PGP DEVELOPERS
PGP Software Development Kit (SDK): FIPS Validation
The PGP® Software Development Kit (SDK), which is the core cryptographic technology underlying PGP Universal™ Server and other PGP® products, has been validated to the National Institute of Standards and Technology's (NIST's) Federal Information Processing Standard 140-2. FIPS 140-2 validation provides independent assurance that the standard cryptographic algorithms used within the PGP SDK and other security-critical functions throughout the PGP SDK, such as key handling, are implemented correctly.
PGP Corporation has a long history of FIPS validating its core cryptographic implementations, which are part of the PGP SDK.
PGP® Whole Disk Encryption, PGP® NetShare, PGP® Desktop, PGP Universal™, and PGP® Command Line contain the PGP SDK.The PGP SDK 3.12 is validated, and includes PGP® Desktop 9.9.1 , PGP® Universal Server™ 2.9.1.
For more information on FIPS validation, see the NIST's Cryptographic Module Validation Program.
"Having the PGP SDK available for 3rd party use is another great step forward for the security market."
- Bruce Schneier, Cryptographer
"PGP Corporation is the only commercial encryption vendor that publishes its source code, which has been under scrutiny by the world's cryptography experts for years. Even though we didn't read every line of code, this practice convinced us that its products were safe to use."
Keld Viftrup Møller, Security Designer, H. Lundbeck A/S