OpenPGP set to become global standard

Godfather of encryption and creator of PGP, Phil Zimmermann, has moved over to security company Hush Communications, in a bid to set a global standard for encryption in digital communication and strike a killer blow for privacy on the web.

Godfather of encryption and creator of PGP, Phil Zimmermann, has moved over to security company Hush Communications, in a bid to set a global standard for encryption in digital communication and strike a killer blow for privacy on the web.

Zimmermann, formerly a senior fellow at Network Associates, said he plans to move Hush's free web based secure email service, Hushmail, over from Blowfish to OpenPGP-based encryption.

OpenPGP is an Internet Engineering Task Force (IETF) ratified standard based around PGP 5, which Hush and Zimmermann hope will become a global standard as the public demand for secure communications increases. OpenPGP as a development platform can be used to develop email encryption as well as roll out digital signatures and key management systems, said Zimmermann.

PGP 5 is guaranteed free of backdoors after being "developed on my watch", said Zimmermann. A point of contention between the cryptographer and the now-owners of PGP, Network Associates, was that his previous employers refused to publish the PGP source code. Hush, however, does publish the source code for both its previous encryption product and OpenPGP.

Zimmermann said: "OpenPGP is easier to use than PGP because it works over a simple Java applet. The fact that it's encrypted also gives it the security advantage over most web based email."

As well as crusading for privacy on the internet, Zimmermann is no stranger to controversy since the release of his first version of PGP back in 1991, when he became an instant hero online. The uptake of PGP prompted a five-year criminal investigation by the FBI because the encryption levels in the software apparently violated US export laws on encryption. But Zimmermann reckons that rolling OpenPGP out as a global standard will strike the final blow in the name of internet privacy.

"We pretty much won after the encryption export standards were dropped," he said, "but we haven't properly won until email is secure from the prying eyes of government."