Pretty Good Privacy was designed to protect people’s privacy. It is a data encryption program that was developed as freeware by Phil Zimmermann in 1991, when it was first published as freeware. The OpenPGP standard is based on his work. The acronym PGP is used for both the copyrighted commercial products (PGP), as well as the freeware (PGP) and the standard (PGP), and is also currently in the name of the corporation that produces Pretty Good Privacy products and solutions.
The history of Pretty Good Privacy has some drama to it. In 1993, the United States government filed an export violation case against Zimmermann under the assumption that it violated technology export laws. The case was dropped in 1996, the same year that PGP Inc. was formed. In 1997, PGP Inc. was acquired by Network Associates Inc. In 2002, newly formed PGP Corporation, made up of people who had worked on PGP, repurchased PGP products and associated intellectual property, however, in 2010, it was announced that Symantec had acquired PGP Corp.
Pretty Good Privacy is a type of Public-Key Cryptography (PKC). Public-key encryption — also known as asymmetric encryption — uses two keys, one for encryption and the other for decryption of data. It is made more secure by the use of digital certificates.
Digital certificates can work in one of two ways. They can be issued by a Certification Authority (CA), which verifies the identity of the user, or they can be issued through the Web of Trust, a concept and practice developed by Phil Zimmerman as a mechanism for Pretty Good Privacy in order to extend the ability to securely communicate on the World Wide Web. In the Web of Trust, there is no central authority; instead, anyone with a public and a private key can become a signer, responsible for verifying the identity of the person who wants a new public key and making sure that the key fingerprint is correct.
Pretty Good Privacy has developed from being a single program to being an aspect of a suite of data protection products. These products include tools for management, email protection, file and server protection, and endpoint data protection.