Encryption software is software that uses cryptography to prevent unauthorized access to digital information. Cryptography is used to protect digital information on computers as well as the digital information that is sent to other computers over the Internet .
104-657: Pretty Good Privacy ( PGP ) is an encryption program that provides cryptographic privacy and authentication for data communication . PGP is used for signing , encrypting, and decrypting texts, e-mails , files, directories, and whole disk partitions and to increase the security of e-mail communications. Phil Zimmermann developed PGP in 1991. PGP and similar software follow the OpenPGP standard (RFC 4880), an open standard for encrypting and decrypting data . Modern versions of PGP are interoperable with GnuPG and other OpenPGP-compliant systems. Despite "Pretty Good" in
208-425: A Saturday Night Live sketch. Zimmermann had been a long-time anti-nuclear activist , and created PGP encryption so that similarly inclined people might securely use BBSs and securely store messages and files. No license fee was required for its non-commercial use, and the complete source code was included with all copies. In a posting of June 5, 2001, entitled "PGP Marks 10th Anniversary", Zimmermann describes
312-455: A cryptographically authenticated statement of revocation. For distributing revocation information to clients, timeliness of the discovery of revocation (and hence the window for an attacker to exploit a compromised certificate) trades off against resource usage in querying revocation statuses and privacy concerns. If revocation information is unavailable (either due to accident or an attack), clients must decide whether to fail-hard and treat
416-410: A cryptosystem has been criticized for complexity of the standard, implementation and very low usability of the user interface including by recognized figures in cryptography research. It uses an ineffective serialization format for storage of both keys and encrypted data, which resulted in signature-spamming attacks on public keys of prominent developers of GNU Privacy Guard . Backwards compatibility of
520-481: A laptop PC that allegedly contained child pornography , indicates that US government agencies find it "nearly impossible" to access PGP-encrypted files. Additionally, a magistrate judge ruling on the case in November 2007 has stated that forcing the suspect to reveal his PGP passphrase would violate his Fifth Amendment rights i.e. a suspect's constitutional right not to incriminate himself. The Fifth Amendment issue
624-427: A protocol for securely browsing the web . In a typical public-key infrastructure (PKI) scheme, the certificate issuer is a certificate authority (CA), usually a company that charges customers a fee to issue certificates for them. By contrast, in a web of trust scheme, individuals sign each other's keys directly, in a format that performs a similar function to a public key certificate. In case of key compromise,
728-401: A type-in program if OCR software was not available), creating a set of source code text files. One could then build the application using the freely available GNU Compiler Collection . PGP would thus be available anywhere in the world. The claimed principle was simple: export of munitions —guns, bombs, planes, and software—was (and remains) restricted; but the export of books is protected by
832-554: A wildcard certificate . Once the certification path validation is successful, the client can establish an encrypted connection with the server. Internet-facing servers, such as public web servers , must obtain their certificates from a trusted, public certificate authority (CA). Client certificates authenticate the client connecting to a TLS service, for instance to provide access control. Because most services provide access to individuals, rather than devices, most client certificates contain an email address or personal name rather than
936-648: A Usenet newsgroup that specialized in distributing source code. At my request, he marked the Usenet posting as "US only". Kelly also uploaded it to many BBS systems around the country. I don't recall if the postings to the Internet began on June 5th or 6th. It may be surprising to some that back in 1991, I did not yet know enough about Usenet newsgroups to realize that a "US only" tag was merely an advisory tag that had little real effect on how Usenet propagated newsgroup postings. I thought it actually controlled how Usenet routed
1040-476: A bit or byte at a time, and are most commonly used to encrypt real-time communications, such as audio and video information. The key is used to establish the initial state of a keystream generator, and the output of that generator is used to encrypt the plaintext. Block cipher algorithms split the plaintext into fixed-size blocks and encrypt one block at a time. For example, AES processes 16-byte blocks, while its predecessor DES encrypted blocks of eight bytes. There
1144-551: A central certificate authority be accepted as correct. To the best of publicly available information, there is no known method which will allow a person or group to break PGP encryption by cryptographic, or computational means. Indeed, in 1995, cryptographer Bruce Schneier characterized an early version as being "the closest you're likely to get to military-grade encryption." Early versions of PGP have been found to have theoretical vulnerabilities and so current versions are recommended. In addition to protecting data in transit over
SECTION 10
#17327866286871248-442: A certificate as if it is revoked (and so degrade availability ) or to fail-soft and treat it as unrevoked (and allow attackers to sidestep revocation). Due to the cost of revocation checks and the availability impact from potentially-unreliable remote services, Web browsers limit the revocation checks they will perform, and will fail-soft where they do. Certificate revocation lists are too bandwidth-costly for routine use, and
1352-401: A certificate is not "flat" but contains these fields nested in various structures within the certificate. This is an example of a decoded SSL/TLS certificate retrieved from SSL.com's website. The issuer's common name (CN) is shown as SSL.com EV SSL Intermediate CA RSA R3 , identifying this as an Extended Validation (EV) certificate. Validated information about the website's owner (SSL Corp)
1456-563: A certificate may need to be revoked . The most common format for public key certificates is defined by X.509 . Because X.509 is very general, the format is further constrained by profiles defined for certain use cases, such as Public Key Infrastructure (X.509) as defined in RFC 5280 . The Transport Layer Security (TLS) protocol – as well as its outdated predecessor, the Secure Sockets Layer (SSL) protocol – ensures that
1560-479: A certificate's subject is typically a person or organization. However, in Transport Layer Security (TLS) a certificate's subject is typically a computer or other device, though TLS certificates may identify organizations or individuals in addition to their core role in identifying devices. TLS, sometimes called by its older name Secure Sockets Layer (SSL), is notable for being a part of HTTPS ,
1664-408: A client-side (Enigform) and a server-side ( mod openpgp ) module. There is also a WordPress plugin available, called wp-enigform-authentication, that takes advantage of the session management features of Enigform with mod_openpgp. The PGP Desktop 9.x family includes PGP Desktop Email, PGP Whole Disk Encryption, and PGP NetShare. Additionally, a number of Desktop bundles are also available. Depending on
1768-581: A collection of certifying signatures from other people, with the expectation that anyone receiving it will trust at least one or two of the signatures. This will cause the emergence of a decentralized fault-tolerant web of confidence for all public keys. The web of trust mechanism has advantages over a centrally managed public key infrastructure scheme such as that used by S/MIME but has not been universally used. Users have to be willing to accept certificates and check their validity manually or have to simply accept them. No satisfactory solution has been found for
1872-550: A domain and its subdomains). Such certificates are commonly called Subject Alternative Name (SAN) certificates or Unified Communications Certificates (UCC) . These certificates contain the Subject Alternative Name field, though many CAs also put them into the Subject Common Name field for backward compatibility. If some of the hostnames contain an asterisk (*), a certificate may also be called
1976-401: A hostname. In addition, the certificate authority that issues the client certificate is usually the service provider to which client connects because it is the provider that needs to perform authentication. Some service providers even offer free SSL certificates as part of their packages. While most web browsers support client certificates, the most common form of authentication on the Internet
2080-510: A label as a "partial wildcard" according to early specifications However, use of "partial-wildcard" certs is not recommended. As of 2011, partial wildcard support is optional, and is explicitly disallowed in SubjectAltName headers that are required for multi-name certificates. All major browsers have deliberately removed support for partial-wildcard certificates; they will result in a "SSL_ERROR_BAD_CERT_DOMAIN" error. Similarly, it
2184-409: A network, PGP encryption can also be used to protect data in long-term data storage such as disk files. These long-term storage options are also known as data at rest, i.e. data stored, not in transit. The cryptographic security of PGP encryption depends on the assumption that the algorithms used are unbreakable by direct cryptanalysis with current equipment and techniques. In the original version,
SECTION 20
#17327866286872288-466: A new proxy-based architecture. These newer versions of PGP software eliminate the use of e-mail plug-ins and insulate the user from changes to other desktop applications. All desktop and server operations are now based on security policies and operate in an automated fashion. The PGP Universal server automates the creation, management, and expiration of keys, sharing these keys among all PGP encryption applications. The Symantec PGP platform has now undergone
2392-460: A new version of PGP encryption called PGP 3. This new version was to have considerable security improvements, including a new certificate structure that fixed small security flaws in the PGP 2.x certificates as well as permitting a certificate to include separate keys for signing and encryption. Furthermore, the experience with patent and export problems led them to eschew patents entirely. PGP 3 introduced
2496-428: A partial indicator of real-world performance in cryptographic functions . Applications may offer their own encryption called native encryption, including databases applications such as Microsoft SQL, Oracle, and MongoDB, and commonly rely on direct usage of CPU cycles for performance. This often impacts the desirability of encryption in businesses seeking greater security and ease of satisfying compliance by impacting
2600-402: A particular user is not unique to PGP. All public key/private key cryptosystems have the same problem, even if in slightly different guises, and no fully satisfactory solution is known. PGP's original scheme at least leaves the decision as to whether or not to use its endorsement/vetting system to the user, while most other PKI schemes do not, requiring instead that every certificate attested to by
2704-483: A public certificate. During web browsing, this public certificate is served to any web browser that connects to the web site and proves to the web browser that the provider believes it has issued a certificate to the owner of the web site. As an example, when a user connects to https://www.example.com/ with their browser, if the browser does not give any certificate warning message, then the user can be theoretically sure that interacting with https://www.example.com/
2808-413: A public key from somewhere is not a reliable assurance of that association; deliberate (or accidental) impersonation is possible. From its first version, PGP has always included provisions for distributing user's public keys in an ' identity certification ', which is also constructed cryptographically so that any tampering (or accidental garble) is readily detectable. However, merely making a certificate that
2912-439: A qualified trust service provider and signature creation device) are given the same power as a physical signature. In the X.509 trust model, a certificate authority (CA) is responsible for signing certificates. These certificates act as an introduction between two parties, which means that a CA acts as a trusted third party. A CA processes requests from people or organizations requesting certificates (called subscribers), verifies
3016-432: A relatively small community, like a business, and are distributed by other mechanisms like Windows Group Policy . Certificate authorities are also responsible for maintaining up-to-date revocation information about certificates they have issued, indicating whether certificates are still valid. They provide this information through Online Certificate Status Protocol (OCSP) and/or Certificate Revocation Lists (CRLs). Some of
3120-529: A rename. PGP Desktop is now known as Symantec Encryption Desktop (SED), and the PGP Universal Server is now known as Symantec Encryption Management Server (SEMS). The current shipping versions are Symantec Encryption Desktop 10.3.0 (Windows and macOS platforms) and Symantec Encryption Server 3.3.2. Also available are PGP Command-Line, which enables command line-based encryption and signing of information for storage, transfer, and backup, as well as
3224-472: A self-signed certificate, called a root certificate , trust anchor , or trust root . A certificate authority self-signs a root certificate to be able to sign other certificates. An intermediate certificate has a similar purpose to the root certificate – its only use is to sign other certificates. However, an intermediate certificate is not self-signed. A root certificate or another intermediate certificate needs to sign it. An end-entity or leaf certificate
Pretty Good Privacy - Misplaced Pages Continue
3328-403: A shorter version of a public key. From a fingerprint, someone can validate the correct corresponding public key. A fingerprint like C3A6 5E46 7B54 77DF 3C4C 9790 4D22 B3CA 5B32 FF66 can be printed on a business card. As PGP evolves, versions that support newer features and algorithms can create encrypted messages that older PGP systems cannot decrypt, even with a valid private key. Therefore, it
3432-500: A signature that can be verified by its own public key. Self-signed certificates have their own limited uses. They have full trust value when the issuer and the sole user are the same entity. For example, the Encrypting File System on Microsoft Windows issues a self-signed certificate on behalf of the encrypting user and uses it to transparently decrypt data on the fly. The digital certificate chain of trust starts with
3536-433: A single certificate for all main domains and subdomains and reduce cost. Because the wildcard only covers one level of subdomains (the asterisk doesn't match full stops), these domains would not be valid for the certificates: Note possible exceptions by CAs, for example wildcard-plus cert by DigiCert contains an automatic "Plus" property for the naked domain example.com . Only a single level of subdomain matching
3640-484: A top-level domain is not allowed. Too general and should not be allowed. International domain names encoded in ASCII (A-label) are labels that are ASCII-encoded and begin with xn-- . URLs with international labels cannot contain wildcards. These are some of the most common fields in certificates. Most certificates contain a number of fields not listed here. Note that in terms of a certificate's X.509 representation,
3744-401: A way to cancel (' revoke ') public key certificates. A lost or compromised private key will require this if communication security is to be retained by that user. This is, more or less, equivalent to the certificate revocation lists of centralised PKI schemes. Recent PGP versions have also supported certificate expiration dates. The problem of correctly identifying a public key as belonging to
3848-480: Is a username and password pair. Client certificates are more common in virtual private networks (VPN) and Remote Desktop Services , where they authenticate devices. In accordance with the S/MIME protocol, email certificates can both establish the message integrity and encrypt messages. To establish encrypted email communication, the communicating parties must have their digital certificates in advance. Each must send
3952-461: Is also a well-known case where PKI is used for data in transit of data at rest. Data in transit is data that is being sent over a computer network . When the data is between two endpoints, any confidential information may be vulnerable. The payload (confidential information) can be encrypted to secure its confidentiality, as well as its integrity and validity. Often, the data in transit is between two entities that do not know each other - such as in
4056-548: Is any certificate that cannot sign other certificates. For instance, TLS/SSL server and client certificates, email certificates, code signing certificates, and qualified certificates are all end-entity certificates. Subject Alternative Name (SAN) certificates are an extension to X.509 that allows various values to be associated with a security certificate using a subjectAltName field. These values are called Subject Alternative Names (SANs). Names include: RFC 2818 (May 2000) specifies Subject Alternative Names as
4160-399: Is bound to a username or an e-mail address. The first version of this system was generally known as a web of trust to contrast with the X.509 system, which uses a hierarchical approach based on certificate authority and which was added to PGP implementations later. Current versions of PGP encryption include options through an automated key management server. A public key fingerprint is
4264-417: Is called a Wildcard certificate. Through the use of * , a single certificate may be used for multiple sub-domains . It is commonly used for transport layer security in computer networking . For example, a single wildcard certificate for https://*.example.com will secure all these subdomains on the https://*.example.com domain: Instead of getting separate certificates for subdomains, you can use
Pretty Good Privacy - Misplaced Pages Continue
4368-408: Is equivalent to interacting with the entity in contact with the email address listed in the public registrar under "example.com", even though that email address may not be displayed anywhere on the web site. No other surety of any kind is implied. Further, the relationship between the purchaser of the certificate, the operator of the web site, and the generator of the web site content may be tenuous and
4472-421: Is essential that partners in PGP communication understand each other's capabilities or at least agree on PGP settings. PGP can be used to send messages confidentially. For this, PGP uses a hybrid cryptosystem by combining symmetric-key encryption and public-key encryption. The message is encrypted using a symmetric encryption algorithm, which requires a symmetric key generated by the sender. The symmetric key
4576-423: Is impossible to modify without being detected is insufficient; this can prevent corruption only after the certificate has been created, not before. Users must also ensure by some means that the public key in a certificate actually does belong to the person or entity claiming it. A given public key (or more specifically, information binding a user name to a key) may be digitally signed by a third-party user to attest to
4680-436: Is indicated with a set of trust bits in a root certificate storage system. A certificate may be revoked before it expires, which signals that it is no longer valid. Without revocation, an attacker would be able to exploit such a compromised or misissued certificate until expiry. Hence, revocation is an important part of a public key infrastructure . Revocation is performed by the issuing certificate authority , which produces
4784-590: Is located in the Subject field. The X509v3 Subject Alternative Name field contains a list of domain names covered by the certificate. The X509v3 Extended Key Usage and X509v3 Key Usage fields show all appropriate uses. In the European Union, (advanced) electronic signatures on legal documents are commonly performed using digital signatures with accompanying identity certificates. However, only qualified electronic signatures (which require using
4888-586: Is part of the open source Firefox web browser, so it is broadly used outside Firefox. For instance, while there is no common Linux Root Program, many Linux distributions, like Debian, include a package that periodically copies the contents of the Firefox trust list, which is then used by applications. Root programs generally provide a set of valid purposes with the certificates they include. For instance, some CAs may be considered trusted for issuing TLS server certificates, but not for code signing certificates. This
4992-572: Is particularly important in HTTPS, where a web site operator generally wants to get a certificate that is trusted by nearly all potential visitors to their web site. The policies and processes a provider uses to decide which certificate authorities their software should trust are called root programs. The most influential root programs are: Browsers other than Firefox generally use the operating system's facilities to decide which certificate authorities are trusted. So, for instance, Chrome on Windows trusts
5096-674: Is supported in accordance with RFC 2818 . It is not possible to get a wildcard for an Extended Validation Certificate . A workaround could be to add every virtual host name in the Subject Alternative Name (SAN) extension, the major problem being that the certificate needs to be reissued whenever a new virtual server is added. (See Transport Layer Security § Support for name-based virtual servers for more information.) Wildcards can be added as domains in multi-domain certificates or Unified Communications Certificates (UCC). In addition, wildcards themselves can have subjectAltName extensions, including other wildcards. For example,
5200-492: Is to mandate the use SEIP protected packets in the ciphertext, which can lead to old emails or other encrypted objects to be no longer decryptable after upgrading to the software version that has the mitigation. On August 9, 2019, Broadcom Inc. announced they would be acquiring the Enterprise Security software division of Symantec, which includes PGP Corporation. While originally used primarily for encrypting
5304-406: Is typical for standard libraries in programming languages to not support "partial-wildcard" certificates. For example, any "partial-wildcard" certificate will not work with the latest versions of both Python and Go. Thus, Do not allow a label that consists entirely of just a wildcard unless it is the left-most label A cert with multiple wildcards in a name is not allowed. A cert with * plus
SECTION 50
#17327866286875408-556: Is used for automated e-mail encryption in the gateway and manages PGP Desktop 9.x clients. In addition to its local keyserver , PGP Universal Server works with the PGP public keyserver—called the PGP Global Directory—to find recipient keys. It has the capability of delivering e-mail securely when no recipient key is found via a secure HTTPS browser session. With PGP Desktop 9.x managed by PGP Universal Server 2.x, first released in 2005, all PGP encryption applications are based on
5512-481: Is used only once and is also called a session key . The message and its session key are sent to the receiver. The session key must be sent to the receiver so they know how to decrypt the message, but to protect it during transmission it is encrypted with the receiver's public key. Only the private key belonging to the receiver can decrypt the session key, and use it to symmetrically decrypt the message. PGP supports message authentication and integrity checking. The latter
5616-410: Is used to detect whether a message has been altered since it was completed (the message integrity property) and the former, to determine whether it was actually sent by the person or entity claimed to be the sender (a digital signature ). Because the content is encrypted, any changes in the message will fail the decryption with the appropriate key. The sender uses PGP to create a digital signature for
5720-889: The First Amendment . The question was never tested in court with respect to PGP. In cases addressing other encryption software, however, two federal appeals courts have established the rule that cryptographic software source code is speech protected by the First Amendment (the Ninth Circuit Court of Appeals in the Bernstein case and the Sixth Circuit Court of Appeals in the Junger case ). US export regulations regarding cryptography remain in force, but were liberalized substantially throughout
5824-531: The Online Certificate Status Protocol presents connection latency and privacy issues. Other schemes have been proposed but have not yet been successfully deployed to enable fail-hard checking. The most common use of certificates is for HTTPS -based web sites. A web browser validates that an HTTPS web server is authentic, so that the user can feel secure that his/her interaction with the web site has no eavesdroppers and that
5928-582: The RSA algorithm was used to encrypt session keys. RSA's security depends upon the one-way function nature of mathematical integer factoring . Similarly, the symmetric key algorithm used in PGP version 2 was IDEA , which might at some point in the future be found to have previously undetected cryptanalytic flaws. Specific instances of current PGP or IDEA insecurities (if they exist) are not publicly known. As current versions of PGP have added additional encryption algorithms, their cryptographic vulnerability varies with
6032-481: The CPU. When there is a need to securely transmit data at rest, without the ability to create a secure connection, user space tools have been developed that support this need. These tools rely upon the receiver publishing their public key, and the sender being able to obtain that public key. The sender is then able to create a symmetric key to encrypt the information, and then use the receiver's public key to securely protect
6136-515: The IBM i platform. Townsend Security again ported PGP in 2008, this time to the IBM z mainframe. This version of PGP relies on a free z/OS encryption facility, which utilizes hardware acceleration. SDS also offers a commercial version of PGP (SDS E-Business Server) for the IBM z mainframe. In August 2002, several ex-PGP team members formed a new company, PGP Corporation , and bought the PGP assets (except for
6240-478: The McAfee E-Business Server was transferred to Software Diversified Services (SDS), which now sells, supports, and develops it under the name SDS E-Business Server. For the enterprise, Townsend Security currently offers a commercial version of PGP for the IBM i and IBM z mainframe platforms. Townsend Security partnered with Network Associates in 2000 to create a compatible version of PGP for
6344-431: The OpenPGP standard results in usage of relatively weak default choices of cryptographic primitives ( CAST5 cipher, CFB mode, S2K password hashing). The standard has been also criticized for leaking metadata, usage of long-term keys and lack of forward secrecy . Popular end-user implementations have suffered from various signature-striping, cipher downgrade and metadata leakage vulnerabilities which have been attributed to
SECTION 60
#17327866286876448-562: The PGP 3 system. Unlike PGP 2, which was an exclusively command line program, PGP 3 was designed from the start as a software library allowing users to work from a command line or inside a GUI environment. The original agreement between Viacrypt and the Zimmermann team had been that Viacrypt would have even-numbered versions and Zimmermann odd-numbered versions. Viacrypt, thus, created a new version (based on PGP 2) that they called PGP 4. To remove confusion about how it could be that PGP 3
6552-475: The PGP Support Package for BlackBerry which enables RIM BlackBerry devices to enjoy sender-to-recipient messaging encryption. New versions of PGP applications use both OpenPGP and the S/MIME , allowing communications with any user of a NIST specified standard. Encryption software There are many software products which provide encryption. Software encryption uses a cipher to obscure
6656-434: The PGP family. After the export regulation liberalizations of 2000 which no longer required publishing of source, NAI stopped releasing source code. In early 2001, Zimmermann left NAI. He served as Chief Cryptographer for Hush Communications , who provide an OpenPGP-based e-mail service, Hushmail . He has also worked with Veridis and other companies. In October 2001, NAI announced that its PGP assets were for sale and that it
6760-584: The PGP name, it (and OpenPGP and all implementations of) have lots of problems and "Cryptography engineers have been tearing their hair out over PGP’s deficiencies for (literally) decades." and e.g. Python 3.14 will stop using PGP (and use Sigstore instead, with "short-lived keys"), since it "requires the maintenance and protection of long-lived private keys". PGP encryption uses a serial combination of hashing , data compression , symmetric-key cryptography , and finally public-key cryptography ; each step uses one of several supported algorithms . Each public key
6864-626: The US Congress), civil libertarians in other parts of the world (see Zimmermann's published testimony in various hearings), and the 'free communications' activists who called themselves cypherpunks (who provided both publicity and distribution); decades later, CryptoParty activists did much the same via Twitter . Shortly after its release, PGP encryption found its way outside the United States , and in February 1993 Zimmermann became
6968-482: The algorithm used. However, none of the algorithms in current use are publicly known to have cryptanalytic weaknesses. New versions of PGP are released periodically and vulnerabilities fixed by developers as they come to light. Any agency wanting to read PGP messages would probably use easier means than standard cryptanalysis, e.g. rubber-hose cryptanalysis or black-bag cryptanalysis (e.g. installing some form of trojan horse or keystroke logging software/hardware on
7072-449: The application, the products feature desktop e-mail, digital signatures, IM security, whole disk encryption, file, and folder security, encrypted self-extracting archives , and secure shredding of deleted files. Capabilities are licensed in different ways depending on the features required. The PGP Universal Server 2.x management console handles centralized deployment, security policy, policy enforcement, key management, and reporting. It
7176-654: The association between someone (actually a user name) and the key. There are several levels of confidence that can be included in such signatures. Although many programs read and write this information, few (if any) include this level of certification when calculating whether to trust a key. The web of trust protocol was first described by Phil Zimmermann in 1992, in the manual for PGP version 2.0: As time goes on, you will accumulate keys from other people that you may want to designate as trusted introducers. Everyone else will each choose their own trusted introducers. And everyone will gradually accumulate and distribute with their key
7280-482: The bits necessary to boot or access the disk when not using an unencrypted boot/preboot partition). As disks can be partitioned into multiple partitions, partition encryption can be used to encrypt individual disk partitions. Volumes, created by combining two or more partitions, can be encrypted using volume encryption . File systems, also composed of one or more partitions, can be encrypted using filesystem-level encryption . Directories are referred to as encrypted when
7384-416: The case of visiting a website. As establishing a relationship and securely sharing an encryption key to secure the information that will be exchanged, a set of roles, policies, and procedures to accomplish this has been developed; it is known as the public key infrastructure , or PKI. Once PKI has established a secure connection, a symmetric key can be shared between endpoints. A symmetric key is preferred over
7488-637: The certificate authorities included in the Microsoft Root Program, while on macOS or iOS, Chrome trusts the certificate authorities in the Apple Root Program. Edge and Safari use their respective operating system trust stores as well, but each is only available on a single OS. Firefox uses the Mozilla Root Program trust store on all platforms. The Mozilla Root Program is operated publicly, and its certificate list
7592-459: The circumstances surrounding his release of PGP: It was on this day in 1991 that I sent the first release of PGP to a couple of my friends for uploading to the Internet. First, I sent it to Allan Hoeltje, who posted it to Peacenet, an ISP that specialized in grassroots political organizations, mainly in the peace movement. Peacenet was accessible to political activists all over the world. Then, I uploaded it to Kelly Goen, who proceeded to upload it to
7696-551: The command line version) from NAI. The new company was funded by Rob Theis of Doll Capital Management (DCM) and Terry Garnett of Venrock Associates. PGP Corporation supported existing PGP users and honored NAI's support contracts. Zimmermann served as a special advisor and consultant to PGP Corporation while continuing to run his own consulting company. In 2003, PGP Corporation created a new server-based product called PGP Universal. In mid-2004, PGP Corporation shipped its own command line version called PGP Command Line, which integrated with
7800-587: The communication between a client computer and a server is secure. The protocol requires the server to present a digital certificate, proving that it is the intended destination. The connecting client conducts certification path validation , ensuring that: The Subject field of the certificate must identify the primary hostname of the server as the Common Name . The hostname must be publicly accessible, not using private addresses or reserved domains . A certificate may be valid for multiple hostnames (e.g.,
7904-409: The complexity of the standard. Phil Zimmermann created the first version of PGP encryption in 1991. The name, "Pretty Good Privacy" was inspired by the name of a grocery store, "Ralph's Pretty Good Grocery", featured in radio host Garrison Keillor 's fictional town, Lake Wobegon . This first version included a symmetric-key algorithm that Zimmermann had designed himself, named BassOmatic after
8008-779: The content into ciphertext . One way to classify this type of software is the type of cipher used. Ciphers can be divided into two categories: public key ciphers (also known as asymmetric ciphers), and symmetric key ciphers. Encryption software can be based on either public key or symmetric key encryption. Another way to classify software encryption is to categorize its purpose. Using this approach, software encryption may be classified into software which encrypts " data in transit " and software which encrypts " data at rest ". Data in transit generally uses public key ciphers, and data at rest generally uses symmetric key ciphers. Symmetric key ciphers can be further divided into stream ciphers and block ciphers. Stream ciphers typically encrypt plaintext
8112-540: The contents of e-mail messages and attachments from a desktop client, PGP products have been diversified since 2002 into a set of encryption applications that can be managed by an optional central policy server. PGP encryption applications include e-mails and attachments, digital signatures, full disk encryption, file and folder security, protection for IM sessions, batch file transfer encryption, and protection for files and folders stored on network servers and, more recently, encrypted or signed HTTP request/responses by means of
8216-404: The files within the directory are encrypted. File encryption encrypts a single file. Database encryption acts on the data to be stored, accepting unencrypted information and writing that information to persistent storage only after it has encrypted the data. Device-level encryption, a somewhat vague term that includes encryption-capable tape drives, can be used to offload the encryption tasks from
8320-518: The formal target of a criminal investigation by the US Government for " munitions export without a license". At the time, cryptosystems using keys larger than 40 bits were considered munitions within the definition of the US export regulations ; PGP has never used keys smaller than 128 bits, so it qualified at that time. Penalties for violation, if found guilty, were substantial. After several years,
8424-449: The information, and potentially signs an end-entity certificate based on that information. To perform this role effectively, a CA needs to have one or more broadly trusted root certificates or intermediate certificates and the corresponding private keys. CAs may achieve this broad trust by having their root certificates included in popular software, or by obtaining a cross-signature from another CA delegating trust. Other CAs are trusted within
8528-489: The intent of integrating it into its Enterprise Security Group. This acquisition was finalized and announced to the public on June 7, 2010. The source code of PGP Desktop 10 is available for peer review. In May 2018, a bug named EFAIL was discovered in certain implementations of PGP which from 2003 could reveal the plaintext contents of emails encrypted with it. The chosen mitigation for this vulnerability in PGP Desktop
8632-455: The investigation of Zimmermann was closed without filing criminal charges against him or anyone else. Zimmermann challenged these regulations in an imaginative way. In 1995, he published the entire source code of PGP in a hardback book, via MIT Press , which was distributed and sold widely. Anybody wishing to build their own copy of PGP could cut off the covers, separate the pages, and scan them using an OCR program (or conceivably enter it as
8736-482: The key is certified. A level 1 signature is similar to the trust one has in a certificate authority because a key signed to level 1 is able to issue an unlimited number of level 0 signatures. A level 2 signature is highly analogous to the trust assumption users must rely on whenever they use the default certificate authority list (like those included in web browsers); it allows the owner of the key to make other keys certificate authorities. PGP versions have always included
8840-414: The larger certificate authorities in the market include IdenTrust , DigiCert , and Sectigo . Some major software contain a list of certificate authorities that are trusted by default. This makes it easier for end-users to validate certificates, and easier for people or organizations that request certificates to know which certificate authorities can issue a certificate that will be broadly trusted. This
8944-456: The late 1990s. Since 2000, compliance with the regulations is also much easier. PGP encryption no longer meets the definition of a non-exportable weapon, and can be exported internationally except to seven specific countries and a list of named groups and individuals (with whom substantially all US trade is prohibited under various US export controls). The criminal investigation was dropped in 1996. During this turmoil, Zimmermann's team worked on
9048-437: The message with either the RSA or DSA algorithms. To do so, PGP computes a hash (also called a message digest ) from the plaintext and then creates the digital signature from that hash using the sender's private key. Both when encrypting messages and when verifying signatures, it is critical that the public key used to send messages to someone or some entity actually does 'belong' to the intended recipient. Simply downloading
9152-758: The other PGP Encryption Platform applications. In 2005, PGP Corporation made its first acquisition: the German software company Glück & Kanja Technology AG, which became PGP Deutschland AG. In 2010, PGP Corporation acquired Hamburg-based certificate authority TC TrustCenter and its parent company, ChosenSecurity , to form its PGP TrustCenter division. After the 2002 purchase of NAI's PGP assets, PGP Corporation offered worldwide PGP technical support from its offices in Draper, Utah ; Offenbach , Germany ; and Tokyo , Japan . On April 29, 2010, Symantec Corp. announced that it would acquire PGP Corporation for $ 300 million with
9256-422: The other one digitally signed email and opt to import the sender's certificate. Some publicly trusted certificate authorities provide email certificates, but more commonly S/MIME is used when communicating within a given organization, and that organization runs its own CA, which is trusted by participants in that email system. A self-signed certificate is a certificate with a subject that matches its issuer, and
9360-471: The posting. But back then, I had no clue how to post anything on a newsgroup, and didn't even have a clear idea what a newsgroup was. PGP found its way onto the Internet and rapidly acquired a considerable following around the world. Users and supporters included dissidents in totalitarian countries (some affecting letters to Zimmermann have been published, some of which have been included in testimony before
9464-661: The preferred method of adding DNS names to certificates, deprecating the previous method of putting DNS names in the commonName field. Google Chrome version 58 (March 2017) removed support for checking the commonName field at all, instead only looking at the SANs. As shown in the picture of Wikimedia's section on the right, the SAN field can contain wildcards. Not all vendors support or endorse mixing wildcards into SAN certificates. A public key certificate which uses an asterisk * (the wildcard ) in its domain name fragment
9568-429: The private and public keys as a symmetric cipher is much more efficient (uses fewer CPU cycles) than an asymmetric cipher. There are several methods for encrypting data in transit, such as IPsec , SCP , SFTP , SSH , OpenPGP and HTTPS . Data at rest refers to data that has been saved to persistent storage . Data at rest is generally encrypted by a symmetric key . Encryption may be applied at different layers in
9672-420: The speed and scale of how data within organizations through to their partners. Public key certificate In cryptography , a public key certificate , also known as a digital certificate or identity certificate , is an electronic document used to prove the validity of a public key . The certificate includes the public key and information about it, information about the identity of its owner (called
9776-408: The storage stack. For example, encryption can be configured at the disk layer, on a subset of a disk called a partition , on a volume , which is a combination of disks or partitions, at the layer of a file system , or within user space applications such as database or other applications that run on the host operating system . With full disk encryption, the entire disk is encrypted (except for
9880-404: The subject), and the digital signature of an entity that has verified the certificate's contents (called the issuer). If the device examining the certificate trusts the issuer and finds the signature to be a valid signature of that issuer, then it can use the included public key to communicate securely with the certificate's subject. In email encryption , code signing , and e-signature systems,
9984-780: The target computer to capture encrypted keyrings and their passwords). The FBI has already used this attack against PGP in its investigations. However, any such vulnerabilities apply not just to PGP but to any conventional encryption software. In 2003, an incident involving seized Psion PDAs belonging to members of the Red Brigade indicated that neither the Italian police nor the FBI were able to decrypt PGP-encrypted files stored on them. A second incident in December 2006, (see In re Boucher ), involving US customs agents who seized
10088-444: The transmission of the information and the symmetric key. This allows secure transmission of information from one party to another. The performance of encryption software is measured relative to the speed of the CPU. Thus, cycles per byte (sometimes abbreviated cpb ), a unit indicating the number of clock cycles a microprocessor will need per byte of data processed, is the usual unit of measurement . Cycles per byte serve as
10192-408: The underlying problem. In the (more recent) OpenPGP specification, trust signatures can be used to support creation of certificate authorities . A trust signature indicates both that the key belongs to its claimed owner and that the owner of the key is trustworthy to sign other keys at one level below their own. A level 0 signature is comparable to a web of trust signature since only the validity of
10296-732: The use of the CAST-128 (a.k.a. CAST5) symmetric key algorithm, and the DSA and ElGamal asymmetric key algorithms, all of which were unencumbered by patents. After the Federal criminal investigation ended in 1996, Zimmermann and his team started a company to produce new versions of PGP encryption. They merged with Viacrypt (to whom Zimmermann had sold commercial rights and who had licensed RSA directly from RSADSI ), which then changed its name to PGP Incorporated. The newly combined Viacrypt/PGP team started work on new versions of PGP encryption based on
10400-404: The web site is who it claims to be. This security is important for electronic commerce . In practice, a web site operator obtains a certificate by applying to a certificate authority with a certificate signing request . The certificate request is an electronic document that contains the web site name, company information and the public key. The certificate provider signs the request, thus producing
10504-539: The wildcard certificate *.wikipedia.org has *.m.wikimedia.org as a Subject Alternative Name. Thus it secures www.wikipedia.org as well as the completely different website name meta.m.wikimedia.org . RFC 6125 argues against wildcard certificates on security grounds, in particular "partial wildcards". The wildcard applies only to one level of the domain name. *.example.com matches sub1.example.com but not example.com and not sub2.sub1.domain.com The wildcard may appear anywhere inside
10608-506: Was opened again as the government appealed the case, after which a federal district judge ordered the defendant to provide the key. Evidence suggests that as of 2007, British police investigators are unable to break PGP, so instead have resorted to using RIPA legislation to demand the passwords/keys. In November 2009 a British citizen was convicted under RIPA legislation and jailed for nine months for refusing to provide police investigators with encryption keys to PGP-encrypted files. PGP as
10712-536: Was suspending further development of PGP encryption. The only remaining asset kept was the PGP E-Business Server (the original PGP Commandline version). In February 2002, NAI canceled all support for PGP products, with the exception of the renamed commandline product. NAI, now known as McAfee , continued to sell and support the commandline product under the name McAfee E-Business Server until 2013. In 2010, Intel Corporation acquired McAfee . In 2013,
10816-454: Was the successor to PGP 4, PGP 3 was renamed and released as PGP 5 in May 1997. In December 1997, PGP Inc. was acquired by Network Associates, Inc. ("NAI"). Zimmermann and the PGP team became NAI employees. NAI was the first company to have a legal export strategy by publishing source code. Under NAI, the PGP team added disk encryption, desktop firewalls, intrusion detection, and IPsec VPNs to
#686313