Trusted PGP Products

PGP Corporation uses cryptography to control access to messages and data. Users of cryptographic software need to have confidence in their software. This confidence does not include merely referring to software quality control, but also to the possibility that deliberate flaws have been introduced to allow governments or other parties to read encrypted data. PGP® software contains no backdoors. It is constructed with the full cryptographic strength of the algorithms it implements. No third party—whether it is a national government or other agency—can tamper with PGP software. The software PGP Corporation signs and distributes has been created with integrity.

The best way to know a product is secure is to look at the source code. Although source code for most companies is considered a trade secret, PGP Corporation knows that making it available is the best way for customers to validate for themselves the integrity of PGP® products. Therefore, PGP Corporation publishes its product source code. PGP Corporation is the only commercial security vendor to publish product source code.

Any qualified individual can request a copy of PGP® source code, look at the code itself, verify the product has integrity, compile the code, and compare it to the commercial product. No backdoor or hidden access has ever been found.

Backdoors should not be confused with patented PGP® Additional Decryption Key (ADK) technology. ADK technology meets the needs of some organizations to use a corporate key in conjunction with users' individual private keys, providing access to encrypted data (according to security policy) even if a user key is lost or unavailable. A configurable feature of PGP Universal™ Server, the ADK is used in conjunction with PGP Corporation's patented Key Splitting. Key Splitting allows the corporate ADK to be divided into a number of "key shares" and distributed to multiple corporate officials, so no one individual can gain access to encrypted data.