Home > developers > PGP SDK > PGP Software Development Kit (SDK): FIPS Validation

PGP Software Development Kit (SDK): FIPS Validation

The PGP® Software Development Kit (SDK), which is the core cryptographic technology underlying PGP Universal™ Server and other PGP® products, has been validated to the National Institute of Standards and Technology's (NIST's) Federal Information Processing Standard 140-2. FIPS 140-2 validation provides independent assurance that the standard cryptographic algorithms used within the PGP SDK and other security-critical functions throughout the PGP SDK, such as key handling, are implemented correctly.

PGP Corporation has a long history of FIPS validating its core cryptographic implementations, which are part of the PGP SDK:

The PGP SDK 3.10.3 and PGP SDK 3.11.0 was validated to FIPS 140-2 on October 27,2008. Verification of validation is available on the NIST website.
PGP® Whole Disk Encryption, PGP® NetShare,PGP® Desktop , PGP Universal™ , and PGP® Command Line contain PGP SDK .

Previous Validations

The PGP SDK 3.8.1 was validated to FIPS 140-2 on October 22, 2007; verification of validation is available on the NIST website.
PGP® Desktop 9.6.1, PGP Universal™ 2.6.1, and PGP® Command Line 9.6.1 contain PGP SDK 3.8.1.

The PGP SDK 3.7.1 was validated to FIPS 140-2 on May 4, 2007; verification of validation is available on the NIST website.
PGP Desktop 9.5.1, PGP Universal 2.5.1, and PGP Command Line 9.5.1 contain PGP SDK 3.7.1. PGP products versioned 9.5.2, 9.5.3, 9.6, and 9.6.1 contain versions of the PGP SDK that include minor differences from the PGP SDK 3.7.1. These differences are not relevant to FIPS operation.

The PGP SDK 3.5.3 was validated to FIPS 140-2 on March 3, 2006; verification of validation is available on the NIST website.
PGP Desktop 9.0.3, PGP Universal 2.0.3, and PGP Command Line 9.0.3 contain PGP SDK 3.5.3.

The PGP SDK 3.0.3 was validated to FIPS 140-2 on Mar 18, 2004; verification of validation is available on the NIST website.
PGP Desktop 8.0.3 contains PGP SDK 3.0.3.

The PGP SDK 1.5 was validated to FIPS 140-1 on Aug 26, 1999 and Feb 20, 2003; verification of validation is available on the NIST website.

For more information on FIPS validation, see the NIST's Cryptographic Module Validation Program.

"Having the PGP SDK available for 3rd party use is another great step forward for the security market."

- Bruce Schneier, Cryptographer

PGP SDK CONTACT REQUEST
JOIN OUR MAILING LIST
White Papers More
Customers More

"PGP Corporation is the only commercial encryption vendor that publishes its source code, which has been under scrutiny by the world's cryptography experts for years. Even though we didn't read every line of code, this practice convinced us that its products were safe to use."

Keld Viftrup Møller, Security Designer, H. Lundbeck A/S

Related Links