As companies face increasing pressure to keep data safe, encryption protocols like Open PGP provide an increased level of security to do so. An open-source version of PGP (Pretty Good Protection), Open PGP delivers the same level of protection in a publicly available format. Because of its high availability, it enjoys widespread use.
However, an encryption solution doesn’t stand alone: It needs to be able to interface with the technologies around it without compromising capabilities. The GoAnywhere Managed File Transfer (MFT) solution allows you to keep Open PGP protocols and still leverage the full functionality of the file transfer platform.
What is Open PGP?
To understand Open PGP, it is important to first have a clear understanding of PGP.
PGP is an encryption protocol that combines various methodologies – hashing, symmetric-key cryptography, public-key cryptography, and data compression – to secure data. It is a proprietary encryption solution owned by Symantec.
Open PGP is the open-source version of PGP.
Developed in the late 1990s, it was spun off PGP by one of the protocol’s founders, Phil Zimmermann. He wanted to make what was company-owned and pay-gated technology available for widespread use by making it publicly available.
Zimmermann submitted an Open PGP standards proposal to the Internet Engineering Task Force (IETF) in 1997 that gave PGP standards-compliant vendors the ability to offer Open PGP compatible solutions. This introduced a level of competition that bolstered and enhanced the PGP arena.
Open PGP vs. Similar Tech
The reasons an enterprise would choose Open PGP over other similar technologies such as PGP and GPG, lie in their differences. In a nutshell, they are:
PGP: A proprietary encryption solution owned by Symantec.
GPG: Another popular solution that follows the Open PGP standard and provides an interface for users to easily encrypt their files.
Open PGP: The IETF-approved standard that describes any encryption technology that uses processes interoperable with PGP.
Diving deeper, they differ in background, purpose, and operability.
PGP
PGP remains the most widely used encryption protocol and does a lot of heavy lifting. It can:
- Encrypt, decrypt, and authenticate digital files and online communication
- Secure text files, emails, data files, directories, and disk partitions
And it employs techniques such as hashing, symmetric-key cryptography, public-key cryptography, and data compression. Its main drawbacks are that its development is controlled by a single company, and it’s a pay-to-use solution.
GPG
GPG provides an interface for users to conveniently encrypt their files.
Also known as GNU Privacy Guard (GnuPG), GPG is a popular adaptation of Open PGP. Werner Koch developed and released it in 1999, and it was one of the PGP competitors that the new open-source landscape bred.
While it’s available as a free download, it is compatible with both Symantec’s PGP tools and Open PGP: Using GPG, user can decrypt and open files that have been encrypted by PGP and Open PGP. It also supports Secure Shell (SSH) and S/MIME.
Open PGP
Broadly speaking, Open PGP refers to any program that supports the Open PGP system. It is managed by the IEFT and is an industry-accepted protocol that defines the standard format of encrypted messages, signatures, and keys.
It uses asymmetric (public key) cryptography to protect sensitive files as they are sent via email and to partners beyond the network. Open PGP also allows user to “sign” files via embedded digital signatures, thereby tackling the issues of data authentication and non-repudiation.
Because of the elevated amount of security it provides and its free and open accessibility, Open PGP (and its associated programs) are some of the most popular encryption methods in use.
Differing from similar technologies in a few notable ways, Open PGP is a top consideration for organizations looking to secure sensitive assets without running into expensive licensing issues or being stymied by proprietary boundaries.
GoAnywhere MFT + Open PGP
GoAnywhere’s Managed File Transfer solution is built around Open PGP technology. It allows you to leverage the protocol across multiple platforms, such as Linux, Microsoft Windows, and Microsoft Azure. With detailed audit logs, you can comply more easily with industry privacy regulations and keep track of your encryption process, meaning you can safely exchange data with external partners and internal users.
Once files are encrypted with Open PGP, GoAnywhere MFT can then transfer them to a remote server or put them securely on the network, and it can automate the process end-to-end using advanced workflows. So, a workflow could be configured to automatically retrieve database records, create and encrypt a CSV file, and send it to a vendor’s SFTP server – all without human intervention.
Plus, it comes with a Key Manager so you can manage public and private PGP keys. This includes creating them, changing them, viewing them, importing them, and exporting them to trading partners remotely. These keys can then be used to automate PGP encryption and decryption, as outlined above.
And, for a free desktop solution that gives you basic encryption, decryption, file signing, and document verification, there’s GoAnywhere Open PGP Studio.
