Posted on April 11, 2011 | | Categories: Encryption
When our users send a file over the Internet there are really just a few things that seem important to them at the time:
a) Is the file complete?
b) Is it being sent to the right place?
c) Will it arrive intact? and -- if the data is sensitive --
d) Will the intended recipient (and only that recipient) be able to use it?
That's where encryption comes in: By scrambling the data using one or more encryption algorithms, the sender of the file can feel confident that the data has been secured.
But what about the file's recipient? Will she/he be able to decode the scrambled file?
For years, PGP has been one of the most widely used technologies for encrypting and decrypting files. PGP stands for "Pretty Good Privacy" and it was developed in the early 1990s by Phillip Zimmerman. Today it is considered to be one of the safest cryptographic technologies for signing, encrypting and decrypting texts, e-mails, files, directories and even whole partitions to increase the security.
PGP encryption employs a serial combination of hashing, data compression, symmetric-key cryptography, and, finally, public-key cryptography. Each step uses one of several supported algorithms. A resulting public key is bound to a user name and/or an e-mail address. Current versions of PGP employ both the original "Web of Trust" authentication method, and the X.509 specification of a hierarchical "Certificate Authority" method to ensure that only the right people can decode the encrypted files.
Why are these details important for you to know?
PGP has gone through some significant growing pains - including a widely publicized criminal investigation by the U.S. Government. (Don't worry! The Federal investigation was closed in 1996 after Zimmerman published the source code.)
One result of PGP's growing pains has been the fragmentation of PGP: Earlier versions of the technology sometimes can not decode the more recent versions deployed within various software applications. This PGP versioning problem was exacerbated as the ownership of the PGP technology was handed off from one company to another over the last 20 years.
And yet, because PGP is such a powerful tool for ensuring privacy in data transmission, its use continues to spread far more quickly than other commercially owned encryption technologies.
So how is the industry managing the issue of PGP fragmentation? The answer is the OpenPGP Alliance.
In January 2001, Zimmermann started the OpenPGP Alliance, establishing a Working Group of developers that are seeking the qualification of OpenPGP as an Internet Engineering Task Force (IETF) Internet Standard.
Why is this important to you? By establishing OpenPGP as an Internet Standard, fragmentation of the PGP technology can be charted and - to a large degree - controlled.
This means that the encrypted file destined for your system will be using a documented, standardized encryption technology that OpenPGP can be appropriately decrypted. The standardization helps ensure privacy, interoperability between different computing systems, and the charting of a clear path for securely interchanging data.
OpenPGP has now reached the second stage in the IETF's four-step standards process, and is currently seeking draft standard status. (The standards document for OpenPGP is RFC4880.)
Linoma Software [now HelpSystems] uses OpenPGP in its GoAnywhere Director Managed File Transfer solution. Just as importantly, Linoma Software [now HelpSystems] is an active member of the OpenPGP Alliance, contributing to the processes that will ensure that OpenPGP becomes a documented IETF Internet Standard. This will ensure that your investment in Linoma's GoAnywhere managed file transfer software remains current, relevant, and productive.
For more information about OpenPGP and the OpenPGP Alliance, go to http://www.openpgp.org. To better understand how OpenPGP can help your company secure its data transfers, check out Linoma Software's [now HelpSystems] GoAnywhere Director managed file transfer (MFT) solution.