Phil Zimmermann released the original pretty good privacy (PGP) program in 1991. Almost immediately, the US government filed a lawsuit to block the program's distribution but later withdrew the lawsuit. Because of the quality of its encryption, the US government considered the program munitions and thus permitted export of the program outside the United States with a permit only. By 1996, the Massachusetts Institute of Technology (MIT) was distributing a free version of the software within the United States, and a commercial version was available at http://www.pgp.com (http://www.pgpi.com for foreign parties). Because PGP uses RSA as a public-key algorithm and the patented International Data Encryption Algorithm (IDEA) as a symmetric algorithm, the software can't be distributed completely for free. (MIT's patent for RSA expired in September 2000, but the IDEA patent doesn't expire until 2011.)
The Gnu's Not UNIX (GNU) Privacy Guard (GnuPG) project uses only nonpatented, encumbered algorithms to emulate PGP functionality. The default algorithms are the digital signature algorithm (DSA, sometimes referred to as Digital Signature Standard—DSS) and the El Gamal algorithm (ELG), but GnuPG also supports other algorithms, including RSA. GnuPG uses two types of cryptographic algorithms: symmetric and asymmetric (also known as public-key cryptography). The former uses one key to scramble data and unscramble data. For years, Data Encryption Standard (DES) was the primary standard for symmetric cryptography, but in 2001, Advanced Encryption Standard (AES) superseded DES as the federal standard. For some time, many experts have considered standard DES to be cryptographically unsafe, so GnuPG can use AES and Triple DES (3DES), which is stronger than standard DES. The central problem with symmetric cryptography revolves around key distribution. Having only one key for both decryption and encryption means that the key must be passed back and forth between users, creating a security risk. Public-key cryptography solves this problem in an ingenious way. RSA and its descendents, such as DSA, use the concept of trap-door functions and primes. A trap-door function is one that's easy to compute one way but nearly impossible to reverse. For RSA, this computation is the product of two large prime numbers. Knowing one makes solving the other easy, but knowing neither makes solving either extremely difficult. (This explanation is a gross oversimplification but gives you a basic idea of how the math works.) . . .
Register
