mirror of git://git.gnupg.org/gnupg.git
81 lines
2.8 KiB
Plaintext
81 lines
2.8 KiB
Plaintext
Why to use GnuPG and not PGP.
|
|
-----------------------------
|
|
|
|
* PGP 2 is nearly Free Software but encumbered by the IDEA patent.
|
|
|
|
* PGP 2 is old, hard to maintain and limited to one set of
|
|
encryption algorithms (RSA + IDEA)
|
|
|
|
* PGP 2 is not a GNU or Unix Program and threfore not easy to use in
|
|
those environments
|
|
|
|
* PGP 2 has a couple of minor security flaws
|
|
|
|
* PGP 5 and 6 are more or less OpenPGP conform but proprietray
|
|
software. Source code is available but there is no way to be sure
|
|
that the distributed binary versions do match the source code.
|
|
Parts of the source code are not published. It is illegal to
|
|
build versions of PGP from source and distribute them (IIRC, there
|
|
is an exception for private users).
|
|
|
|
* PGP 5 and 6 are not fullty OpenPGP compliant
|
|
|
|
* PGP 7 is claimed to be OpenPGP compliant but the source code is
|
|
not anymore published.
|
|
|
|
* At least versions before 6.5.8 had severe coding bugs. We don't
|
|
know about PGP 7.
|
|
|
|
* PGP 5, 6 and 7 implement complicated methods for key recovering in
|
|
corporate environments. Although this is not a hidden feature,
|
|
this leads to more code and bugs.
|
|
|
|
* NAI as the vendor of PGP seems to be a major government contractor.
|
|
|
|
* Given the history of known backdoors in other proprietary software
|
|
(e.g. Lotus Notes), some folks claim that there might also be
|
|
backdoors in PGP 5, 6 and 7. Now there are even more rumors after
|
|
Phil Zimmermann left NAI.
|
|
|
|
* GnuPG is Free Software under the GNU GPL. It does not use
|
|
patented algorithms.
|
|
|
|
* Everyone is able to scrutinize the source code, build, distribute
|
|
and use versions of his own or from a trusted party he chooses.
|
|
|
|
* The build environment is also Free Software and therefore less
|
|
likely tampered with malicious code. The exception here is the MS
|
|
Windows version of GnuPG where the OS is proprietary. The binary
|
|
version however is build using an entirely Free Software OS and
|
|
toolchain (cross-platfrom development under GNU/Linux).
|
|
|
|
* Security fixes are provided very fast.
|
|
|
|
* GnuPG is a standard tool in all GNU/Linux systems and used in many
|
|
different environments.
|
|
|
|
* GnuPG gives reasonable messages and not just "Error encrypting".
|
|
|
|
* GnuPG supports most of the optional features of the OpenPGP standard.
|
|
|
|
* GnuPG comes with internationalization support for 16 languages.
|
|
|
|
* Graphical frontends are available and they divert the task of
|
|
the actual cryptographic operations to GnuPG as a specialized tool
|
|
for this. A library called GPGME is available which makes
|
|
interfacing of GnuPG with other programs quite easy.
|
|
|
|
* GnuPG is available for all GNU and Unix platforms as well as for
|
|
all MS Windows Operating systems. Porting to VMS, MAC OSX and
|
|
OS/2 is nearly finished.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|