Pretty Good Privacy or PGP is a hybrid cryptosystem for email security, originally developed by Phil Zimmermann.
All versions use a public key cryptosystem to provide digital signatures and to manage keys for a block cipher which does the actual message encryption.
There is an Internet standard for "Open PGP", RFC 4880 [1]. An open source implementation of that standard, GNU Privacy Guard (GPG), is available [1], and is included in most Linux or BSD distributions.
PGP Corporation were heavily involved in creating the RFC that is the basis for the free versions, while themselves offering commercial products with support. At some times, they have also offered a free version of the commercial product for personal use. An index of free versions is at PGP International.
Zimmerman released the original PGP version 1.0 in 1990; it used a block cipher called BassOmatic, devised by Zimmerman. This was quickly shown to be weak, and replaced with IDEA in version 2.0. This was the version that became widespread and established PGP in the market.
At one point, the US patent on the RSA algorithm meant some versions were restricted in the US that were not elsewhere. This no longer applies; the patent has been released into the public domain. Later versions of PGP also support the NSA-developed Digital Signature Algorithm; at one point, there was an advantage to this in that it was unpatented. However, some users refused to trust anything from the NSA.
Use of IDEA has also created licensing problems, since that is also patented. In version 3.0. they switched to CAST-128 which, unlike IDEA, was free of patent restrictions. Current versions support several patent-free block ciphers, CAST-128, AES and Twofish. Some also support IDEA for backward compatibility.
Zimmerman founded a company, PGP Incorporated. In 1997, this was bought by Network Associates. Related products appeared, PGP disk for disk encryption, PGP VPN with IPsec, and PGP Firewall. However, it proved an unprofitable product for NA. In 2002, they sold off the assets to a newly-formed consortium, put together by old PGP Incorporated employees and some venture capitalists, called PGP Corporation [2]. This company did well with the product, winning awards [3] and reporting good growth [4]. In mid-2010, it was bought by Symantec [5].
A more complete history is on the PGP Corporation site.
Upon original release, PGP was famously subject to the United States of America export control of encryption technologies which prevented it's distribution outside of the US. Visitors to the PGP website who attempted to download the software from a non-US IP address were denied. Despite this, PGP quickly found its way to various non-US sites. Zimmerman was investigated by the US Customs Service, for possible violations of the ITAR controls on export of arms. Under those regulations, strong cryptography such as PGP was considered a "dual use" item with military as well as civilian applications, so its export was controlled. Eventually, the investigation was dropped [6].
One of the responses to this was the publication of "PGP: Source Code and Internals" [2]. Since this is a printed work, it is protected in US law by the first amendment protections for a free press. However, it contains source code for PGP and the font was chosen to make computer interpretation of scanned images easy, so it effectively circumvents the ITAR regulations. Anyone outside the US could just buy the book, scan it, and have PGP source code. The government chose not to argue this point, perhaps partly because the publisher was the prestigious MIT press, with deep pockets and good lawyers. The same technique has been used by later projects such as the EFF DES cracker[3].
Later, Zimmerman gave testimony to the US Senate, arguing for a change to the export control laws on the basis of the importance of privacy for civil liberties and human rights. PGP and subsequent encryption software has been used by human rights campaigners and dissidents to protect the privacy of communications and data used in the fight for civil rights in oppressive regimes[4].
Well-known security researcher Ross Anderson and others have published the Global Trust Register, a book of PGP keys. From their website:
The primary aim of this book is to cut through the chaos by publishing the thousand or so important keys in paper form, as a kind of global phone book. The secondary aim is political: By printing these keys on paper, we can use established legal protections to limit government interference.
A bug was introduced in version 5.5 and fixed in 6.5.4 [6]. Versions 5.5 to 6.5.3 should not be used. This should not be a problem today; those versions are from the year 2000 or earlier.
The problem has to do with support for "additional decryption keys". These have legitimate uses; for example one might want otherwise secure messages to be decryptable at need by one's lawyer or heirs, or a company might want employees using encryption to encrypt to a corporate key as well as to the recipient. The bug was that there was insufficient checking during the processing of these keys; this meant a malicious third party could add his key as well.
This bug had some political significance. Opponents of escrowed encryption often cite it as part of an argument that adding such features is dangerous and ill-advised.