Filter by Category

What is PGP and How Does It Work?

When our users send a file over the internet, there are just a few things that seem important at the time:

a) Is the file complete?

b) Is it being sent to the right place?

c) Will it arrive intact?

d) Is sensitive data protected and encrypted from unauthorized recipients?

That's where encryption comes in. By scrambling the data using one or more encryption algorithms, the sender of the file feels confident that the data is secure.

But what about the file's recipient? Will they be able to decode the scrambled file?

Encrypting and Decrypting Files with PGP

For years, PGP has been one of the most widely used technologies for encrypting and decrypting files. PGP stands for "Pretty Good Privacy." It was developed in the early 1990s by Phillip Zimmerman. Today, PGP is considered one of the safest cryptographic technologies for signing, encrypting, and decrypting texts, e-mails, files, directories, and even partitions for increased security.

How PGP Works

PGP encryption employs a serial combination of hashing, data compression, symmetric-key cryptography, and public key cryptography. Each step uses one of several supported algorithms. A resulting public key is bound to a user name or email address. Current versions of PGP employ both the original "Web of Trust" authentication method and the X.509 specification of a hierarchical "Certificate Authority" method to ensure that only the right people decode the encrypted files.

Growing Pains for PGP

PGP has gone through some significant growing pains, including a widely publicized criminal investigation by the U.S. Government. (Don't worry! The investigation was closed in 1996 after Zimmerman published the source code.)

One result of PGP's growing pains has been the fragmentation of PGP. Earlier versions of the technology sometimes can't decode the more recent versions deployed within various software applications. This versioning problem has been exacerbated as PGP's ownership switched from one company to another over the last 20 years.

And yet, because PGP is such a powerful tool for ensuring privacy in data transmission, its use continues to spread far more quickly than other commercially-owned encryption technologies.

Fragmentation and the Future of PGP

How has the industry managed the issue of PGP fragmentation? The answer is the OpenPGP Alliance. In January 2001, Zimmermann started the OpenPGP Alliance, establishing a working group of developers that are seeking the qualification of OpenPGP as an Internet Engineering Task Force (IETF) Internet Standard.

By establishing OpenPGP as an Internet standard, fragmentation of PGP technology can be largely charted and controlled. This means the encrypted file destined for your system uses a documented, standardized encryption technology that allows OpenPGP to be appropriately decrypted. Today's standardization ensures privacy, promotes interoperability between different computing systems, and charts a clear path for securely interchanging data.

OpenPGP and GoAnywhere MFT

OpenPGP has reached the second stage in the IETF's four-step standards process and currently seeks draft standard status. (The standards document for OpenPGP is RFC4880.)

HelpSystems uses OpenPGP in its GoAnywhere Managed File Transfer solution. Just as importantly, HelpSystems is an active member of the OpenPGP Alliance, contributing to the processes that will ensure OpenPGP becomes a documented IETF Internet Standard. By being a member, we will make sure your investment in GoAnywhere MFT remains current, relevant, and productive.

For more information about OpenPGP and the OpenPGP Alliance, go to http://www.openpgp.org. To understand how OpenPGP can help you secure your file transfers, check out our Managed File Transfer solution page.

 

 

Add a Comment

Allowed tags: <b><i><br>

Latest Posts


What is FTPS?

December 4, 2018

Whether you’re looking to upgrade from your current FTP file transfers or have new requirements from a trading partner or customer, you might be wondering what FTPS is. How does it work, you…


Need an Alternative to AMRDEC SAFE’s File Service? Start Here

November 29, 2018

AMRDEC SAFE Shut Down Due to Security Issues Bad news for the U.S. army: AMRDEC SAFE, the Army Aviation and Missile Research Development and Engineering Center Safe Access File Exchange service that…


How 3 Financial Institutions Solve File Transfer Needs with MFT Software

November 26, 2018

On a scale of 1-10, how would you rate the efficiency of your file transfers right now? If you use manual scripts, legacy software, or a myriad of free tools to balance your encryption, automation,…


Recent 2018 Data Breaches in Healthcare (and How to Avoid Them)

November 14, 2018

Phishing attacks, malware, and employee errors. These are three of the most recent causes for healthcare data breaches in 2018, with more certainly to come. The year isn’t over yet. For anyone…


Which is Better: SFTP vs. MFT?

November 6, 2018

SFTP, or MFT: that is the question. Even though we’re not all famous poets like William Shakespeare, many IT professionals will ask this question at some point or another. Should they use an…