Encryption is an important part of our approach to producing and offering a secure managed file transfer product that our customers can rely on to send and receive sensitive files. Information security and data privacy requires encryption to keep those files safe, and if something goes wrong or there’s a suspicion that a data breach may have occurred, proof that files were encrypted can ensure your organization doesn’t fail a compliance audit.
Coviant Software uses OpenPGP (also known by the trademarked term PGP™) as its encryption tool of choice for its customers who use Diplomat MFT to automate their file transfers. As such, we talk to a lot of people about why we chose OpenPGP, and also about the particulars of OpenPGP. We appreciate the questions as it means organizations are taking security and privacy compliance seriously, and are digging in to make informed choices about the products they invest in to support compliance programs.
And so, we figured we’d offer a quick checklist of fast facts about OpenPGP to help answer some of the most common questions we encounter.
1. What is the difference between OpenPGP and PGP™
OpenPGP is the standardized implementation of the commercial PGP encryption algorithm. Most people use the terms interchangeably, and the only real difference is that OpenPGP is the fully compatible standard which PGP implements.
2. How secure is OpenPGP?
PGP was established as a proprietary algorithm in 1991, became an open standard as OpenPGP in 1997, and has been proven reliable during its entire existence. It has been calculated that, using current technology, it would take trillions of years to crack the OpenPGP’s 256bit encryption key.
3. How can I use OpenPGP to encrypt my sensitive files?
Implementing OpenPGP usually requires complex command line applications. But when integrated in a data management tool like Diplomat MFT, the task of applying OpenPGP encryption is simplified through automation. And because Diplomat MFT can be deployed with no-code simplicity, the process of encrypting sensitive files is made that much easier.
4. Is OpenPGP a software product that I can purchase?
No, OpenPGP is not commercial software. It is a protocol that employs standard algorithms to encrypt files and ensure they are visible only to authorized parties. OpenPGP is implemented by software in those tools in which it is integrated. As an example, Diplomat MFT uses OpenPGP and automates its application whenever it is used to send or receive files.
5. How does OpenPGP work?
OpenPGP uses two different techniques, public key cryptography and symmetric key cryptography, to keep data safe. Public key cryptography is used to identify a third-party using PGP, while symmetric key cryptography is used to encrypt or decrypt the actual file payload. It’s worth noting that symmetric key cryptography is faster than public key, and so the combination of the two also serves to make the entire process more efficient—which helps to keep data secure by not incentivizing workarounds or avoidance of the encryption process.
If you want more information about how Coviant Software uses OpenPGP as an integral part of its Diplomat MFT secure managed file software platform, visit our OpenPGP information page. And if you want to put the power of OpenPGP to use as a part of your data security and management strategy, you can fill out the below form to request a demonstration or free trial of Diplomat MFT.