About PGP & OpenPGP
OpenPGP is a public key encryption technology. The OpenPGP specification
defines standard formats for encrypted messages, signatures, private keys,
and certificates for exchanging public keys. It is built on an asymmetric scheme that uses a pair of keys: a public key, which encrypts data, and a corresponding private, or secret key for decryption. You publish your public key to your trading partners while keeping your private key secret. Anyone with a copy of your public key can then encrypt files that only you can read.
"PGP" products from companies such as PGP Corporation, McAfee (e.g., e-Business Server), and Veridis all comply with the OpenPGP specification. PGP Corporation holds the U.S. trademark on the term "PGP". Typically, all OpenPGP products are compatible with each other:
- Keys created by an OpenPGP-compliant application can be imported and used by any other OpenPGP-compliant application, including Diplomat Transaction Manager.
- Files encrypted/signed by an OpenPGP-compliant application can be decrypted/verified by any other OpenPGP-compliant application, including Diplomat Transaction Manager.
- Additional file transformations, such as ASCII-armoring, canonicalization, and compression, included in the OpenPGP specification are also compatible between OpenPGP-compliant applications, including Diplomat Transaction Manager.
The OpenPGP specification is based
on PGP as originally developed by Phil Zimmermann. Phil Zimmermann's web
site can be accessed at http://www.philzimmermann.com/.
Beginning in 1997, the OpenPGP
Working Group was formed in the Internet Engineering Task Force (IETF)
to define this standard that had formerly been a proprietary product since
1991. Over the past decade, PGP, and later OpenPGP, has become the standard
for nearly all of the world's encrypted email. The OpenPGP encryption
standard is defined by the OpenPGP Working Group of the Internet Engineering
Task Force (IETF) Proposed Standard RFC2440 and RFC4880.
For current information
on OpenPGP, go to www.pgpi.org. PGP
International promotes the use of PGP worldwide and a resource pool for
information on the PGP program and the OpenPGP standard.
The following books
provide further technical and historical information on OpenPGP:
- The Official PGP User's Guide by Phil Zimmermann,
MIT Press, 1995, ISBN: 0-262-74017-6, 216 pages, Paperback
- PGP: Source Code and Internals by Phil Zimmermann,
MIT Press, 1995, ISBN: 0-262-24039-4, 900 pages, Hardcover
- PGP: Pretty Good Privacy by Simson Garfinkel, O'Reilly
& Associates, 1994, ISBN: 1-56592-098-8
- Protect Your Privacy - A Guide for PGP Users by William
Stallings. Prentice-Hall, 1994, ISBN 0-13-185596-4
- Crypto - How the Code Rebels Beat the Government, Saving
Privacy in the Digital Age by Steven Levy, Viking Penguin Putnam, 2001
ISBN: 0-670-85950-8
- Applied Cryptography: Protocols, Algorithms,
and Source Code in C by Bruce Schneier, John Wiley & Sons, 1995,
ISBN: 0471117099
- Handbook of Applied Cryptography by Alfred J.
Menezes, Paul C. Van Oorschot, Scott A. Vanstone, CRC Press, 1996, ISBN:
0849385237
The U.S. Government
regulates the transfer of technology, including OpenPGP products, across
national boundaries. OpenPGP products may not be exported or re-exported
without first obtaining any required export license or governmental approval,
including the prior written consent, if required, of the Bureau of Export
Administration of the U.S. Department of Commerce.
|
