It's now owned the Symantec Group, and it is the antivirus developer that now is responsible for updating PGP to ensure it's sufficient to protect email communications. The company has also developed an open source option - OpenPGP, which is used alongside the licensed version.
What is PGP used for?
Although PGP was initially built to encrypt emails, this technology can be used to safeguard a range of communications from text messages to files. PGP can be applied in many ways, including boosting privacy as well as securing digital certificates.
There are a number of different standards in use, but the most widely-adopted is OpenPGP, an open-source iteration that bypasses the licence arrangements tied to PGP.
It’s predominately used to secure desktop apps and email clients such as Apple Mail and Microsoft Outlook. Google Chrome also offers extensions that allow users to apply the standard to web browsing.
How does PGP work?
This security tool works by adding layers of encryption onto text-based content to safeguard the content, and raise the level of privacy.
PGP relies on strong cryptography that renders encrypted text impossible to decipher without the requisite tool, or key. When applied to email clients, for example, the message content is protected through the use of an encoding algorithm that garbles the text so it’d be impossible to read if intercepted by a third-party.
Anybody hoping to read the text would need the key to unlock the code, but the key itself is often encrypted as well. Both are sent to the recipient of the message, so it can be read as normal once opened. The key and message are deciphered through the recipient’s email application, through the use of a private key, almost instantly once it’s sent.
Also see: Top Tips to Increase Your Online Privacy
Is PGP secure?
There has been some controversy over how secure PGP is. In 2011, researchers discovered that short encryption keys (32-bit or smaller) were unsafe to the extent some claimed they in effect offered no security at all.
This is because, with modern GPUs, it's easy for hackers to come up with a "colliding" (i.e. matching) key ID if the key in question is short. This doesn't mean PGP is fatally flawed, though - it just means a long key (greater than 32-bit) must always be used. If it is, then PGP works as intended and is secure - at least for the moment.
With the advancement of technology PGP has fallen further and further behind, 32-bit encryption is pretty old hat.