- The child of Philip Zimmermann in 1991, PGP was created to allow anti-nuclear activists to communicate securely across bulletin board systems and to securely store private files. After its creation, PGP was distributed freely with its complete source code, and it quickly spread about Usenet and the Internet, with many becoming avid supporters of the program.
- Although the program was popular with many on the Internet, in February of 1993 the program found itself outside of the country and Zimmermann came under criminal investigation, under the charge of munitions export without a license. Since PGP used a 128 bit key, it fell under the category of munitions. In order to protest this charge, Zimmermann published PGP as a book which, after being bought, could be scanned into a computer with OCR and compiled. Books were protected under the First Amendment and could not be treated as munitions. This claim was never tested, and charges were never brought to court after several years of investigation.
- While investigations were underway, PGP3 was actively being developed by Zimmermann and his team. Once the criminal investigation ended, the programmer formed a company to continue work on the development of the program. A number of later versions were developed until Zimmermann saw the need for an open standard to be developed to allow others to freely interface with subsequent versions of the PGP program and libraries. From 1997, OpenPGP was born and has been maintained up to the present day.
- PGP is a program that employs public key cryptography. Public key cryptography is an asymmetric encryption and decryption scheme that works on the premise that a user has two keys, a public key and a private key. The public key is freely distributed to individuals who would send an encrypted message to the user. Those individuals would use the public key to encrypt a message before sending it to the user. Once encrypted, the public key is useless to decrypt the message, so anybody who intercepts the public key and encrypted message is unable to view the message. The only way the message can be decrypted is when the user applies his private key to the message.
- Additionally, PGP incorporates such principles as a Web of trust, a collection of users for whom their public keys are considered trusted, and from whom encrypted messages are considered trustworthy. One of the problems with public key cryptography is ensuring that the public key given by an individual is his public key to give. Certificates and other digital signatures are also incorporated into the standard to help assure security.
