OpenPGP, PGP and GPG: What is the difference?

Thursday, July 18, 2013 Posted by

With privacy capabilities of encryption methods such as PGP (Pretty Good Privacy), data security can be heightened and privacy can be achieved.  There are various approaches, however, and various elements of comparison for each of these acronyms.  This article will explore the differences between PGP, OpenPGP, and GPG (GNU Privacy Guard), offering brief histories of their creations and summaries of their capabilities.

PGP (Pretty Good Privacy)

The company, PGP Inc., owned the rights to the original PGP encryption software.  This software was developed by Phil Zimmermann & Associates, LLC and released in 1991 to ensure the security of files that were posted on pre-internet bulletin boards.  From 1997 until 2010, the software changed hands several times until it was acquired by Symantec Corp., who continues to develop the PGP brand.

PGP encryption uses a combination of encryption methodologies such as hashing, data compression, symmetric-key cryptography and public key cryptography to keep data secure.  This process can be used to encrypt text files, emails, data files, directories and disk partitions.

OpenPGP

Automate OpenPGP EncryptionZimmerman, one of the original PGP developers, soon began work on an open-source version of PGP encryption that employed encryption algorithms that had no licensing issues.

In 1997 he submitted an open-source PGP (OpenPGP) standards proposal to the IETF (Internet Engineering Task Force), to allow PGP standards-compliant encryption vendors to provide solutions that were compatible with other OpenPGP-compliant software vendors.   This strategy created an open and competitive environment for PGP encryption tools to thrive.

Today,  OpenPGP is a standard of PGP that is open-source for public use, and the term can be used to describe any program that supports the OpenPGP system.

GPG (GNU Privacy Guard)

GnuPGP was developed by Werner Koch and released in 1999 as an alternative to what is now Symantec’s software suite of encryption tools.  It is available as a free software download, and is based on the OpenPGP standards established by the IETF so that it would be interoperable with Symantec’s PGP tools as well as OpenPGP standards. Therefore, GPG can open and unencrypt any PGP and OpenPGP standards file.

GPG provides a graphic user interface when integrating into email and program systems such as Linux.  Some software solutions for encryption utilize GPG coding, while others encrypt using command line functions in a menu-based Perl script.

A variety of popular solutions have developed their PGP encryption products following the OpenPGP standards.  Some of these products include GoAnywhere OpenPGP Studio and GoAnywhere Director.

Summary

OpenPGP is the IETF-approved standard that describes encryption technologies that use processes that are interoperable with PGP.  PGP is a proprietary encryption solution, and the rights to its software are owned by Symantec.  GPG is another popular solution that follows the OpenPGP standards to provide an interface for end users to easily encrypt their files.

As the need to encrypt and protect data becomes ever more critical, organizations will continue to develop software based on these three systems.

 

Could your FTP server pass a compliance audit?

Tuesday, July 9, 2013 Posted by

data security compliance auditIf an auditor showed up in your office tomorrow and wanted to examine your file transfer security policies and procedures, how confident are you that your organization would earn high marks?

Take this short quiz and find out.

  1. Are you still hosting an outdated SFTP or FTP server in the public area of your network (or DMZ)?
  2. Do trading partners have access to inbound ports within your internal network to drop off or retrieve files?
  3. Are your administrative security controls granular enough to manage user access to specific files, folders and areas of the network?
  4. Can you monitor all file transfer activity and maintain detailed audit logs?
  5. Do employees have easy access to an ad hoc file transfer tool that lets them transfer files of any size, all while generating audit trails?

To find out how auditors expect you answer these questions, don’t miss our next webinar:

Get Your FTP Server Into Compliance
Thursday, July 18 at Noon Central

Linoma Software’s Chief Architect Bob Luebbe will show you how the GoAnywhere Services secure FTP server can work with GoAnywhere Gateway to keep sensitive data and credentials safely in your internal network and out of the DMZ.  He’ll also demonstrate how the two work together to allow you to exchange files with trading partners without opening inbound ports.

Do your homework so you can prepare for a visit from the auditor.  Sign up today!

 

New Android Mobile App:
GoAnywhere File Transfer at the Tap of a Finger

Wednesday, June 26, 2013 Posted by

It used to be that when we left work for the day, we really left work.  With today’s mobile culture, however, employees are staying on top of projects and communicating with customers no matter where they are.

Linoma Software found a way to make that a little easier by developing its new GoAnywhere File Transfer mobile application for the Android platform.

Now, GoAnywhere Services customers can securely exchange files with internal servers or trading partners using their mobile phone or tablet.  Trading partners can also download the app and access the customer’s web portal to exchange files securely and conveniently.

The GoAnywhere File Transfer mobile app works much like GoAnywhere Services’ ad hoc web client, and can also send files through Services’ Secure Mail feature.  It is free to download from the Google Play store.

Here are some screenshots of the Android app at work:

GoAnywhere App ad hoc web client From this screen, an employee could send or retrieve files by accessing the GoAnywhere Services ad-hoc web client.
GoAnywhere App secure mail GoAnywhere Services customers can also send files right from their phones or tablets using the Secure Mail feature.
GoAnywhere secure mail module As with the standard GoAnywhere Services Secure Mail module, users can choose from a variety of security settings before they send the secure email.

For more information about the GoAnywhere File Transfer Android app, you may read the official announcement, or contact us via email or by calling 1-800-949-4696. If you’re not familiar with GoAnywhere Services, our secure FTP server solution that’s part of the GoAnywhere managed file transfer suite of products, we’d be happy to schedule a demo with one of our product specialists.

GoAnywhere Customer Spotlight: Think Mutual Bank

Thursday, June 20, 2013 Posted by

System Administrator Amy Hoerle has spent much of her career writing custom FTP scripts, so when she first started at Think Mutual Bank, she was a little surprised to find that GoAnywhere was already handling many of their file transfer processes.

“GoAnywhere was always there and always running,” she said.  “Before, if I had to write a script, there were so many things that could go wrong that I’d have to check for. Now, I can automate all of it and make it simple with GoAnywhere, things that would take me a lot of time elsewhere.”

For more about how Think Mutual Bank uses GoAnywhere to manage file transfers, handle encryption, translate data formats, and more, watch this video interview we did at the 2013 COMMON User’s Conference.

You can find more videos like this in our Success Story Library.

 

Federal Government Prioritizes Data Security

Tuesday, May 7, 2013 Posted by

During the last State of the Union address, President Barack Obama included improving data security on his list of national priorities.

President Obama said, “America must also face the rapidly growing threat from cyberattacks… We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy.”

Including data security 0n the President’s agenda is significant because it first implies that our government is not yet accomplishing this goal, and second it compels us to put the pieces in place “to protect our national security, our jobs, and our privacy.”

Cyberattacks Not Always Sophisticated

Government Data Security Identified as Top PriorityWhile the list of companies who have suffered some form of data breach grows, the sad reality is that many cyberattacks (malicious or otherwise) are not “sophisticated” and could be prevented with off-the-shelf solutions. These first level attacks focus on corporate secrets, personal identity fraud, credit information, and private email.

The second level of attacks are those that attempt to disrupt our national security, financial institutions, and the backbone of our infrastructure. Internet providers, utility and transportation companies use communications to run switching stations, trucks, and trains, all of which would affect our livelihood if disrupted.

The President mentioned signing an Executive Order to work on this initiative (Executive Order 13636—Improving Critical Infrastructure Cybersecurity). The Executive Order calls for standards, processes and procedures to be proposed within 120 days of its signing (February 19, 2013).

Don’t Wait to Take Action

When trying to comply with all of the various data security regulations (like  PCI DSS or HIPAA), it is critical to have the right procedures and products in place.

A variety of government agencies have already implemented solutions such as the GoAnywhere managed file transfer solution.  GoAnywhere takes a standards-based approach to data security using proven FIPS 140-2 validated encryption, SSL, TLS and SSH protocols, along with role-based administration and detailed audit trails.  This comprehensive approach allows federal agencies to protect and automate their batch transmissions, perform ad-hoc transfers safely and provide a compliant alternative to email attachments.

Linoma Software will be demonstrating the GoAnywhere solution, which is now listed in the GSA Advantage Directory, at the upcoming FOSE Government Technology and IT Expo held in Washington DC, May 14-16.

In the State of the Union Address, the President encouraged Congress to pass laws to “give our government a greater capacity to secure our networks and deter attacks.”

Take a look at GoAnywhere today and learn how you can meet your security requirements and save costs through file transfer automation.