Talk:Pretty Good Privacy

Popular culture
For something to have entered our "popular culture" - it is not enough for it to exist. We need verifiable reliable sources that specifically say something has entered our popular culture - that is, our public awareness. None of the items formerly listed in this section included any such indication. Hence these items were mere bits of trivial original research. By comparison, "Prada" has entered our popular culture not simply because a movie included the brand in its title but because numerous sources discussed this fact. Frankly, I doubt PGP has entered the realm of public awareness at all, let alone to the degree that a reliable source would actually publish an article about this fact. Rklawton (talk) 01:37, 17 June 2010 (UTC)
 * That was a necessary and valid edit, backed with a sound argument that I shall probably steal for future use on other pages. Thanks! --Old Moonraker (talk) 05:35, 17 June 2010 (UTC)
 * Your welcome. Sometimes I get lucky.  Feel free to re-use as necessary.  Rklawton (talk) 07:28, 17 June 2010 (UTC)

Examples of signed messages and public keys would be good
I believe it would be an improvement if the article had examples of public keys and signed  and encrypted messages. --TiagoTiago (talk) 23:30, 23 June 2010 (UTC)

Weasel words?
Isn't "it is thought to be the most widely chosen quality cryptographic system" an example of weasel words? The whole "some people say..." or "it is believed that..." is supposed to be a no-no, isn't it? Thomascameron (talk) 02:29, 26 April 2011 (UTC)

Written in
The section "Written in" in the infobox should say which programming language was used. Right now it mentions a list of human languages which is pretty amusing. —Preceding unsigned comment added by UrbanGrill (talk • contribs) 19:50, 9 May 2011 (UTC)

PGP Desktop
PGP Desktop shouldn't be redirected here. PGP Desktop is a commercial Symantec product. — Preceding unsigned comment added by 129.6.182.179 (talk) 20:24, 4 August 2011 (UTC)

Thats my opinion too. I tried to edit the reference; but i'm not very expirienced in wikipedia. The edit button reveals only a refence to a reference list :-( — Preceding unsigned comment added by 84.172.202.86 (talk) 06:04, 20 October 2014 (UTC)

Android 9 103.67.157.162 (talk) 22:35, 3 June 2021 (UTC)

Speculation in secton Security quality
Speculations about the future, bordering to FUD: "Likewise, the secret key algorithm used in PGP version 2 was IDEA, which might, at some future time, be found to have a previously unsuspected cryptanalytic flaw. Specific instances of current PGP, or IDEA, insecurities—if they exist—are not publicly known." Is this relevant? Can hypothetical unknown future flaws be sourced today? (The two sentences was added 06:55, 16 October 2005 and 13:39, 25 October 2005 respectively) David A se (talk) 21:00, 6 October 2011 (UTC)

Prices are relevant
This article mentions many software systems, and many versions, but fails to state which are free and give approximate prices for those that are not free. Price is an important dimension for articles describing products that are sold or distributed. David Spector (user/talk) 19:02, 19 August 2012 (UTC)

LICENSE?
What is the license under which this program is released? Please add this to the infobox. 117.219.1.87 (talk) 17:12, 24 February 2013 (UTC)

XKCD
Be advised -- this article's subject was mentioned on XKCD.com. Not in a way that mentions Wikipedia or seemingly invites vandalism, but that webcomic + wikipedia seems to be a recipe for it. Jsharpminor (talk) 05:45, 4 March 2013 (UTC)

key, fingerprint
Many people (usually computer programmers) have a "PGP key" (a huge block of hexagesimal code) and a "PGP fingerprint" (a line of hexagesimal code). They often post these on their websites. Could someone please explain in the article what these mean and what they are used for? Thanks! BigSteve (talk) 11:16, 14 July 2013 (UTC)

unclear for the unknowledgeable
I read this and don't understand how it works, the article needs to show step by step how it works. Like, where does one get a public or private key or both, and how do you get them to people you're sending info to? The intro paragraph and first section "design" are completely opaque to the non technical user. — Preceding unsigned comment added by 207.195.92.130 (talk) 15:36, 1 August 2014 (UTC)

I found this http://www.pgpi.org/doc/pgpintro/ to be much better than wikipedia to gain a basic understanding. Hope this info helps to improve wikipedia. — Preceding unsigned comment added by 207.195.92.130 (talk) 16:02, 1 August 2014 (UTC)

Symantec Encryption Desktop (former PGP Desktop)
The "PGP Corporation encryption applications" section mentions "Symantec Encryption Desktop" as the renamed follower of "PGP Desktop". However, it seems to me that this information is outdated already - "Symantec Encryption Desktop" seems to have been discontinued. The Symantec website only shows "Symantec Endpoint Encryption", which seems to be a full disk encryption only. If this were true, I think the article should reflect this. Kellerpm (talk) 10:46, 13 February 2015 (UTC)

The other side of the coin!
This article focus more on the upside of PGP and doesn't discuss the related issues/technical limitations that PGP has. This blogpost by Mr. Matthew Green highlights those issues well (which Mr. Bruce Schneier endorsed himself as well).

Therefore a separate section named 'PGP limitations' or 'PGP issues' describing the associated concerns with key exchange and management, no forward secrecy, downside of web-of-trust (few strong sets, ...), poor usability, lack of ubiquity etc should also be included.

This will duly help the readers in having a more balanced and fair understanding of PGP on the whole.

M Salman Nadeem (talk) 16:07, 14 December 2016 (UTC)


 * I think this is a great idea. I also like the section name "PGP limitations" or something very close to it. Rklawton (talk) 17:59, 14 December 2016 (UTC)


 * I agree; I just started the section with a small amount of content. Riceissa (talk) 03:49, 19 December 2016 (UTC)

Split article into PGP (software) and OpenPGP (standard)
OpenPGP is a hugely important standard with wide applications. I understand why this article may have begun as PGP and also talks about OpenPGP, but I think most people are coming to this page to learn about OpenPGP, its implementations, applications, limitations, etc, and are likely to be confused. The article as it now is poorly structured, and thinking about how ways to improve it is challenging when it really covers 2 separate areas. I propose moving OpenPGP to a separate article. 135.23.75.178 (talk) 03:46, 17 December 2017 (UTC)


 * I agree. Artoria2e5 🌉 10:30, 16 February 2024 (UTC)
 * I also agree that this could be split into two articles - Dyork (talk) 01:19, 22 April 2024 (UTC)

Official Website
It doesn't look like that link has been active in years, as Symantec took it down back in 2011 according to the Wayback Machine. Should this be noted on the page? Is there a better link at Symantec or elsewhere that should now be used? Indefensible (talk) 08:11, 1 January 2019 (UTC)


 * linkaja.co.id 114.10.143.123 (talk) 07:48, 11 December 2023 (UTC)

Criminal Investigation Controversy
I had an association with PGP so I am not editing the site. However, below is the note clearing Phil and dropping the investigation from William Keane, US Attorney. This note is public and not attorney client privileged. I would suggest some way this meaningful message (verbatim) gets worked into this section as it is an important part of PGP history and cryptography history:

Philip L. Dubois - "Yesterday morning, I received word from Assistant U.S. Attorney William Keane in San Jose, California, that the government's three-year investigation of Philip Zimmermann is over. Here is the text of Mr. Keane's letter to me":

"The U.S. Attorney's Office for the Northern District of California has decided that your client, Philip Zimmermann, will not be prosecuted in connection with the posting to USENET in June 1991 of the encryption program Pretty Good Privacy. The investigation is closed."  PKIhistory (talk) 20:58, 26 August 2020 (UTC)


 * I added a mention that the investigation was dropped in 1996. --Artoria2e5 🌉 11:54, 16 February 2024 (UTC)

Purchase of Symantec by Broadcom
This needs to be added. Additionally, I think the latest version is 11.4, not 11.2. — Preceding unsigned comment added by Egamma (talk • contribs) 18:05, 8 June 2022 (UTC)


 * Done 11.4 thing. Artoria2e5 🌉 10:50, 16 February 2024 (UTC)

Cryptosystems using keys larger than 40 bits
The article says: "At the time, cryptosystems using keys larger than 40 bits were considered munitions within the definition of the US export regulations;". Is there any source for this claim? Mago Mercurio (talk) 03:23, 20 May 2023 (UTC)


 * Well, it's a well-known fact that affected a lot of software and protocols (cf. export cipher suites in SSL/TLS) so we actually have a whole separate article Export of cryptography from the United States which is already linked from the sentence you quoted. Unfortunately, it has long-standing problems with the quality of citations itself. – MwGamera (talk) 10:48, 20 May 2023 (UTC)

NostrMail solves the key distribution problem
NostrMail solves the key distribution problem:

A simple email encryption tool based on secp256 key pairs.

How it works:

NostrMail encrypts content using a symetric key derived from a combination of the sender's private (nostr) key and the receiver's public (nostr) key.

Both sender and receiver derive a shared secret known only to them, which is used to protect their communications.

This application can use any email server for delivery.

https://asherp.github.io/nostr-mail/

Family Guy Guy (talk) 21:02, 17 September 2023 (UTC)


 * 🌝🛡️🗝️🔑🔐🔏🔒🔓 Fehgho (talk) 18:42, 8 November 2023 (UTC)

Split proposed
I agree with the IP in : the current article tries to describe both PGP and OpenPGP, which is difficult and messy. A lot of the stuff in describe some other OpenPGP implementation too: Yubikey has never worked with Symantec PGP as far as I know. Matthew Green's scalding criticism also deals with OpenPGP; he just uses "PGP" because the name is shorter.

I doubt most of the people here will ever use the current Symantec/Broadcom form of PGP -- it's enterprise focused, where are you even going to get it? Artoria2e5 🌉 10:49, 16 February 2024 (UTC)