PGP (Pretty Good Privacy)

Stephen A. Weis, MIT Computer Science and Artificial Intelligence Laboratory

Introduction

Basics of PGP

Technology Highlights

Supported Algorithms and Key Recommendations

History of PGP

Origins of PGP

Patent Infringement

Export Licenses

PGP Variants and Alternatives

PGP Corporation and OpenPGP

MIT PGP Freeware and PGPi

GnuPG

S/MIME

Server-Side and Web-Based Secure E-Mail

PGP Problems and Lessons

Changing Law for Changing Technology

The Need for Industry Standards

“Why Johnny Can't Encrypt”

Future Directions and Conclusion

Glossary

Cross References

References

Further Reading

INTRODUCTION

A fascinating story from the early 1990s Internet boom is the development of PGP, or “Pretty Good Privacy.” PGP is a program for encrypting and digitally signing data and is most frequently used for e-mail. In fact, PGP may be the most well-known e-mail encryption software in existence with over 8 million users worldwide (PGP Corporation, n.d.). PGP's notoriety is largely due to the legal issues surrounding its creation, rather than for its technical merits.

PGP is one of the few examples of software created in blatant disregard of patent and export laws to evolve into a legitimate commercial product. Illegal software of this nature is sometimes referred to as guerillaware and might include peer-to-peer file sharing networks like Kazaa or DVD copying software such as DeCSS. The legal battles faced by PGP's creator, Phil Zimmermann, illustrate several policy barriers to ...