With privacy capabilities of encryption methods such as PGP (Pretty Good Privacy), data security can be heightened and privacy can be achieved. There are various approaches, however, and various elements of comparison for each of these acronyms. This article will explore the differences between PGP, OpenPGP, and GPG (GNU Privacy Guard), offering brief histories of their creations and summaries of their capabilities.
PGP (Pretty Good Privacy)
The company, PGP Inc., owned the rights to the original PGP encryption software. This software was developed by Phil Zimmermann & Associates, LLC and released in 1991 to ensure the security of files that were posted on pre-internet bulletin boards. From 1997 until 2010, the software changed hands several times until it was acquired by Symantec Corp., who continues to develop the PGP brand.
PGP encryption uses a combination of encryption methodologies such as hashing, data compression, symmetric-key cryptography and public key cryptography to keep data secure. This process can be used to encrypt text files, emails, data files, directories and disk partitions.
Zimmerman, one of the original PGP developers, soon began work on an open-source version of PGP encryption that employed encryption algorithms that had no licensing issues.
In 1997 he submitted an open-source PGP (OpenPGP) standards proposal to the IETF (Internet Engineering Task Force), to allow PGP standards-compliant encryption vendors to provide solutions that were compatible with other OpenPGP-compliant software vendors. This strategy created an open and competitive environment for PGP encryption tools to thrive.
Today, OpenPGP is a standard of PGP that is open-source for public use, and the term can be used to describe any program that supports the OpenPGP system.
GPG (GNU Privacy Guard)
GnuPGP was developed by Werner Koch and released in 1999 as an alternative to what is now Symantec's software suite of encryption tools. It is available as a free software download, and is based on the OpenPGP standards established by the IETF so that it would be interoperable with Symantec's PGP tools as well as OpenPGP standards. Therefore, GPG can open and unencrypt any PGP and OpenPGP standards file.
GPG provides a graphic user interface when integrating into email and program systems such as Linux. Some software solutions for encryption utilize GPG coding, while others encrypt using command line functions in a menu-based Perl script.
OpenPGP is the IETF-approved standard that describes encryption technologies that use processes that are interoperable with PGP. PGP is a proprietary encryption solution, and the rights to its software are owned by Symantec. GPG is another popular solution that follows the OpenPGP standards to provide an interface for end users to easily encrypt their files.
As the need to encrypt and protect data becomes ever more critical, organizations will continue to develop software based on these three systems.