PGP Frequently Asked Questions (FAQ)

• Why is it important that PGP technology is one of two standards recommended by the National Institute of Standards & Technology (NIST)?
• Why is it important that PGP solutions are built on the recognized OpenPGP (RFC 2440 and RFC 3156) standard?
• Why is it important to publish source code for peer review?
• Other companies claim to sell PGP encryption. Why should I buy from PGP Corporation?
• Why is it important to source all your encryption solutions from a single vendor?
• Why is it important that PGP products have been tested by cryptographic experts and in use for more than a decade?
• Was PGP Corporation once owned by Network Associates?
• How was PGP Corporation formed?
• What is “new” about the new PGP Corporation?

Why is it important that PGP technology is one of two standards recommended by the National Institute of Standards & Technology (NIST)?
There are two message encryption standards recommended by NIST: S/MIME and OpenPGP. When PGP technology was first introduced more than a decade ago, it proved so easy for users to exchange keys and encrypt mail that adoption spread rapidly. The popularity of both OpenPGP and S/MIME prevented NIST from recommending only one standard for encryption. As the creator of OpenPGP, PGP Corporation is in a unique position to develop solutions based on a recognized and widely used message encryption standard. In recognition of the large S/MIME user base, PGP products support that standard as well.

Why is it important that PGP solutions are built on the recognized OpenPGP (RFC 2440 and RFC 3156) standard?
PGP technology is non-proprietary, ensuring companies and individuals interoperability with other standards-based products, whether they are part of legacy or current systems.

Why is it important to publish source code for peer review?
PGP Corporation is unique among commercial security software developers for its corporate policy of publishing product source code for peer review. This unparalleled level of insight into PGP products allows customers and security experts alike to review PGP implementations and provide valuable technical feedback to the company.

"Many in the security industry philosophically believe that widely published source code is the only way to give [a product] vigorous review and improve its security."
- Network World

Other companies claim to sell PGP encryption. Why should I buy from PGP Corporation?
PGP Corporation has in-depth experience with PGP encryption and a dedicated development team, many of whom have been involved with the technology and products since their inception. PGP Corporation is also the only major commercial software organization to publish product source code for peer review. The company makes its source code publicly available to ensure the integrity of its cryptographic implementation.

Why is it important to source all your encryption solutions from a single vendor?
PGP Corporation offers a continuum of security solutions to protect confidential information in transit as well as in storage. Not only do PGP solutions work together seamlessly, they provide price and operational efficiencies not offered by products purchased from multiple vendors.

Why is it important that PGP products have been tested by cryptographic experts and in use for more than a decade?
Cryptography is difficult, and implementers often make subtle mistakes in implementation. Therefore, most customers prefer products based on cryptography developed by a dedicated team that has been refining the core technology for more than a decade. They also want to be able to look at the source code or feel confident that experts have already done so. PGP product source code is downloaded at least 300 times each week, allowing anyone interested in reviewing it to do so. This public review enables cryptographers, developers, and security experts to verify that the products work as expected.

Was PGP Corporation once owned by Network Associates?
PGP technology has been in commercial use for more than 10 years. PGP Inc., a private company, was formed in 1991 and acquired by Network Associates in 1997. Network Associates lacked a technology vision for the PGP product line and sold it to a newly formed, independent PGP Corporation in June 2002.

How was PGP Corporation formed?
PGP Corporation was incorporated in June 2002 by a management team composed of technology industry veterans and former PGP executives, developers, and patent holders. The group raised $14 million of venture funding from DCM-Doll Capital Management and Venrock Associates, two highly respected venture capital firms, to purchase assets, upgrade existing products, and develop new technology.

What is “new” about the new PGP Corporation?
The new PGP Corporation was founded on a completely new vision of securing digital assets. Although existing desktop products are technically excellent and extremely secure, they are impractical for universal deployed because they rely on users to learn how to use the security products and to follow policy by remembering when they must use security. The new PGP Corporation has taken the same trusted core cryptographic product and, through innovative technology, made it transparent to users. With the new PGP Universal product line, email security is now practical to deploy with all users because email is secured, and policy enforced automatically by the network.