|
About OpenPGP
OpenPGP is a non-proprietary protocol for encrypting data using public key cryptography. The OpenPGP protocol defines standard formats for encrypted messages, signatures, private keys, and certificates for exchanging public keys. It is based on PGP as originally developed by Phil Zimmermann.
Pretty Good Privacy or PGP was written by Phil Zimmermann in 1991 and introduced to the Internet community as freeware. For that, he was the target of a three-year criminal investigation, because the US government held that US export restrictions for cryptographic software were violated when PGP spread all around the world following its publication as freeware.
Despite the lack of funding, the lack of any paid staff, the lack of a company to stand behind it, and despite government persecution, PGP became the most widely used email encryption software in the world.
After the government dropped its case in early 1996, Zimmermann founded PGP Inc. That company and its intellectual property were acquired by Network Associates Inc (NAI) in December 1997 then more recently to PGP Corporation.
After leaving NAI in January 2001, Zimmermann started the OpenPGP Alliance, and is currently engaged in other projects, some involving OpenPGP implementors.
OpenPGP is the open standards version of the PGP encryption protocol. The OpenPGP Working Group started the qualification of OpenPGP as an Internet Standard as defined by the IETF. Each distinct version of an Internet standards-related specification is published as part of the "Request for Comments" (RFC) document series Standard RFC 2440.
About Veridis
Veridis products are based mainly on OpenPGP and support X.509 standard for interoperability purposes.
Veridis has based its products on a technology known as public-key encryption: a cryptographic system that uses two keys -- a public key known to everyone and a private key known only to the recipient of the message. When Alice wants to send a secure message to Bob, she uses Bob's public key to encrypt the message. Bob then uses his private key to decrypt it.
An important element to the public key system is that the public and private keys are related in such a way that only the public key can be used to encrypt messages and only the corresponding private key can be used to decrypt them.
Moreover, it is virtually impossible to deduce the private key if you know the public key. In addition to that encryption mechanism, the private key can be used to digitally sign data. The corresponding public key is used to verify the integrity of the data to be sure that they haven't been altered during its transfer. Moreover, the digital signature also provides a way to authenticate the sender of a message.
Public-key encryption mechanisms are broadly used for securing web link and known as SSL. This technique allows the client to be sure he really receives data from the requested server. Once authenticated, the link is encrypted providing a secure link between the client and the server.
SSL and VPNs only secure links. It means that data are decrypted once they arrive on the server and stay decrypted on it. For many purposes such as archiving or email transfers, data must remain encrypted on the server.
Today, a company or an individual has the choice between two standards: OpenPGP and X.509.
Level of security is equal between those two standards. The main difference is the trust model: the way a key is considered as valid.
With X.509 you have to entrust a third-party CA (Certification Authority) with the job of assigning and managing your digital certificates. With OpenPGP you can perform those operations in house.
With OpenPGP, each user, in effect, is a CA. OpenPGP lets users build their circle of safe e-mail correspondents informally, often relying on the word of a trusted correspondent that his or her digital signature is legitimate.
Veridis products are based mainly on OpenPGP and support X.509 standard for interoperability purposes.
Read More:
Partners
Crypto Links
|
About Us 
