Pretty Good Privacy

Introduction

Pretty Good Privacy (PGP) is a computer program that provides cryptographic privacy and authentication. PGP is often used for signing, encrypting and decrypting e-mails to increase the security of e-mail communications. The first verision of the program was created by Philip Zimmermann in 1991 and contained a symmetric-key algorithm. Zimmermann had been a long-time anti-nuclear activist, and created PGP encryption so that similarly inclined people might securely use BBSs and securely store messages and files. No license was required for its non-commercial use, there was not even a nominal charge, and the complete source code was included with all copies. PGP found its way onto Usenet and from there onto the Internet, and it very rapidly acquired a considerable following around the world. 

In 1993 Zimmerman found himself the target of a Federal case investigating him for "munitions export without a license". Because at this point in history any cryptographic program which required a key larger than 40 bits was considered a munition, and PGP never used less than 128 bits and was freely available to anyone with an internet connection, the federal government had a valid case. Charges were never pressed against Zimmerman, however, he did take action to try and fight the investigation. Specifically, he published a book which was nothing except the source code for PGP. With this $60 book, the buyer could simply cut off the covers and binding, scan it into a computer, and compile the results with the freely available GNU C compiler. Even though the export of munitions was illegal, the exportation of books is protected by the first amendment. 

After the Federal criminal investigation ended in 1996, Zimmermann and his team started a company to produce new versions of PGP encryption. They merged with Viacrypt (to whom Zimmermann had sold commercial rights and who had licensed RSA directly from RSADSI) which then changed its name to PGP Incorporated. The newly combined Viacrypt/PGP team started work on new versions of PGP encryption based on the PGP 3 system. Unlike PGP 2, which was an exclusively command line program, PGP 3 was designed from the start as a software library allowing users to work from a command line or inside a GUI environment. Also, PGP 3 was to have significant security improvements over PGP 2.x fixing security errors in the certificates and allowing certificates to have seperate keys for signing and encryption. 

Inside PGP Inc., there was still concern about patent issues. RSADSI was challenging the continuation of the Viacrypt RSA license to the newly merged firm. The company adopted an informal internal standard called "Unencumbered PGP": "use no algorithm with licensing difficulties". Because of PGP encryption's importance worldwide (it is thought to be the most widely chosen quality cryptographic system), many wanted to write their own software that would interoperate with PGP 5. Zimmermann became convinced that an open standard for PGP encryption was critical for them and for the cryptographic community as a whole. In July 1997, PGP Inc. proposed to the IETF that there be a standard called OpenPGP. They gave the IETF permission to use the name OpenPGP to describe this new standard as well as any program that supported the standard. The IETF accepted the proposal and started the OpenPGP Working Group.