Pretty Good Privacy – Wikipedia

Computer program for data encoding, primarily in e-mail ( PGP )

not to be confused with GPG
Pretty Good Privacy ( PGP ) is an encoding program that provides cryptanalytic privacy and authentication for data communication. PGP is used for sign, encrypting, and decrypting texts, e-mails, files, directories, and wholly magnetic disk partitions and to increase the security of e-mail communications. Phil Zimmermann developed PGP in 1991. [ 3 ]

PGP and like software follow the OpenPGP, an assailable standard of PGP encoding software, standard ( RFC 4880 ) for encrypting and decrypting data .

design [edit ]

How PGP encoding works visually PGP encoding uses a serial combination of hash, data compression, symmetric-key cryptography, and last public-key cryptanalysis ; each step uses one of several supported algorithm. Each public key is bound to a username or an e-mail savoir-faire. The beginning adaptation of this system was by and large known as a web of trust to contrast with the X.509 system, which uses a hierarchical border on based on certificate authority and which was added to PGP implementations late. current versions of PGP encoding include options through an automated key management server .

PGP fingermark [edit ]

A populace key fingermark is a shorter translation of a populace key. From a fingerprint, person can validate the correct corresponding populace key. A fingerprint like C3A6 5E46 7B54 77DF 3C4C 9790 4D22 B3CA 5B32 FF66 can be printed on a occupation poster. [ 4 ] [ 5 ]

compatibility [edit ]

As PGP evolves, versions that support new features and algorithms can create code messages that older PGP systems can not decrypt, flush with a valid individual key. therefore, it is essential that partners in PGP communication understand each other ‘s capabilities or at least agree on PGP settings. [ 6 ]

confidentiality [edit ]

PGP can be used to send messages confidentially. [ 7 ] For this, PGP uses a hybrid cryptosystem by combining symmetric-key encoding and public-key encoding. The message is encrypted using a symmetrical encoding algorithm, which requires a symmetrical keystone generated by the transmitter. The symmetrical cardinal is used only once and is besides called a session key. The message and its session key are sent to the telephone receiver. The seance keystone must be sent to the recipient so they know how to decrypt the message, but to protect it during transmittance it is encrypted with the telephone receiver ‘s populace key. merely the private key belonging to the receiver can decrypt the school term identify, and use it to symmetrically decrypt the message .

Digital signatures [edit ]

PGP supports message authentication and integrity check. The latter is used to detect whether a message has been altered since it was completed ( the message integrity property ) and the former, to determine whether it was actually sent by the person or entity claimed to be the transmitter ( a digital signature ). Because the subject is encrypted, any changes in the message will fail the decoding with the appropriate key. The transmitter uses PGP to create a digital signature for the message with either the RSA or DSA algorithm. To do thus, PGP computes a hashish ( besides called a message digest ) from the plaintext and then creates the digital signature from that hashish using the transmitter ‘s secret identify .

Web of trust [edit ]

Both when code messages and when verifying signatures, it is critical that the public cardinal used to send messages to person or some entity actually does ‘belong ‘ to the intended recipient. Simply downloading a populace key from somewhere is not a reliable assurance of that association ; careful ( or accidental ) caricature is possible. From its first version, PGP has always included provisions for distributing user ‘s populace keys in an ‘ identity documentation ‘, which is besides constructed cryptographically indeed that any tamper ( or accidental falsify ) is readily detectable. however, merely making a certificate that is impossible to modify without being detected is insufficient ; this can prevent corruption alone after the certificate has been created, not ahead. Users must besides ensure by some means that the public key in a certificate actually does belong to the person or entity claiming it. A given public key ( or more specifically, data binding a drug user identify to a key ) may be digitally signed by a third-party user to attest to the association between person ( actually a drug user name ) and the cardinal. There are several levels of confidence that can be included in such signatures. Although many programs read and write this information, few ( if any ) include this level of authentication when calculating whether to trust a key. The web of trust protocol was first described by Phil Zimmermann in 1992, in the manual for PGP interpretation 2.0 :

As time goes on, you will accumulate keys from other people that you may want to designate as hope introducers. Everyone else will each choose their own trust introducers. And everyone will gradually accumulate and distribute with their key a collection of certifying signatures from other people, with the arithmetic mean that anyone receiving it will trust at least one or two of the signatures. This will cause the emergence of a decentralized fault-tolerant vane of assurance for all public keys .

The vane of trust mechanism has advantages over a centrally managed public key infrastructure schema such as that used by S/MIME but has not been universally used. Users have to be volition to accept certificates and check their robustness manually or have to simply accept them. No satisfactory solution has been found for the underlie trouble .

Certificates [edit ]

In the ( more holocene ) OpenPGP specification, trust signatures can be used to support universe of certificate authorities. A reliance signature indicates both that the key belongs to its claim owner and that the owner of the key is trustworthy to sign other keys at one level below their own. A level 0 signature is comparable to a vane of trust touch since only the robustness of the key is certified. A level 1 signature is like to the trust one has in a certificate authority because a key signed to level 1 is able to issue an outright number of horizontal surface 0 signatures. A floor 2 touch is highly analogous to the trust assumption users must rely on whenever they use the default certificate agency tilt ( like those included in web browsers ) ; it allows the owner of the identify to make other keys security authorities. PGP versions have always included a room to cancel ( ‘revoke ‘ ) populace identify certificates. A lost or compromise private key will require this if communication security is to be retained by that exploiter. This is, more or less, equivalent to the security revocation lists of centralized PKI schemes. recent PGP versions have besides supported certificate passing dates. The problem of correctly identifying a public key as belonging to a especial drug user is not alone to PGP. All public key/private key cryptosystems have the same problem, even if in slenderly different guises, and no in full satisfactory solution is known. PGP ‘s original scheme at least leaves the decision as to whether or not to use its endorsement/vetting system to the user, while most early PKI schemes do not, requiring alternatively that every certificate attested to by a cardinal certificate authority be accepted as discipline .

Security quality [edit ]

To the best of publicly available information, there is no know method which will allow a person or group to break PGP encoding by cryptanalytic, or computational means. indeed, in 1995, cryptographer Bruce Schneier characterized an early translation as being “ the closest you ‘re probable to get to military-grade encoding. ” [ 8 ] early versions of PGP have been found to have theoretical vulnerabilities and so stream versions are recommended. [ 9 ] In addition to protecting data in transportation system over a net, PGP encoding can besides be used to protect data in long-run data repositing such as phonograph record files. These long-run storage options are besides known as data at rest, i.e. data stored, not in transportation system. The cryptanalytic security of PGP encoding depends on the assumption that the algorithm used are unbreakable by direct cryptanalysis with current equipment and techniques. In the original version, the RSA algorithm was used to encrypt session keys. RSA ‘s security depends upon the one-way function nature of mathematical integer factor. [ 10 ] similarly, the symmetrical samara algorithm used in PGP translation 2 was IDEA, which might at some orient in the future be found to have previously undetected cryptanalytic flaws. particular instances of current PGP or IDEA insecurities ( if they exist ) are not publicly known. As current versions of PGP have added extra encoding algorithm, their cryptanalytic vulnerability varies with the algorithm used. however, none of the algorithm in stream function are publicly known to have cryptanalytic weaknesses. New versions of PGP are released sporadically and vulnerabilities fixed by developers as they come to light. Any agency wanting to read PGP messages would credibly use easier means than standard cryptanalysis, e.g. rubber-hose cryptanalysis or black-bag cryptanalysis ( e.g. installing some shape of trojan sawhorse or keystroke logging software/hardware on the target calculator to capture code keyrings and their passwords ). The FBI has already used this attack against PGP [ 11 ] [ 12 ] in its investigations. however, any such vulnerabilities apply not precisely to PGP but to any conventional encoding software. In 2003, an incident involving seized Psion PDAs belonging to members of the Red Brigade indicated that neither the italian patrol nor the FBI were able to decrypt PGP-encrypted files stored on them. [ 13 ] [ unreliable source? ] A second incident in December 2006, ( see In re Boucher ), involving US customs agents who seized a laptop personal computer that allegedly contained child pornography, indicates that united states government agencies find it “ closely impossible ” to access PGP-encrypted files. additionally, a magistrate judge rule on the event in November 2007 has stated that forcing the fishy to reveal his PGP passphrase would violate his Fifth Amendment rights i.e. a fishy ‘s constituent right not to incriminate himself. [ 14 ] [ 15 ] The Fifth Amendment issue was opened again as the government appealed the shell, after which a federal zone evaluator ordered the defendant to provide the key. [ 16 ] evidence suggests that as of 2007, british police investigators are ineffective to break PGP, [ 17 ] thus alternatively have resorted to using RIPA legislation to demand the passwords/keys. In November 2009 a british citizen was convicted under RIPA legislation and jailed for nine months for refusing to provide patrol investigators with encoding keys to PGP-encrypted files. [ 18 ] PGP as a cryptosystem has been criticized for complexity of the standard, execution and identical low serviceability of the exploiter interface [ 19 ] including by recognized figures in cryptography research. [ 20 ] [ 21 ] It uses an ineffective serialization format for storehouse of both keys and encrypted data, which resulted in signature-spamming attacks on public keys of outstanding developers of GNU Privacy Guard. Backwards compatibility of the OpenPGP standard results in use of relatively decrepit default choices of cryptanalytic primitives ( CAST5 cipher, CFB mode, S2K password hashing ). [ 22 ] The standard has been besides criticized for leaking metadata, custom of long-run keys and lack of ahead privacy. popular end-user implementations have suffered from diverse signature-striping, cipher downgrade and metadata escape vulnerabilities which have been attributed to the complexity of the standard. [ 23 ]

history [edit ]

early history [edit ]

Phil Zimmermann created the first adaptation of PGP encoding in 1991. The name, “ pretty good privacy ” was inspired by the identify of a grocery store storehouse, “ Ralph ‘s Pretty full Grocery ”, featured in radio receiver host Garrison Keillor ‘s fabricated town, Lake Wobegon. [ 24 ] This first translation included a symmetric-key algorithm that Zimmermann had designed himself, named BassOmatic after a Saturday Night Live sketch. Zimmermann had been a long-time anti-nuclear activist, and created PGP encoding therefore that similarly incline people might securely use BBSs and securely store messages and files. No license fee was required for its non-commercial function, and the complete beginning code was included with all copies. In a post of June 5, 2001, entitled “ PGP Marks tenth Anniversary ”, [ 25 ] Zimmermann describes the circumstances surrounding his free of PGP :

It was on this day in 1991 that I sent the first release of PGP to a couple of my friends for uploading to the Internet. First, I sent it to Allan Hoeltje, who posted it to Peacenet, an ISP that specialized in grassroots political organizations, chiefly in the peace motion. Peacenet was accessible to political activists all over the world. then, I uploaded it to Kelly Goen, who proceeded to upload it to a Usenet newsgroup that specialized in distributing beginning code. At my request, he marked the Usenet post as “ US lone ”. Kelly besides uploaded it to many BBS systems around the area. I do n’t recall if the postings to the Internet began on June 5th or 6th. It may be surprising to some that back in 1991, I did not so far know adequate about Usenet newsgroups to realize that a “ US lone ” tag was merely an advisory tag that had little real effect on how Usenet propagated newsgroup postings. I thought it actually controlled how Usenet routed the poster. But back then, I had no hint how to post anything on a newsgroup, and did n’t tied have a clear theme what a newsgroup was .

PGP found its way onto the Internet and quickly acquired a considerable following around the world. Users and supporters included dissidents in totalitarian countries ( some affecting letters to Zimmermann have been published, some of which have been included in testimony before the US Congress ), civil libertarians in other parts of the world ( see Zimmermann ‘s published testimony in assorted hearings ), and the ‘free communications ‘ activists who called themselves cypherpunks ( who provided both promotion and distribution ) ; decades later, CryptoParty activists did much the lapp via Twitter .

criminal investigation [edit ]

concisely after its handout, PGP encoding found its way outside the United States, and in February 1993 Zimmermann became the formal target of a criminal investigation by the US Government for “ munitions export without a license ”. At the time, cryptosystems using keys larger than 40 bits were considered munitions within the definition of the US export regulations ; PGP has never used keys smaller than 128 bits, so it qualified at that time. Penalties for rape, if found guilty, were hearty. After respective years, the probe of Zimmermann was closed without filing criminal charges against him or anyone else. Zimmermann challenged these regulations in an imaginative way. He published the entire beginning code of PGP in a hardbacked book, [ 26 ] via MIT Press, which was distributed and sold wide. Anybody wishing to build their own imitate of PGP could cut off the covers, separate the pages, and scan them using an OCR program ( or conceivably enter it as a type-in program if OCR software was not available ), creating a hardening of beginning code text files. One could then build the application using the freely available GNU Compiler Collection. PGP would thus be available anywhere in the worldly concern. The claim principle was bare : export of munitions —guns, bombard, planes, and software—was ( and remains ) restricted ; but the export of books is protected by the First Amendment. The question was never tested in woo with deference to PGP. In cases addressing other encoding software, however, two federal appeals courts have established the rule that cryptanalytic software source code is speech protected by the First Amendment ( the Ninth Circuit Court of Appeals in the Bernstein event and the Sixth Circuit Court of Appeals in the Junger shell ).

US export regulations regarding cryptography remain in force, but were liberalized well throughout the late 1990s. Since 2000, submission with the regulations is besides much easier. PGP encoding nobelium longer meets the definition of a non-exportable weapon, and can be exported internationally except to seven specific countries and a list of named groups and individuals [ 27 ] ( with whom well all US trade is prohibited under assorted US export controls ) .

PGP 3 and establish of PGP Inc . [edit ]

During this agitation, Zimmermann ‘s team worked on a new version of PGP encoding called PGP 3. This new version was to have considerable security improvements, including a new certificate structure that fixed little security flaws in the PGP 2.x certificates american samoa well as permitting a certificate to include separate keys for sign and encoding. furthermore, the know with patent and export problems led them to eschew patents wholly. PGP 3 introduced the consumption of the CAST-128 ( a.k.a. CAST5 ) symmetric samara algorithm, and the DSA and ElGamal asymmetrical key algorithms, all of which were unencumbered by patents. After the Federal criminal probe ended in 1996, Zimmermann and his team started a company to produce new versions of PGP encoding. They merged with Viacrypt ( to whom Zimmermann had sold commercial rights and who had licensed RSA directly from RSADSI ), which then changed its name to PGP Incorporated. The newly combined Viacrypt/PGP team started function on newfangled versions of PGP encoding based on the PGP 3 system. Unlike PGP 2, which was an entirely instruction line program, PGP 3 was designed from the startle as a software library allowing users to work from a command production line or inside a GUI environment. The original agreement between Viacrypt and the Zimmermann team had been that Viacrypt would have even-numbered versions and Zimmermann odd-numbered versions. Viacrypt, frankincense, created a new translation ( based on PGP 2 ) that they called PGP 4. To remove confusion about how it could be that PGP 3 was the successor to PGP 4, PGP 3 was renamed and released as PGP 5 in May 1997 .

Network Associates acquisition [edit ]

In December 1997, PGP Inc. was acquired by Network Associates, Inc. ( “ NAI ” ). Zimmermann and the PGP team became NAI employees. NAI was the beginning company to have a legal export strategy by publishing informant code. Under NAI, the PGP team added phonograph record encoding, background firewalls, intrusion detection, and IPsec VPNs to the PGP family. After the export regulation liberalizations of 2000 which no longer want print of reference, NAI stopped releasing source code. [ 28 ] In early 2001, Zimmermann left NAI. He served as Chief Cryptographer for Hush Communications, who provide an OpenPGP-based electronic mail service, Hushmail. He has besides worked with Veridis and other companies. In October 2001, NAI announced that its PGP assets were for sale and that it was suspending far exploitation of PGP encoding. The entirely remaining asset preserve was the PGP E-Business Server ( the original PGP Commandline interpretation ). In February 2002, NAI canceled all support for PGP products, with the exception of the rename commandline product. NAI ( once McAfee, then Intel Security, and immediately McAfee again ) continued to sell and support the product under the diagnose McAfee E-Business Server until 2013. [ 29 ] [ 30 ] [ 31 ]

PGP Corporation and Symantec [edit ]

In August 2002, respective ex-PGP team members formed a modern company, PGP Corporation, and bought the PGP assets ( except for the control line version ) from NAI. The newly company was funded by Rob Theis of Doll Capital Management ( DCM ) and Terry Garnett of Venrock Associates. PGP Corporation supported existing PGP users and honored NAI ‘s support contracts. Zimmermann served as a special adviser and adviser to PGP Corporation while continuing to run his own consult company. In 2003, PGP Corporation created a raw server-based product called PGP Universal. In mid-2004, PGP Corporation shipped its own command channel version called PGP Command Line, which integrated with the other PGP Encryption Platform applications. In 2005, PGP Corporation made its first skill : the german software company Glück & Kanja Technology AG, [ 32 ] which became PGP Deutschland AG. [ 33 ] In 2010, PGP Corporation acquired Hamburg-based security authority TC TrustCenter and its parent company, ChosenSecurity, to form its PGP TrustCenter [ 34 ] division. [ 35 ] After the 2002 purchase of NAI ‘s PGP assets, PGP Corporation offered global PGP technical digest from its offices in Draper, Utah ; Offenbach, Germany ; and Tokyo, Japan. On April 29, 2010, Symantec Corp. announced that it would acquire PGP for $ 300 million with the purpose of integrating it into its Enterprise Security Group. [ 36 ] This learning was finalized and announced to the public on June 7, 2010. The source code of PGP Desktop 10 is available for peer inspection. [ 37 ] besides in 2010, Intel Corporation acquired McAfee. In 2013, the McAfee E-Business Server was transferred to Software Diversified Services, which now sells, supports, and develops it under the name SDS E-Business Server. [ 29 ] [ 30 ] For the enterprise, Townsend Security presently offers a commercial translation of PGP for the IBM one and IBM z mainframe platforms. Townsend Security partnered with Network Associates in 2000 to create a compatible version of PGP for the IBM iodine platform. Townsend Security again ported PGP in 2008, this time to the IBM z central processing unit. This version of PGP relies on a barren z/OS encoding facility, which utilizes hardware acceleration. Software Diversified Services besides offers a commercial adaptation of PGP ( SDS E-Business Server ) for the IBM z central processing unit. In May 2018, a microbe named EFAIL was discovered in certain implementations of PGP which from 2003 could reveal the plaintext contents of emails encrypted with it. [ 38 ] [ 39 ] The chosen extenuation for this vulnerability in PGP Desktop is to mandate the use SEIP protected packets in the ciphertext, which can lead to honest-to-god emails or other code objects to be nobelium longer decryptable after upgrading to the software version that has the extenuation. [ 40 ]

PGP Corporation encoding applications [edit ]

This section describes commercial programs available from PGP Corporation. For information on other programs compatible with the OpenPGP specification, see External links below.

While primitively used primarily for encrypting the contents of electronic mail messages and attachments from a background customer, PGP products have been diversified since 2002 into a set of encoding applications that can be managed by an optional central policy server. PGP encoding applications include e-mails and attachments, digital signatures, laptop full disk encoding, file and booklet security, security for IM sessions, batch file transfer encoding, and protection for files and folders stored on network servers and, more recently, encrypted or signed HTTP request/responses by means of a client-side ( Enigform ) and a server-side ( mod openpgp ) module. There is besides a WordPress plugin available, called wp-enigform-authentication, that takes advantage of the session management features of Enigform with mod_openpgp. The PGP Desktop 9.x family includes PGP Desktop Email, PGP Whole Disk Encryption, and PGP NetShare. additionally, a number of Desktop bundles are besides available. Depending on the application, the products feature desktop e-mail, digital signatures, IM security, solid phonograph record encoding, file, and folder security, encrypted self-extracting archives, and procure shred of edit files. Capabilities are licensed in different ways depending on the features required. The PGP Universal Server 2.x management console table handles centralized deployment, security system policy, policy enforcement, keystone management, and report. It is used for automated e-mail encoding in the gateway and manages PGP Desktop 9.x clients. In summation to its local keyserver, PGP Universal Server works with the PGP public keyserver—called the PGP Global Directory—to find recipient keys. It has the capability of delivering e-mail securely when no recipient role key is found via a batten HTTPS browser session. With PGP Desktop 9.x managed by PGP Universal Server 2.x, beginning released in 2005, all PGP encoding applications are based on a newly proxy-based architecture. These newer versions of PGP software eliminate the use of e-mail plug-ins and insulate the user from changes to other desktop applications. All background and server operations are now based on security system policies and engage in an automatize fashion. The PGP Universal waiter automates the universe, management, and termination of keys, sharing these keys among all PGP encoding applications. The Symantec PGP platform has now undergone a rename. PGP Desktop is now known as Symantec Encryption Desktop ( SED ), and the PGP Universal Server is now known as Symantec Encryption Management Server ( SEMS ). The current ship versions are Symantec Encryption Desktop 10.3.0 ( Windows and macOS platforms ) and Symantec Encryption Server 3.3.2. besides available are PGP Command-Line, which enables command line-based encoding and sign of information for storage, transfer, and backup, a well as the PGP Support Package for BlackBerry which enables RIM BlackBerry devices to enjoy sender-to-recipient message encoding. New versions of PGP applications use both OpenPGP and the S/MIME, allowing communications with any user of a NIST stipulate standard. [ citation needed ]

OpenPGP [edit ]

Within PGP Inc., there was still concern surrounding patent issues. RSADSI was challenging the good continuation of the Viacrypt RSA license to the newly merged firm. The company adopted an informal internal standard that they called “ Unencumbered PGP ” which would “ use no algorithm with license difficulties ”. Because of PGP encoding ‘s importance cosmopolitan, many wanted to write their own software that would interoperate with PGP 5. Zimmermann became convinced that an open standard for PGP encoding was critical for them and for the cryptanalytic residential district as a whole. In July 1997, PGP Inc. proposed to the IETF that there be a standard called OpenPGP. They gave the IETF permission to use the name OpenPGP to describe this raw standard adenine well as any plan that supported the standard. The IETF accepted the proposal and started the OpenPGP Working Group. OpenPGP is on the Internet Standards Track and is under active development. many e-mail clients provide OpenPGP-compliant electronic mail security as described in RFC 3156. The current specification is RFC 4880 ( November 2007 ), the successor to RFC 2440. RFC 4880 specifies a cortege of required algorithm consisting of ElGamal encoding, DSA, Triple DES and SHA-1. In addition to these algorithms, the standard recommends RSA as described in PKCS # 1 v1.5 for encoding and sign, angstrom well as AES-128, CAST-128 and IDEA. Beyond these, many other algorithms are supported. The standard was extended to support Camellia nothing by RFC 5581 in 2009, and sign and key substitute based on Elliptic Curve Cryptography ( ECC ) ( i.e. ECDSA and ECDH ) by RFC 6637 in 2012. support for ECC encoding was added by the proposed RFC 4880bis in 2014. The Free Software Foundation has developed its own OpenPGP-compliant software suite called GNU Privacy Guard, freely available in concert with all source code under the GNU General Public License and is maintained individually from several graphic user interfaces that interact with the GnuPG library for encoding, decoding, and signing functions ( see KGPG, Seahorse, MacGPG ). [ undue weight? – discuss ] Several other vendors [ specify ] have besides developed OpenPGP-compliant software. The development of an open source OpenPGP-compliant library, OpenPGP.js, written in JavaScript and supported by the Horizon 2020 Framework Programme of the European Union, [ 41 ] has allowed web-based applications to use PGP encoding in the vane browser .

  • PGP
    • RFC 1991 PGP Message Exchange Formats (obsolete)
  • OpenPGP
    • RFC 2440 OpenPGP Message Format (obsolete)
    • RFC 4880 OpenPGP Message Format
    • RFC 5581 The Camellia Cipher in OpenPGP
    • RFC 6637 Elliptic Curve Cryptography (ECC) in OpenPGP
    • draft-ietf-openpgp-crypto-refresh OpenPGP Message Format
  • PGP/MIME
    • RFC 2015 MIME Security with Pretty Good Privacy (PGP)
    • RFC 3156 MIME Security with OpenPGP

OpenPGP ‘s encoding can ensure the guarantee delivery of files and messages, deoxyadenosine monophosphate well as put up verification of who created or sent the message using a process called digital sign. The open source office suite LibreOffice implemented document sign with OpenPGP as of translation 5.4.0 on Linux. [ 43 ] Using OpenPGP for communication requires participation by both the sender and recipient role. OpenPGP can besides be used to secure sensible files when they are stored in vulnerable places like mobile devices or in the cloud. [ 44 ]

Limitations [edit ]

With the advancement of cryptography, parts of PGP have been criticized for being dated :

  • The long length of PGP public keys[45]
  • Difficulty for the users to comprehend and poor usability[21]
  • Lack of ubiquity[21]
  • Lack of forward secrecy[45]

In October 2017, the ROCA vulnerability was announced, which affects RSA keys generated by balmy Infineon firmware used on Yubikey 4 tokens, much used with PGP. Many published PGP keys were found to be susceptible. [ 46 ] Yubico offers barren successor of affected tokens. [ 47 ]

In popular culture [edit ]

PGP is referenced in the 1998 film Anarchy television receiver. [ 48 ] At 1:07:18 into the movie there is a 3.5 ” diskette phonograph record with that is portrayed to be encrypted with PGP .

See besides [edit ]

References [edit ]

far reading [edit ]

Leave a Reply

Your email address will not be published.