Browse Definitions:
Definition

OpenPGP

Contributor(s): Matthew Haughn

OpenPGP is an open and free version of the Pretty Good Privacy (PGP) standard that defines encryption formats to enable private messaging abilities for email and other message encryption.

The standard uses the PKI (public key infrastructure) to create keys that are bound to individual email addresses and uses symmetric encryption based on elliptical curve cryptography. Compliant applications generate a random key that is encrypted with the public receive key. That process creates an encrypted message that contains both the data and the encrypted key. The receiver decrypts the key and uses their private key to retrieve the original random key and decrypt the data.

OpenPGP-compliant software products include Symantec Command Line, McAfee E-Business Server, Diplomat OpenPGP Community Edition, many email clients. OpenPGP clients must use up-to-date or matched versions so that settings and files created by one application are compatible with another. Only then can the applications share and mutually decrypt messages. The OpenPGP Alliance promotes OpenPGP for other communications as well as email. Facebook, for example, has added the capacity for users to add an OpenPGP key to their profile so that notifications and messages are encrypted.

Security expert Bruce Schneier advises that open encryption standards are best for security and privacy when dealing with such pervasive forces as NSA mass surveillance. He states that open security and encryption standards are much harder for the NSA to back door -- especially without getting caught. The difficulty is increased when the standard is compatible with other services and used by other vendors, because any one of them may discover the back door. Schneier worked along with Edward Snowden and the Guardian newspaper in breaking the whistleblower’s revelations about NSA surveillance.

OpenPGP is specified in IETF (Internet Engineering Task Force) RFC 4880.

This was last updated in June 2015

Continue Reading About OpenPGP

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCompliance

  • pure risk (absolute risk)

    Pure risk, also called absolute risk, is a category of threat that is beyond human control and has only one possible outcome if ...

  • risk assessment

    Risk assessment is the identification of hazards that could negatively impact an organization's ability to conduct business.

  • audit program (audit plan)

    An audit program, also called an audit plan, is an action plan that documents what procedures an auditor will follow to validate ...

SearchSecurity

  • insider threat

    Insider threat is a generic term for a threat to an organization's security or data that comes from within.

  • ransomware

    Ransomware is a subset of malware in which the data on a victim's computer is locked, typically by encryption, and payment is ...

  • hacker

    A hacker is an individual who uses computer, networking or other skills to overcome a technical problem.

SearchHealthIT

SearchDisasterRecovery

  • business continuity and disaster recovery (BCDR)

    Business continuity and disaster recovery (BCDR) are closely related practices that describe an organization's preparation for ...

  • business continuity plan (BCP)

    A business continuity plan (BCP) is a document that consists of the critical information an organization needs to continue ...

  • call tree

    A call tree -- sometimes referred to as a phone tree -- is a telecommunications chain for notifying specific individuals of an ...

SearchStorage

SearchSolidStateStorage

  • 3D XPoint

    3D XPoint is memory storage technology jointly developed by Intel and Micron Technology Inc.

  • RRAM or ReRAM (resistive RAM)

    RRAM or ReRAM (resistive random access memory) is a form of nonvolatile storage that operates by changing the resistance of a ...

  • JEDEC

    JEDEC is a global industry group that develops open standards for microelectronics.

SearchCloudStorage

  • Google Cloud Storage

    Google Cloud Storage is an enterprise public cloud storage platform that can house large unstructured data sets.

  • RESTful API

    A RESTful application program interface breaks down a transaction to create a series of small modules, each of which addresses an...

  • cloud storage infrastructure

    Cloud storage infrastructure is the hardware and software framework that supports the computing requirements of a private or ...

Close