html}}</ref>

==Design==
[[File:PGP diagram.svg|thumb|500px|How PGP encryption works visually]]

PGP&nbsp;encryption uses a serial combination of [[cryptographic hash function|hashing]], [[data compression]], [[symmetric-key cryptography]], and finally [[public-key cryptography]]; each step uses one of several supported [[algorithm]]s. Each public key is bound to a username or an e-mail address. The first version of this system was generally known as a [[web of trust]] to contrast with the [[X.509]] system, which uses a hierarchical approach based on [[certificate authority]] and which was added to PGP implementations later. Current versions of PGP encryption include options through an automated key management server.

===PGP fingerprint===
A [[public key fingerprint]] is a shorter version of a public key. From a fingerprint, someone can validate the correct corresponding public key. A fingerprint such as C3A6 5E46 7B54 77DF 3C4C 9790 4D22 B3CA 5B32 FF66 can be printed on a business card.<ref>{{cite web|last=Furley|first=Paul M|title=PGP public key example|url=https://www.paulfurley.com/pgp-public-key-example/|url-status=dead|archive-url=https://web.archive.org/web/20181221182643/https://www.paulfurley.com/pgp-public-key-example/|archive-date=21 December 2018|at=There are shorter ways of referring to PGP keys|quote=can print it on my business card instead of trying to print my whole public key}}</ref><ref>{{Cite tweet|number=557692432494915584|user=marciahofmann|title=my new business card (with image)|author=Marcia Hofmann|date=20 January 2015|author-link=Marcia Hofmann|access-date=30 July 2020|location=}}</ref>

===Compatibility===
As PGP evolves, versions that support newer features and [[algorithm]]s can create encrypted messages that older PGP systems cannot decrypt, even with a valid private key. Therefore, it is essential that partners in PGP communication understand each other's capabilities or at least agree on PGP settings.<ref>{{Cite web|title=PGP User's Guide, Volume II: Special Topics|url=https://web.pa.msu.edu/reference/pgpdoc2.html|access-date=2020-11-01|website=web.pa.msu.edu|archive-date=November 6, 2020|archive-url=https://web.archive.org/web/20201106035213/https://web.pa.msu.edu/reference/pgpdoc2.html|url-status=live}}</ref>

===Confidentiality===
PGP can be used to send messages confidentially.<ref>{{Cite IETF|rfc=1991|last3=Zimmermann|first3=P.|last1=Atkins|first1=D.|last2=Stallings|first2=W.|date=August 1996|title=PGP Message Exchange Formats}}</ref> For this, PGP uses a [[hybrid cryptosystem]] by combining [[Symmetric key encryption|symmetric-key encryption]] and public-key encryption. The message is encrypted using a symmetric encryption algorithm, which requires a [[Symmetric-key algorithm|symmetric key]] generated by the sender. The symmetric key is used only once and is also called a [[session key]]. The message and its session key are sent to the receiver. The session key must be sent to the receiver so they know how to decrypt the message, but to protect it during transmission it is encrypted with the receiver's public key. Only the private key belonging to the receiver can decrypt the session key, and use it to symmetrically decrypt the message.

===Digital signatures===
PGP supports message authentication and integrity checking. The latter is used to detect whether a message has been altered since it was completed (the ''message integrity'' property) and the former, to determine whether it was actually sent by the person or entity claimed to be the sender (a ''[[digital signature]]''). Because the content is encrypted, any changes in the message will fail the decryption with the appropriate key. The sender uses PGP to create a digital signature for the message with one of several supported public-key algorithms. To do so, PGP computes a [[cryptographic hash function|hash]], or digest, from the plaintext and then creates the digital signature from that hash using the sender's private key.

===Web of trust===
{{Main|Web of trust}}
Both when encrypting messages and when verifying signatures, it is critical that the public key used to send messages to someone or some entity actually does 'belong' to the intended recipient. Simply downloading a public key from somewhere is not a reliable assurance of that association; deliberate (or accidental) impersonation is possible. From its first version, PGP has always included provisions for distributing user's public keys in an '[[Public key certificate|identity certification]]', which is also constructed cryptographically so that any tampering (or accidental garble) is readily detectable. However, merely making a certificate that is impossible to modify without being detected is insufficient; this can prevent corruption only after the certificate has been created, not before. Users must also ensure by some means that the public key in a certificate actually does belong to the person or entity claiming it. A given public key (or more specifically, information binding a user name to a key) may be digitally signed by a third-party user to attest to the association between someone (actually a user name) and the key. There are several levels of confidence that can be included in such signatures. Although many programs read and write this information, few (if any) include this level of certification when calculating whether to trust a key.

The web of trust protocol was first described by Phil Zimmermann in 1992, in the manual for PGP version 2.0:

{{quotation|As time goes on, you will accumulate keys from other people that you may want to designate as trusted introducers.  Everyone else will each choose their own trusted introducers.  And everyone will gradually accumulate and distribute with their key a collection of certifying signatures from other people, with the expectation that anyone receiving it will trust at least one or two of the signatures.  This will cause the emergence of a decentralized fault-tolerant web of confidence for all public keys.}}

The web of trust mechanism has advantages over a centrally managed [[public key infrastructure]] scheme such as that used by [[S/MIME]] but has not been universally used. Users have to be willing to accept certificates and check their validity manually or have to simply accept them. No satisfactory solution has been found for the underlying problem.

===Certificates===
{{Main|Public key certificate}}
In the (more recent) OpenPGP specification, ''trust signatures'' can be used to support creation of [[certificate authority|certificate authorities]]. A trust signature indicates both that the key belongs to its claimed owner and that the owner of the key is trustworthy to sign other keys at one level below their own. A level 0 signature is comparable to a web of trust signature since only the validity of the key is certified. A level 1 signature is similar to the trust one has in a certificate authority because a key signed to level 1 is able to issue an unlimited number of level 0 signatures. A level 2 signature is highly analogous to the trust assumption users must rely on whenever they use the default certificate authority list (like those included in web browsers); it allows the owner of the key to make other keys certificate authorities.

PGP versions have always included a way to cancel ('[[certificate revocation|revoke]]') public key certificates. A lost or compromised private key will require this if communication security is to be retained by that user. This is, more or less, equivalent to the [[certificate revocation list]]s of centralised PKI schemes. Recent PGP versions have also supported certificate expiration dates.

The problem of correctly identifying a public key as belonging to a particular user is not unique to PGP. All public key/private key cryptosystems have the same problem, even if in slightly different guises, and no fully satisfactory solution is known. PGP's original scheme at least leaves the decision as to whether or not to use its endorsement/vetting system to the user, while most other PKI schemes do not, requiring instead that every certificate attested to by a central [[certificate authority]] be accepted as correct.

===Security quality===
To the best of publicly available information, there is no known method which will allow a person or group to break PGP encryption by cryptographic or computational means. Indeed, in 1995, [[cryptographer]] [[Bruce Schneier]] characterized an early version as being "the closest you're likely to get to military-grade encryption."<ref>{{cite book| last =Schneier| first =Bruce| author-link =Bruce Schneier| title =Applied Cryptography| publisher =[[John Wiley & Sons|Wiley]]| date =October 9, 1995| location =[[New York City|New York]]| page =587| isbn= 0-471-11709-9}}</ref> Early versions of PGP have been found to have theoretical vulnerabilities and so current versions are recommended.<ref>{{Cite magazine|last=Messmer|first=Ellen|date=August 28, 2000|title=Security flaw found in Network Associates' PGP|url=https://books.google.com/books?id=JxkEAAAAMBAJ&pg=PA81|magazine=[[Network World]]|location=Southbourough, Massachusetts|publisher=IDG|volume=17|issue=35|page=81|via=Google Books|access-date=May 2, 2017|archive-date=October 5, 2024|archive-url=https://web.archive.org/web/20241005182347/https://books.google.com/books?id=JxkEAAAAMBAJ&pg=PA81#v=onepage&q&f=false|url-status=live}}</ref> In addition to protecting [[data in transit]] over a network, PGP encryption can also be used to protect data in long-term data storage such as disk files.  These long-term storage options are also known as data at rest, i.e. data stored, not in transit.

The cryptographic security of PGP encryption depends on the assumption that the algorithms used are unbreakable by direct [[cryptanalysis]] with current equipment and techniques.

In the original version, the [[RSA (algorithm)|RSA]] algorithm was used to encrypt session keys. RSA's security depends upon the [[one-way function]] nature of mathematical [[integer factorization|integer factoring]].<ref>{{cite book |last=Nichols |first=Randall |title=ICSA Guide to Cryptography |publisher=[[McGraw-Hill|McGraw Hill]] |year=1999 |page=267 |isbn= 0-07-913759-8}}</ref> Similarly, the symmetric key algorithm used in PGP version 2 was [[International Data Encryption Algorithm|IDEA]], which might at some point in the future be found to have previously undetected cryptanalytic flaws. Specific instances of current PGP or IDEA insecurities (if they exist) are not publicly known. As current versions of PGP have added additional encryption algorithms, their cryptographic vulnerability varies with the algorithm used. However, none of the algorithms in current use are publicly known to have cryptanalytic weaknesses.

New versions of PGP are released periodically and vulnerabilities fixed by developers as they come to light. Any agency wanting to read PGP messages would probably use easier means than standard cryptanalysis, e.g. [[rubber-hose cryptanalysis]] or [[black-bag cryptanalysis]] (e.g. installing some form of [[trojan horse (computing)|trojan horse]] or [[keystroke logging]] software/hardware on the target computer to capture encrypted [[Keyring (cryptography)|keyrings]] and their passwords). The [[FBI]] has already used this attack against PGP<ref>{{cite web |url=https://www.epic.org/crypto/scarfo.html |title=United States v. Scarfo (Key-Logger Case) |publisher=Epic.org |access-date=2010-02-08 |archive-date=October 8, 2021 |archive-url=https://web.archive.org/web/20211008114412/https://www.epic.org/crypto/scarfo.html |url-status=live }}</ref><ref>{{cite web|last=McCullagh |first=Declan |url=https://www.cnet.com/news/feds-use-keylogger-to-thwart-pgp-hushmail/ |archive-url=https://web.archive.org/web/20170324015726/https://www.cnet.com/news/feds-use-keylogger-to-thwart-pgp-hushmail/ |url-status=dead |archive-date=March 24, 2017 |title=Feds use keylogger to thwart PGP, Hushmail &#124; Tech news blog – CNET News.com |publisher=News.com |date=July 10, 2007 |access-date=2010-02-08}}</ref> in its investigations. However, any such vulnerabilities apply not just to PGP but to any conventional encryption software.

In 2003, an incident involving seized [[Psion (computers)|Psion]] [[Personal digital assistant|PDA]]s belonging to members of the [[Red Brigades|Red Brigade]] indicated that neither the [[Italian police]] nor the FBI were able to decrypt PGP-encrypted files stored on them.<ref>{{cite web|last1=Grigg|first1=Ian|title=PGP Encryption Proves Powerful|url=https://www.metzdowd.com/pipermail/cryptography/2003-May/004808.html|date=2003|access-date=February 15, 2022|archive-date=October 5, 2024|archive-url=https://web.archive.org/web/20241005182349/https://www.metzdowd.com/pipermail/cryptography/2003-May/004808.html|url-status=live}}</ref>{{Unreliable source?|date=June 2018}}

A second incident in December 2006, (see ''[[In re Boucher]]''), involving [[United States Customs Service|US customs agents]] who seized a [[laptop PC]] that allegedly contained [[child pornography]], indicates that US government agencies find it "nearly impossible" to access PGP-encrypted files. Additionally, a magistrate judge ruling on the case in November 2007 has stated that forcing the suspect to reveal his PGP passphrase would violate his [[Fifth Amendment to the United States Constitution|Fifth Amendment]] rights i.e. a suspect's constitutional right not to incriminate himself.<ref>{{cite web |last=McCullagh |first=Declan |url=https://www.news.com/8301-13578_3-9834495-38.html?tag=nefd.blgs |title=Judge: Man can't be forced to divulge encryption passphrase &#124; The Iconoclast - politics, law, and technology - CNET News.com |publisher=News.com |date=December 14, 2007 |access-date=2010-02-08 |archive-date=October 5, 2024 |archive-url=https://web.archive.org/web/20241005182348/https://www.cnet.com/?tag=nefd.blgs |url-status=live }}</ref><ref>{{cite web |last=McCullagh |first=Declan |url=https://www.news.com/8301-13578_3-9854034-38.html |title=Feds appeal loss in PGP compelled-passphrase case &#124; The Iconoclast - politics, law, and technology - CNET News.com |publisher=News.com |date=January 18, 2008 |access-date=2010-02-08 |archive-date=October 10, 2008 |archive-url=https://web.archive.org/web/20081010232248/http://www.news.com/8301-13578_3-9854034-38.html |url-status=live }}</ref> The Fifth Amendment issue was opened again as the government appealed the case, after which a federal district judge ordered the defendant to provide the key.<ref>{{cite web|url=https://www.cnet.com/news/judge-orders-defendant-to-decrypt-pgp-protected-laptop/|title=Judge orders defendant to decrypt PGP-protected laptop|last=McCullagh|first=Declan|date=February 26, 2009|publisher=CNET news|access-date=2009-04-22|archive-date=January 9, 2022|archive-url=https://web.archive.org/web/20220109033718/https://www.cnet.com/news/judge-orders-defendant-to-decrypt-pgp-protected-laptop/|url-status=live}}</ref>

Evidence suggests that {{asof|2007|lc=yes}}, [[British police]] investigators are unable to break PGP,<ref>{{Cite news |url=https://www.theregister.co.uk/2007/11/14/ripa_encryption_key_notice |title=Animal rights activist hit with RIPA key decrypt demand |work=The Register |author=John Leyden |date=November 14, 2007 |access-date=August 10, 2017 |archive-date=August 10, 2017 |archive-url=https://web.archive.org/web/20170810133521/https://www.theregister.co.uk/2007/11/14/ripa_encryption_key_notice |url-status=live }}</ref> so instead have resorted to using [[Regulation of Investigatory Powers Act 2000|RIPA]] legislation to demand the passwords/keys. In November 2009 a British citizen was convicted under RIPA legislation and jailed for nine months for refusing to provide police investigators with encryption keys to PGP-encrypted files.<ref>{{Cite news |url=https://www.theregister.co.uk/2009/11/24/ripa_jfl/page2.html |title=UK jails schizophrenic for refusal to decrypt files |work=The Register |author=Chris Williams |date=November 24, 2009 |page=2 |access-date=August 10, 2017 |archive-date=October 5, 2024 |archive-url=https://web.archive.org/web/20241005182453/https://www.theregister.com/2009/11/24/ripa_jfl?page=2 |url-status=live }}</ref>

PGP as a [[cryptosystem]] has been criticized for complexity of the standard, implementation and very low usability of the user interface<ref>{{Cite web|url=https://arstechnica.com/information-technology/2016/12/op-ed-im-giving-up-on-pgp/|title=Op-ed: I'm throwing in the towel on PGP, and I work in security|last=Staff|first=Ars|date=2016-12-10|website=Ars Technica|language=en-us|access-date=2019-07-17|archive-date=July 17, 2019|archive-url=https://web.archive.org/web/20190717111526/https://arstechnica.com/information-technology/2016/12/op-ed-im-giving-up-on-pgp/|url-status=live}}</ref> including by recognized figures in cryptography research.<ref>{{Cite web|url=https://blog.cryptographyengineering.com/2014/08/13/whats-matter-with-pgp/|title=What's the matter with PGP?|date=2014-08-13|website=A Few Thoughts on Cryptographic Engineering|language=en|access-date=2019-07-17|archive-date=October 5, 2024|archive-url=https://web.archive.org/web/20241005182349/https://blog.cryptographyengineering.com/2014/08/13/whats-matter-with-pgp/|url-status=live}}</ref><ref name="2015_marlinspike" /> It uses an ineffective serialization format for storage of both keys and encrypted data, which resulted in signature-spamming attacks on public keys of prominent developers of [[GNU Privacy Guard]]. Backwards compatibility of the OpenPGP standard results in usage of relatively weak default choices of cryptographic primitives ([[CAST5]] cipher, [[Cipher feedback|CFB]] mode, S2K password hashing).<ref>{{Cite web|url=https://latacora.micro.blog/2019/07/16/the-pgp-problem.html|title=Latacora - The PGP Problem|website=latacora.micro.blog|date=July 16, 2019|access-date=2019-07-17|archive-date=October 5, 2024|archive-url=https://web.archive.org/web/20241005182455/https://www.latacora.com/blog/2019/07/16/the-pgp-problem/|url-status=live}}</ref> The standard has been also criticized for leaking metadata, usage of long-term keys and lack of [[forward secrecy]]. Popular end-user implementations have suffered from various signature-striping, cipher downgrade and metadata leakage vulnerabilities which have been attributed to the complexity of the standard.<ref>{{Cite web|url=https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-poddebniak.pdf|title=Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels|access-date=July 17, 2019|archive-date=June 26, 2019|archive-url=https://web.archive.org/web/20190626111129/https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-poddebniak.pdf|url-status=live}}</ref>

==History==

===Early history===
[[Phil Zimmermann]] created the first version of PGP encryption in 1991. The name, "Pretty Good Privacy" was inspired by the name of a [[grocery]] store, "Ralph's Pretty Good Grocery", featured in radio host [[Garrison Keillor]]'s fictional town, [[Lake Wobegon]].<ref>{{cite book |title=IT manager's handbook: getting your new job done |last1=Holtsnider |first1=Bill |last2=Jaffe |first2=Brian D. |year=2006 |publisher=[[Morgan Kaufmann Publishers|Morgan Kaufmann]] |edition=2nd |page=373 |url=https://books.google.com/books?id=OeQD_QPOYY4C&pg=PA373|isbn=978-0-08-046574-6}}</ref> This first version included a [[symmetric-key algorithm]] that Zimmermann had designed himself, named [[BassOmatic]] after a ''[[Saturday Night Live]]'' sketch. Zimmermann had been a long-time [[Anti-nuclear movement|anti-nuclear activist]], and created PGP encryption so that similarly inclined people might securely use [[bulletin board system|BBS]]s and securely store messages and files. No license fee was required for its non-commercial use, and the complete [[source code]] was included with all copies.

In a posting of June 5, 2001, entitled "PGP Marks 10th Anniversary",<ref>{{cite web |url=https://www.philzimmermann.com/EN/news/PGP_10thAnniversary.html |title=PGP Marks 10th Anniversary |publisher=Phil Zimmermann |access-date=2010-08-23 |archive-date=March 9, 2022 |archive-url=https://web.archive.org/web/20220309030942/https://www.philzimmermann.com/EN/news/PGP_10thAnniversary.html |url-status=live }}</ref> Zimmermann describes the circumstances surrounding his release of PGP:

{{quotation|It was on this day in 1991 that I sent the first release of PGP to a couple of my friends for uploading to the Internet. First, I sent it to Allan Hoeltje, who posted it to Peacenet, an ISP that specialized in grassroots political organizations, mainly in the peace movement. Peacenet was accessible to political activists all over the world. Then, I uploaded it to Kelly Goen, who proceeded to upload it to a Usenet newsgroup that specialized in distributing source code. At my request, he marked the Usenet posting as "US only". Kelly also uploaded it to many BBS systems around the country. I don't recall if the postings to the Internet began on June 5th or 6th.

It may be surprising to some that back in 1991, I did not yet know enough about Usenet newsgroups to realize that a "US only" tag was merely an advisory tag that had little real effect on how Usenet propagated newsgroup postings. I thought it actually controlled how Usenet routed the posting. But back then, I had no clue how to post anything on a newsgroup, and didn't even have a clear idea what a newsgroup was.}}

PGP found its way onto the [[Internet]] and rapidly acquired a considerable following around the world. Users and supporters included dissidents in totalitarian countries (some affecting letters to Zimmermann have been published, some of which have been included in testimony before the US Congress), [[civil libertarians]] in other parts of the world (see Zimmermann's published testimony in various hearings), and the 'free communications' activists who called themselves [[cypherpunk]]s (who provided both publicity and distribution); decades later, [[CryptoParty]] activists did much the same via [[Twitter]].

===Criminal investigation===
Shortly after its release, PGP encryption found its way outside the [[United States]], and in February 1993 Zimmermann became the formal target of a criminal investigation by the US Government for "[[United States Munitions List|munitions]] export without a license". At the time, cryptosystems using keys larger than [[40-bit encryption|40 bits]] were considered munitions within the definition of the [[Export of cryptography in the United States#PC era|US export regulations]]; PGP has never used keys smaller than 128 bits, so it qualified at that time. Penalties for violation, if found guilty, were substantial. After several years, the investigation of Zimmermann was closed without filing criminal charges against him or anyone else.

Zimmermann challenged these regulations in an imaginative way. In 1995, he published the entire [[source code]] of PGP in a hardback book,<ref name="zimmermann2">{{cite book |last= Zimmermann |first= Philip |author-link= Phil Zimmermann |title= PGP Source Code and Internals |year= 1995 |publisher= [[MIT Press]] |isbn= 0-262-24039-4}}</ref> via [[MIT Press]], which was distributed and sold widely. Anybody wishing to build their own copy of PGP could cut off the covers, separate the pages, and scan them using an [[Optical character recognition|OCR]] program (or conceivably enter it as a [[type-in program]] if OCR software was not available), creating a set of source code text files. One could then build the application using the freely available [[GNU Compiler Collection]]. PGP would thus be available anywhere in the world. The claimed principle was simple: export of ''munitions''—guns, bombs, planes, and software—was (and remains) restricted; but the export of ''books'' is protected by the [[First Amendment to the United States Constitution|First Amendment]]. The question was never tested in court with respect to PGP. In cases addressing other encryption software, however, two federal appeals courts have established the rule that cryptographic software source code is speech protected by the First Amendment (the [[United States Court of Appeals for the Ninth Circuit|Ninth Circuit Court of Appeals]] in the [[Bernstein v. United States|Bernstein case]] and the [[United States Court of Appeals for the Sixth Circuit|Sixth Circuit Court of Appeals]] in the [[Junger v. Daley|Junger case]]).

[[Export of cryptography in the United States#PC era|US export regulations]] regarding cryptography remain in force, but were liberalized substantially throughout the late 1990s. Since 2000, compliance with the regulations is also much easier. PGP encryption no longer meets the definition of a non-exportable weapon, and can be exported internationally except to seven specific countries and a list of named groups and individuals<ref>{{cite web |title=Lists to Check |url=https://www.bis.doc.gov/complianceandenforcement/liststocheck.htm |work=US Department of Commerce, Bureau of Industry and Security |access-date=December 4, 2011 |archive-url=https://web.archive.org/web/20100112230807/https://www.bis.doc.gov//complianceandenforcement/liststocheck.htm |archive-date=January 12, 2010 |url-status=dead }}</ref> (with whom substantially all US trade is prohibited under various US export controls).

The criminal investigation was dropped in 1996.<ref>{{cite web |last1=Zimmermann |first1=Phil |title=Significant Moments in PGP's History: Zimmermann Case Dropped |url=https://philzimmermann.com/EN/news/PRZ_case_dropped.html |website=philzimmermann.com |quote=The U.S. Attorney's Office for the Northern District of California has decided that your client, Philip Zimmermann, will not be prosecuted in connection with the posting to USENET in June 1991 of the encryption program Pretty Good Privacy. The investigation is closed. |access-date=February 16, 2024 |archive-date=October 5, 2024 |archive-url=https://web.archive.org/web/20241005182852/https://philzimmermann.com/EN/news/PRZ_case_dropped.html |url-status=live }} &ndash; page also contains NPR morning radio recording on this matter</ref>

===PGP 3 and founding of PGP Inc.===
During this turmoil, Zimmermann's team worked on a new version of PGP encryption called PGP 3. This new version was to have considerable security improvements, including a new certificate structure that fixed small security flaws in the PGP 2.x certificates as well as permitting a certificate to include separate keys for signing and encryption. Furthermore, the experience with patent and export problems led them to eschew patents entirely. PGP 3 introduced the use of the [[CAST-128]] (a.k.a. CAST5) symmetric key algorithm, and the [[Digital Signature Algorithm|DSA]] and [[ElGamal]] asymmetric key algorithms, all of which were unencumbered by patents.

{{anchor|PGP_Inc}}After the Federal criminal investigation ended in 1996, Zimmermann and his team started a company to produce new versions of PGP encryption. They merged with Viacrypt (to whom Zimmermann had sold commercial rights and who had [[licensed]] RSA directly from [[RSADSI]]), which then changed its name to PGP Incorporated. The newly combined Viacrypt/PGP team started work on new versions of PGP encryption based on the PGP 3 system. Unlike PGP 2, which was an exclusively [[command line]] program, PGP 3 was designed from the start as a [[software library]] allowing users to work from a command line or inside a [[GUI]] environment. The original agreement between Viacrypt and the Zimmermann team had been that Viacrypt would have even-numbered versions and Zimmermann odd-numbered versions. Viacrypt, thus, created a new version (based on PGP 2) that they called PGP 4. To remove confusion about how it could be that PGP 3 was the successor to PGP 4, PGP 3 was renamed and released as PGP 5 in May 1997.

===Network Associates acquisition===
In December 1997, PGP Inc. was acquired by [[Network Associates, Inc.]] ("NAI"). Zimmermann and the PGP team became NAI employees. NAI was the first company to have a legal export strategy by publishing source code. Under NAI, the PGP team added disk encryption, desktop firewalls, intrusion detection, and [[IPsec]] [[VPN]]s to the PGP family. After the export regulation liberalizations of 2000 which no longer required publishing of source, NAI stopped releasing source code.<ref>{{cite web |url=https://www.proliberty.com/references/pgp/ |title=Important Information About PGP & Encryption |publisher=proliberty.com |access-date=2015-03-24 |archive-date=January 28, 2022 |archive-url=https://web.archive.org/web/20220128002134/https://proliberty.com/references/pgp/ |url-status=live }}</ref>

===Asset split===
In early 2001, Zimmermann left NAI. He served as Chief Cryptographer for [[Hush Communications]], who provide an OpenPGP-based e-mail service, [[Hushmail]]. He has also worked with Veridis and other companies. In October 2001, NAI announced that its PGP assets were for sale and that it was suspending further development of PGP encryption. The only remaining asset kept was the PGP E-Business Server (the original PGP Commandline version).  In February 2002, NAI canceled all support for PGP products, with the exception of the renamed commandline product.<ref name="sdsusa.com">[https://www.sdsusa.com/newsdocs/130811.sds.ebs.pdf "Long Live E-Business Server for Enterprise-Scale Encryption."] {{Webarchive|url=https://web.archive.org/web/20220303022955/https://www.sdsusa.com/newsdocs/130811.sds.ebs.pdf |date=March 3, 2022 }} Software Diversified Services. 2013-08-11. Retrieved 2015-06-30.</ref><ref name="techcrunch.com">[https://techcrunch.com/2017/04/03/intel-security-is-mcafee-again/ "Intel Security is McAfee again."] {{Webarchive|url=https://web.archive.org/web/20241005182853/https://techcrunch.com/2017/04/03/intel-security-is-mcafee-again/ |date=October 5, 2024 }} 2017-04-03. Retrieved 2018-01-08.</ref>

====McAfee====
NAI, now known as [[McAfee]], continued to sell and support the commandline product under the name McAfee E-Business Server until 2013.<ref name="kc.mcafee.com">[https://kc.mcafee.com/corporate/index?page=content&id=KB79203 "McAfee partners with Software Diversified Services to deliver E-Business Server sales and support."] {{Webarchive|url=https://web.archive.org/web/20150701050638/https://kc.mcafee.com/corporate/index?page=content&id=KB79203 |date=July 1, 2015 }} 2014-01-17. Retrieved 2015-06-30.</ref> In 2010, [[Intel Corporation]] acquired [[McAfee]]. In 2013, the McAfee E-Business Server was transferred to Software Diversified Services (SDS), which now sells, supports, and develops it under the name SDS E-Business Server.<ref name="kc.mcafee.com"/><ref name="sdsusa.com"/>

For the enterprise, Townsend Security currently{{when|date=February 2024}} offers a commercial version of PGP for the [[IBM i]] and [[z/OS|IBM z]] mainframe platforms. Townsend Security partnered with Network Associates in 2000 to create a compatible version of PGP for the IBM i platform. Townsend Security again ported PGP in 2008, this time to the IBM z mainframe. This version of PGP relies on a free z/OS encryption facility, which utilizes hardware acceleration. SDS also offers a commercial version of PGP (SDS E-Business Server) for the [[z/OS|IBM z]] mainframe.

====PGP Corporation====
In August 2002, several ex-PGP team members formed a new company, [[PGP Corporation]], and bought the PGP assets (except for the command line version) from NAI. The new company was funded by Rob Theis of Doll Capital Management (DCM) and Terry Garnett of Venrock Associates. PGP Corporation supported existing PGP users and honored NAI's support contracts. Zimmermann served as a special advisor and consultant to PGP Corporation while continuing to run his own consulting company. In 2003, PGP Corporation created a new server-based product called PGP Universal. In mid-2004, PGP Corporation shipped its own command line version called PGP Command Line, which integrated with the other PGP Encryption Platform applications. In 2005, PGP Corporation made its first acquisition: the [[Germany|German]] software company Glück & Kanja Technology AG,<ref>{{cite web |url=https://glueckkanja.com/ |title=glueckkanja.com |publisher=glueckkanja.com |access-date=2013-08-06 |archive-date=April 11, 2021 |archive-url=https://web.archive.org/web/20210411005144/https://glueckkanja.com/ |url-status=live }}</ref> which became PGP Deutschland AG.<ref>{{cite web |url=https://pgp.de/ |title=pgp.de |publisher=pgp.de |access-date=2013-08-06 |archive-date=April 25, 2019 |archive-url=https://web.archive.org/web/20190425163743/http://pgp.de/ |url-status=dead }}</ref> In 2010, PGP Corporation acquired Hamburg-based certificate authority TC TrustCenter and its parent company, [[ChosenSecurity]], to form its PGP TrustCenter<ref>{{cite web |url=https://www.pgptrustcenter.com |title=pgptrustcenter.com |publisher=pgptrustcenter.com |date=January 26, 2010 |access-date=2013-08-06 |archive-url=https://web.archive.org/web/20140109130044/https://www.pgptrustcenter.com/ |archive-date=January 9, 2014 |url-status=dead }}</ref> division.<ref>{{cite web |url=https://www.pgp.com/insight/newsroom/press_releases/pgp_corporation_acquires_chosensecurity.html |title=News Room – Symantec Corp |publisher=Pgp.com |access-date=2012-03-23 |archive-date=May 10, 2010 |archive-url=https://web.archive.org/web/20100510153018/http://www.pgp.com/insight/newsroom/press_releases/pgp_corporation_acquires_chosensecurity.html |url-status=live }}</ref>

After the 2002 purchase of NAI's PGP assets, PGP Corporation offered worldwide PGP technical support from its offices in [[Draper, Utah]]; [[Offenbach am Main|Offenbach]], [[Germany]]; and [[Tokyo]], [[Japan]].

===== Symantec =====
On April 29, 2010, [[NortonLifeLock|Symantec Corp.]] announced that it would acquire PGP Corporation for $300 million with the intent of integrating it into its Enterprise Security Group.<ref>{{cite web |url=https://www.computerworld.com/s/article/9176121/Symantec_buys_encryption_specialist_PGP_for_300M |title=Symantec buys encryption specialist PGP for $300M |publisher=Computerworld |date=April 29, 2010 |access-date=2010-04-29 |archive-date=July 4, 2014 |archive-url=https://web.archive.org/web/20140704095759/http://www.computerworld.com/s/article/9176121/Symantec_buys_encryption_specialist_PGP_for_300M |url-status=live }}</ref> This acquisition was finalized and announced to the public on June 7, 2010. The source code of PGP Desktop 10 is available for peer review.<ref>{{cite web|url=https://www.symantec.com/connect/downloads/symantec-pgp-desktop-peer-review-source-code |archive-url=https://web.archive.org/web/20111116233448/http://www.symantec.com/connect/downloads/symantec-pgp-desktop-peer-review-source-code |url-status=dead |archive-date=November 16, 2011 |title=Symantec PGP Desktop Peer Review Source Code |publisher=Symantec.com |date=September 23, 2012 |access-date=2013-08-06}}</ref>

In May 2018, a bug named [[EFAIL]] was discovered in certain implementations of PGP which from 2003 could reveal the plaintext contents of emails encrypted with it.<ref>{{cite web |url=https://arstechnica.com/information-technology/2018/05/critical-pgp-and-smime-bugs-can-reveal-encrypted-e-mails-uninstall-now/ |website=arstechnica.com |date=May 14, 2018 |title=Critical PGP and S/MIME bugs can reveal encrypted emails—uninstall now [Updated] |access-date=May 14, 2018 |archive-date=October 5, 2024 |archive-url=https://web.archive.org/web/20241005182854/https://arstechnica.com/information-technology/2018/05/critical-pgp-and-smime-bugs-can-reveal-encrypted-e-mails-uninstall-now/ |url-status=live }}</ref><ref>{{Cite web|url=https://efail.de/|title=EFAIL|website=efail.de|language=en-US|access-date=2018-05-18|archive-date=May 14, 2018|archive-url=https://web.archive.org/web/20180514100313/https://efail.de/|url-status=live}}</ref> The chosen mitigation for this vulnerability in PGP Desktop is to mandate the use [[SEIP]] protected packets in the ciphertext, which can lead to old emails or other encrypted objects to be no longer decryptable after upgrading to the software version that has the mitigation.<ref>{{Cite web|url=https://knowledge.broadcom.com/external/article/173613/cannot-decrypt-pgp-zip-files-created-wit.html|language=en-US|access-date=2021-10-18|title=Cannot decrypt PGP Zip files created with earlier releases of Encryption Desktop|archive-date=October 18, 2021|archive-url=https://web.archive.org/web/20211018095014/https://knowledge.broadcom.com/external/article/173613/cannot-decrypt-pgp-zip-files-created-wit.html|url-status=live}}</ref>

=====Broadcom=====
On August 9, 2019, [[Broadcom Inc.]] announced they would be acquiring the Enterprise Security software division of Symantec, which includes PGP Corporation.

==PGP Corporation encryption applications==
:''This section describes commercial programs available from [[PGP Corporation]].  For information on other programs compatible with the [[#OpenPGP|OpenPGP]] specification, see [[#External links|External links]] below.''

While originally used primarily for encrypting the contents of e-mail messages and attachments from a desktop client, PGP products have been diversified since 2002 into a set of encryption applications that can be managed by an optional central policy server.  PGP encryption applications include e-mails and attachments, digital signatures, full disk encryption, file and folder security, protection for IM sessions, batch file transfer encryption, and protection for files and folders stored on network servers and, more recently, encrypted or signed HTTP request/responses by means of a client-side (Enigform) and a server-side ([[mod openpgp]]) module. There is also a WordPress plugin available, called wp-enigform-authentication, that takes advantage of the session management features of Enigform with mod_openpgp.

The PGP Desktop 9.x family includes PGP Desktop Email, PGP Whole Disk Encryption, and PGP NetShare. Additionally, a number of Desktop bundles are also available. Depending on the application, the products feature desktop e-mail, digital signatures, IM security, whole disk encryption, file, and folder security, encrypted [[self-extracting archive]]s, and [[data erasure|secure shredding]] of deleted files. Capabilities are licensed in different ways depending on the features required.

The PGP Universal Server 2.x management console handles centralized deployment, security policy, policy enforcement, key management, and reporting.  It is used for automated e-mail encryption in the gateway and manages PGP Desktop 9.x clients. In addition to its local [[Key server (cryptographic)|keyserver]], PGP Universal Server works with the PGP public keyserver—called the PGP Global Directory—to find recipient keys. It has the capability of delivering e-mail securely when no recipient key is found via a secure HTTPS browser session.

With PGP Desktop 9.x managed by PGP Universal Server 2.x, first released in 2005, all PGP encryption applications are based on a new proxy-based architecture. These newer versions of PGP software eliminate the use of e-mail plug-ins and insulate the user from changes to other desktop applications. All desktop and server operations are now based on security policies and operate in an automated fashion. The PGP Universal server automates the creation, management, and expiration of keys, sharing these keys among all PGP encryption applications.

The Symantec PGP platform has now undergone a rename.  PGP Desktop is now known as Symantec Encryption Desktop (SED), and the PGP Universal Server is now known as Symantec Encryption Management Server (SEMS). The current shipping versions are Symantec Encryption Desktop 10.3.0 (Windows and macOS platforms) and Symantec Encryption Server 3.3.2.

Also available are PGP Command-Line, which enables command line-based encryption and signing of information for storage, transfer, and backup, as well as the PGP Support Package for BlackBerry which enables RIM BlackBerry devices to enjoy sender-to-recipient messaging encryption.

New versions of PGP applications use both OpenPGP and the [[S/MIME]], allowing communications with any user of a [[NIST]] specified standard.<ref>{{cite web |url= https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-177.pdf |title= Archived NIST Technical Series Publication |publisher= nist.gov |access-date= 2024-07-14 |archive-date= July 14, 2024 |archive-url= https://web.archive.org/web/20240714221559/https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-177.pdf |url-status= live }}</ref>

==OpenPGP==
Within PGP Inc., there was still concern surrounding patent issues. RSADSI was challenging the continuation of the Viacrypt RSA license to the newly merged firm. The company adopted an informal internal standard that they called "Unencumbered PGP" which would "use no algorithm with licensing difficulties".  Because of PGP encryption's importance worldwide, many wanted to write their own software that would interoperate with PGP 5. Zimmermann became convinced that an [[open standard]] for PGP encryption was critical for them and for the cryptographic community as a whole. In July 1997, PGP Inc. proposed to the [[IETF]] that there be a standard called OpenPGP. They gave the IETF permission to use the name OpenPGP to describe this new standard as well as any program that supported the standard. The IETF accepted the proposal and started the OpenPGP [[IETF Working Group|Working Group]].

OpenPGP is on the [[Internet Standard|Internet Standards Track]] and is under active development. Many e-mail clients provide OpenPGP-compliant email security as described in RFC 3156. The current specification is RFC 9580 (July 2024), the successor to RFC 4880. RFC 9580 specifies a suite of required algorithms consisting of [[X25519]], [[EdDSA#Ed25519|Ed25519]], [[SHA-2|SHA2-256]] and [[Advanced Encryption Standard|AES-128]]. In addition to these algorithms, the standard recommends [[X448]], [[EdDSA#Ed448|Ed448]], [[SHA-2|SHA2-384]], [[SHA-2|SHA2-512]] and [[Advanced Encryption Standard|AES-256]]. Beyond these, many other algorithms are supported.

* PGP
** {{IETF RFC|1991|link=no}} PGP Message Exchange Formats (obsolete)<ref name="tools.ietf.org">{{cite journal|last1=David|first1=Shaw|last2=Lutz|first2=Donnerhacke|last3=Rodney|first3=Thayer|last4=Hal|first4=Finney|last5=Jon|first5=Callas|title=OpenPGP Message Format|url=https://tools.ietf.org/html/rfc4880|website=tools.ietf.org|year=2007|doi=10.17487/RFC4880|language=en|access-date=April 19, 2018|archive-date=July 13, 2012|archive-url=https://web.archive.org/web/20120713063928/http://tools.ietf.org/html/rfc4880|url-status=live|url-access=subscription}}</ref>
* OpenPGP
** {{IETF RFC|2440|link=no}} OpenPGP Message Format (obsolete)<ref name="tools.ietf.org"/>
** {{IETF RFC|4880|link=no}} OpenPGP Message Format (obsolete)
** {{IETF RFC|5581|link=no}} The Camellia Cipher in OpenPGP (obsolete)
** {{IETF RFC|6637|link=no}} Elliptic Curve Cryptography (ECC) in OpenPGP (obsolete)
** {{IETF RFC|9580|link=no}} OpenPGP
* PGP/MIME
** {{IETF RFC|2015|link=no}} MIME Security with Pretty Good Privacy (PGP)
** {{IETF RFC|3156|link=no}} MIME Security with OpenPGP

OpenPGP's encryption can ensure the secure delivery of files and messages, as well as provide verification of who created or sent the message using a process called digital signing. The [[open source]] office suite [[LibreOffice]] implemented document signing with OpenPGP as of version 5.4.0 on Linux.<ref>{{cite web|title=OpenPGP signature support in LibreOffice|url=https://blog.thebehrens.net/2017/07/28/openpgp-signature-support-in-libreoffice/|website=Thorsten's Weblog|access-date=10 December 2017|date=28 July 2017|archive-date=November 1, 2017|archive-url=https://web.archive.org/web/20171101231613/https://blog.thebehrens.net/2017/07/28/openpgp-signature-support-in-libreoffice/|url-status=live}}</ref> Using OpenPGP for communication requires participation by both the sender and recipient. OpenPGP can also be used to secure sensitive files when they are stored in vulnerable places like mobile devices or in the cloud.<ref>Eric Geier (August 22, 2014). "[https://www.pcworld.com/article/2472771/how-to-use-openpgp-to-encrypt-your-email-messages-and-files-in-the-cloud.html How to use OpenPGP to encrypt your email messages and files in the cloud] {{Webarchive|url=https://web.archive.org/web/20180518132535/https://www.pcworld.com/article/2472771/how-to-use-openpgp-to-encrypt-your-email-messages-and-files-in-the-cloud.html |date=May 18, 2018 }}". ''PC World''. Accessed March 1, 2022.</ref>

In late 2023, a schism occurred in the OpenPGP world: IETF's OpenPGP working group decided to choose a "crypto-refresh" update strategy for the RFC 4880 specification, rather than a more gradual "4880bis" path preferred by Werner Koch, author of GnuPG. As a result, Koch took his draft, now abandoned by the workgroup, and forked it into a "LibrePGP" specification.<ref name="LibrePGP">{{cite web |title=A schism in the OpenPGP world [LWN.net] |url=https://lwn.net/Articles/953797/ |website=lwn.net |access-date=February 14, 2024 |archive-date=February 22, 2024 |archive-url=https://web.archive.org/web/20240222124116/https://lwn.net/Articles/953797/ |url-status=live }}</ref>

=== Implementations ===

The [[Free Software Foundation]] has developed its own OpenPGP-compliant software suite called [[GNU Privacy Guard]], freely available together with all source code under the [[GNU General Public License]] and is maintained separately from several [[graphical user interfaces]] that interact with the GnuPG library for encryption, decryption, and signing functions (see [[KGPG]], [[Seahorse (software)|Seahorse]], [[MacGPG]]).{{undue inline|reason=other important implementations exist and should be cited|date=July 2021}} Several other vendors{{Specify|reason=readers expect a neutral list of vendors|date=July 2021}} have also developed OpenPGP-compliant software.

The development of an [[open source]] OpenPGP-compliant library, OpenPGP.js, written in [[JavaScript]] and supported by the [[Framework_Programmes_for_Research_and_Technological_Development#Horizon_2020|Horizon 2020 Framework Programme]] of the [[European Union]],<ref>{{cite web|url=https://openpgpjs.org/|title=OpenPGPjs|author=OpenPGPjs-Team|access-date=January 2, 2017|archive-date=July 9, 2017|archive-url=https://web.archive.org/web/20170709124936/https://openpgpjs.org/|url-status=live}}</ref> has allowed web-based applications to use PGP encryption in the web browser.

PGP keys are supported in [[Mozilla Thunderbird]] (Built-in in version 78 onwards on PC,<ref>{{Cite web|url=https://linuxreviews.org/Thunderbird_78_Has_Finally_Got_Built-In_Calendar_And_OpenPGP_Support|title=Thunderbird 78 Has Finally Got Built-In Calendar And OpenPGP Support|date=8 October 2020|access-date=14 May 2025|publisher=LinuxReviews}}</ref> and with the [[OpenKeychain]] app as of version 9 on Android<ref>{{Cite web|url=https://www.zdnet.com/article/how-to-add-pgp-support-on-android-for-added-security-and-privacy/|title=How to add PGP support on Android for added security and privacy|publisher=[[ZDNET]]|author=Jack Wallen|access-date=14 May 2025|date=13 November 2024}}</ref>), [[GitHub]],<ref>{{Cite web|url=https://inspirezone.tech/using-gpg-keys-on-github/|title=Using GPG keys on GitHub: Creating and updating expired keys|date=18 April 2021|access-date=14 May 2025|publisher=Inspirezone}}</ref> and [[GitLab]].<ref>{{Cite web|url=https://sdtimes.com/automation/gitlab-xcode-chrome-enterprise-sdtimes-newsdigest/|title=GitLab 9.5, Xcode 9, IEEE standard for quantum computing, and Chrome Enterprise — SD Times news digest: August 23, 2017|date=23 August 2025|access-date=14 May 2025|publisher=[[SD Times]]|author=Madison Moore}}</ref>

==Limitations==

With the advancement of cryptography, parts of PGP and OpenPGP have been criticized for being dated:

* The long length of PGP public keys, caused by the use of RSA and additional data other than the actual cryptographic key<ref name="2014_green">{{cite web |url=https://blog.cryptographyengineering.com/2014/08/13/whats-matter-with-pgp/ |first=Matthew |last=Green |title=What's the matter with PGP? |date=August 13, 2014 |publisher=A Few Thoughts on Cryptographic Engineering |access-date=December 19, 2016 |archive-date=October 5, 2024 |archive-url=https://web.archive.org/web/20241005182349/https://blog.cryptographyengineering.com/2014/08/13/whats-matter-with-pgp/ |url-status=live }}</ref>
* Lack of [[forward secrecy]]<ref name="2014_green" />
* Use of outdated algorithms by default in several implementations<ref name="2014_green" />
* Difficulty for the users to comprehend and poor usability<ref name="2015_marlinspike">{{cite web |url=https://moxie.org/2015/02/24/gpg-and-me.html |first=Moxie |last=Marlinspike |title=GPG And Me |access-date=June 21, 2020 |date=February 24, 2015 |archive-date=October 5, 2024 |archive-url=https://web.archive.org/web/20241005182854/https://moxie.org/2015/02/24/gpg-and-me.html |url-status=live }}</ref>
* Lack of ubiquity<ref name="2015_marlinspike" />

In October 2017, the [[ROCA vulnerability]] was announced, which affects RSA keys generated by buggy Infineon firmware used on [[Yubikey]] 4 tokens, often used with OpenPGP. Many published PGP keys were found to be susceptible.<ref name=nemecsys>[https://crocs.fi.muni.cz/_media/public/papers/nemec_roca_ccs17_preprint.pdf The Return of Coppersmith’s Attack: Practical Factorization of Widely Used RSA Moduli] {{Webarchive|url=https://web.archive.org/web/20171112012916/https://crocs.fi.muni.cz/_media/public/papers/nemec_roca_ccs17_preprint.pdf |date=November 12, 2017 }}, Matus Nemec, Marek Sys, Petr Svenda, Dusan Klinec, Vashek Matyas, November 2017</ref> Yubico offers free replacement of affected tokens.<ref name=yubicokeyreplace>{{Cite web|url=https://www.yubico.com/keycheck/verify_otp|title=Yubico Replacement Program|access-date=June 13, 2018|archive-url=https://web.archive.org/web/20181222101837/https://www.yubico.com/keycheck/verify_otp|archive-date=December 22, 2018|url-status=dead}}</ref>

==See also==

{{div col|colwidth=30em}}
* ''[[Bernstein v. United States]]''
* [[Electronic envelope]]
* [[Email encryption]]
* [[Email privacy]]
* [[GNU Privacy Guard]]
* [[Gpg4win]]
* [[Key server (cryptographic)]]
* [[PGP word list]]
* [[PGPDisk]]
* [[Pretty Easy privacy]]
* [[Privacy software]]
* [[Public-key cryptography]]
* [[S/MIME]]
* [[X.509]]
* [[ZRTP]]
{{div col end}}

==References==
{{Reflist|35em}}

==Further reading==
* {{cite book|ref=none| last = Garfinkel| first = Simson| author-link = Simson Garfinkel| title =PGP: Pretty Good Privacy| publisher =[[O'Reilly & Associates]]| date =1995| isbn =1-56592-098-8}}
* {{cite book |ref=none| last = Levy| first = Steven | author-link = Steven Levy | title = Crypto: How the Code Rebels Beat the Government—Saving Privacy in the Digital Age| publisher = [[Penguin Books]] | date = January 8, 2001 | isbn = 0140244328| title-link = Crypto: How the Code Rebels Beat the Government—Saving Privacy in the Digital Age }}
* {{cite book |ref=none| last = Lucas| first = Michael W. | title =PGP & GPG Email for the Practical Paranoid| publisher =[[No Starch Press]]| date =April 1, 2006| isbn =978-1-59327-071-1}}
* {{cite web |ref=none
  | last = Zimmermann
  | first = Phil
  | author-link = Phil Zimmermann
  | title = Why I Wrote PGP
  | url=https://www.philzimmermann.com/EN/essays/WhyIWrotePGP.html
  | date=June 1991
  | access-date = 2008-03-03 }}

==External links==
* [https://github.com/public/OpenPGP-SDK OpenPGP::SDK] 
* [https://pgp.mit.edu/ MIT Public Key Directory for Registration and Search]
* [https://www.rossde.com/PGP/pgp_keyserv.html#pubserv List of public keyservers]
* [https://datatracker.ietf.org/wg/openpgp/charter/ IETF OpenPGP working group]
* [https://www.openpgp.org/ OpenPGP Alliance]

{{Cryptographic software}}

{{Authority control}}

[[Category:1991 software]]
[[Category:Cryptographic software]]
[[Category:Encryption debate]]
[[Category:History of cryptography]]
[[Category:Internet privacy software]]
[[Category:OpenPGP]]
[[Category:Privacy software]]