CONTACT | SEARCH | LOGIN
Diplomat Enterprise Edition | Diplomat Standard Edition | Diplomat Basic Edition | Evaluation Software
Usage Scenarios | HIPAA | PCI DSS | Sarbanes-Oxley | Security Tips
Downloads | Report Problems
Downloads | Report Problems
About OpenPGP | Associations/User Groups | Security Resources
Management Team | Contact

About OpenPGP

OpenPGP is a public key encryption technology.   The OpenPGP specification defines standard formats for encrypted messages, signatures, private keys, and certificates for exchanging public keys.  It is built on an asymmetric scheme that uses a pair of keys: a public key, which encrypts data, and a corresponding private, or secret key for decryption. You publish your public key to your trading partners while keeping your private key secret. Anyone with a copy of your public key can then encrypt files that only you can read.

"PGP" products from companies such as PGP Corporation, McAfee (e.g., e-Business Server), and Veridis all comply with the OpenPGP specification.  PGP Corporation holds the U.S. trademark on the term "PGP" Thus, other companies selling in the U.S. cannot use the term "PGP" when describing their products.  Typically, all OpenPGP products are compatible with each other:

  • Keys created by an OpenPGP-compliant application can be imported and used by any other OpenPGP-compliant application, including Diplomat Transaction Manager.
  • Files encrypted/signed by an OpenPGP-compliant application can be decrypted/verified by any other OpenPGP-compliant application, including Diplomat Transaction Manager. 
  • Additional file transformations, such as ASCII-armoring, canonicalization, and compression, included in the OpenPGP specification are also compatible between OpenPGP-compliant applications, including Diplomat Transaction Manager.

The OpenPGP specification is based on PGP as originally developed by Phil Zimmermann. Phil Zimmermann's web site can be accessed at http://www.philzimmermann.com/.  

Beginning in 1997, the OpenPGP Working Group was formed in the Internet Engineering Task Force (IETF) to define this standard that had formerly been a proprietary product since 1991. Over the past decade, PGP, and later OpenPGP, has become the standard for nearly all of the world's encrypted email. The OpenPGP encryption standard is defined by the OpenPGP Working Group of the Internet Engineering Task Force (IETF) Proposed Standard RFC 2440, which can be found at http://www.ietf.org/rfc/rfc2440.txt.  

For current information on OpenPGP, go to www.pgpi.org. PGP International promotes the use of PGP worldwide and a resource pool for information on the PGP program and the OpenPGP standard.

The following books provide further technical and historical information on OpenPGP:

  • The Official PGP User's Guide by Phil Zimmermann, MIT Press, 1995, ISBN: 0-262-74017-6, 216 pages, Paperback
  • PGP: Source Code and Internals by Phil Zimmermann, MIT Press, 1995, ISBN: 0-262-24039-4, 900 pages, Hardcover
  • PGP: Pretty Good Privacy by Simson Garfinkel, O'Reilly & Associates, 1994, ISBN: 1-56592-098-8
  • Protect Your Privacy - A Guide for PGP Users by William Stallings. Prentice-Hall, 1994, ISBN 0-13-185596-4
  • Crypto - How the Code Rebels Beat the Government, Saving Privacy in the Digital Age by Steven Levy, Viking Penguin Putnam, 2001 ISBN: 0-670-85950-8
  • Applied Cryptography: Protocols, Algorithms, and Source Code in C by Bruce Schneier, John Wiley & Sons, 1995, ISBN: 0471117099
  • Handbook of Applied Cryptography by Alfred J. Menezes, Paul C. Van Oorschot, Scott A. Vanstone, CRC Press, 1996, ISBN:   0849385237

The U.S. Government regulates the transfer of technology, including OpenPGP products, across national boundaries. OpenPGP products may not be exported or re-exported without first obtaining any required export license or governmental approval, including the prior written consent, if required, of the Bureau of Export Administration of the U.S. Department of Commerce.