Friday, April 1, 2016

PGP vs OpenPGP vs GnuPG

PGP is a widely known software program using which one can sign, encrypt and decrypt documents, texts or emails. It can even be used to encrypt a whole disk.

But, we often see the terms PGP, OpenPGP and GnuPG. Are they same or are they different ? How are they different from each other ?

Let's try to understand that.

What is PGP ?

PGP or Pretty Good Privacy is a software program which was first created by Phil Zimmermann in 1991. History of PGP is actually pretty rich.

After creating the program in 1991, Zimmermann and his team started a company in 1996. The company started to develop new versions of PGP. It was merged with ViaCrypt and the company was named PGP Inc. They started developing PGP 3 which could be used with GUI.

In 1997, PGP Inc was acquired by Network Associates Inc. Zimmermann and his team became members of the company.

Under Network Associates Inc, PGP team started adding new features to the existing PGP program. It was at that time when features of Disk Encryption, Desktop Firewalls, Intrusion Detection and IPSec VPN was added.

In 2001, Zimmermann left Network Associates Inc.

In 2002, ex-PGP team members formed a new company named PGP Corp and bought most of the PGP assets from Network Associates Inc. Zimmermann now serves as a special advisor and consultant to PGP Corp.

What is OpenPGP ?

OpenPGP is the standard defined by OpenPGP Working Group of the Internet Engineering Task Force or IETF.

The OpenPGP Working Group was formed in 1997 and they defined the standard OpenPGP which was since then a proprietary product since 1991.

As OpenPGP became an IETF Proposed Standard, OpenPGP can now be implemented by any company without paying any license fees to anyone.

What is GnuPG ?

GnuPG or GNU Privacy Guard is an OpenPGP compliant program which was developed by Free Software Foundation.

GnuPG is freely available together with its source code under the GNU General Public License or GPL.

Now, several other vendors also have developed other OpenPGP compliant software.

The difference between PGP, OpenPGP and GnuPG

So, to summarize, PGP is the software program which was first developed by Phil Zimmermann in 1991. OpenPGP is the standard proposed by IETF. And, GnuPG is a freely available software under GNU General Public License.

How to use PGP ?

PGP is based on Public Key Cryptography. A user has to first create a public-private keypair. The private key is kept secret with the user and the public key can be distributed. This keypair can later be used to sign, encrypt or decrypt documents, texts, emails etc.

Digital Signature

Digital Signature is done to ensure authenticity and integrity of a document. A user has to make digital signatures using his private key. Any user who has public key of the sender, would be able to verify that the document is indeed sent by the particular sender and is unmodified since then.

Encryption and Decryption

To send someone an encrypted document or email securely, one has to encrypt it using the public key of the recipient. The recipient needs ro decrypt key using his private key. As the private key secret to the recipient only, only the recipient would be able to get the message.

Signing and Encryption

If a sender wants to send secret message to a recipient and ensure the authenticity and integrity of the message at the same time, then the sender has to sign as well as encrypt the message.

For that purpose, the sender needs to sign it using his provate key and encrypt it with the public key of the recipient. As the private keys are kept secret to users, only the recipient would be able to decrypt the message and at the same time, no one else other than the sender would be able to modify the message.

Read More

No comments:

Post a Comment