PGP Timeline
The topic of PGPs history seems to be fraught with controversy, and it
is difficult for a new comer to discover the full story.

This FAQ lists as much detail of the history as I have been able to
gather together. My part in the creation of this document is to collate
information, all of the information is obtained from others, from email
comments, from my reading of other peoples past cypherpunks list posts,
usenet posts, and from my reading of the resources available on the WWW, and
the pgp source code and documentation (going back to version 1.0).
I think there are still many inaccuracies, so if you have any
corrections, extra information, or know anyone who you think may know more, feel
free to forward them a copy for comment.
Adam Bac
(pgp on key servers, or here)

An html version of this document can be obtained from:
PGP timeline and brief history

1. Definitions of acronyms

2. History of crypto as it appliesto PGP

3. Birth of PGP 4. USG decides they don't like PRZ 5. PRZ, MIT
and RSA sort out earlier patent issues

6. Current legal status 7. ITARs
viewed from inside the US 8. ITARs viewed from outside the US
1. Definitions of acronyms PGP Pretty Good Privacy PRZ Phil R
Zimmermann, internet folk hero, author of PGP RSA The RSA public key
crypto algorithm as used in PGP. RSA stands for Rivest, Shamir, and
Adleman (its designers). RSADSI rsa.com, RSA Data Security Inc, patent
holders of some public key stuff, which they claim means that no one
can use RSA without getting a license from them. They have a www page
at: http://www.rsa.com/ PKP Public Key Partners composed of RSADSI plus
Cylink (plus others?) (now disbanded) ITAR International Traffic in
Arms Regulations controls export of controlled munitions from the US,
things like military aircraft components, biological and chemical
weapons, and also (very strangely) cryptographic software. See:
ftp://ftp.cygnus.com/pub/export/itar.in.full.gz for the full text of
ITAR (file is GNU zip format). PK Public Key (cryptography) as opposed
to symmetric key cryptography PK is also known as "asymmetric key"
cryptography. NSA US National Security Agency, US govt's largest spook
agency. whimsically known as No Such Agency because until recently the
US govt tried to deny they even existed. (Also the letters NSA are
jokingly said to mean Never Say Anything because their public relations
technique is usually "no comment" to avoid giving anything away) CIA US
Central Intelligence Agency, another US spook agency DEA US Drug
Enforcement Agency, agency charged with carrying out the "War on
drugs". NIST National Institute of Standards and Technology ODTC Office
of Defense Trade Controls, USG group charged with enforcing ITAR. They
consult with the NSA, the NSA has the last word on what gets export
approval. USG United States Government ETHZ Eidgenissische Technische
Hochschule Zurich ZLDF Phil Zimmermann Legal Defense Fund (now closed
since his investigation was dropped) IDEA International Data Encryption
Algorithm invented by Xuejia Lai and James Massey at ETH in Zurich.
Patent owned by Ascom-Tech. Bass-O-Matic Symmetric key crypto algorithm
designed PRZ as used in PGP 1.0. Bass-O-Matic was weak, and after
having this demonstrated to him, PRZ replaced it with IDEA in later
versions of PGP.
2. History of crypto as it applies to PGP

1. The year is 1976, a
cryptographer and privacy advocate named Whitfield Diffie, together
with an electrical engineer named Martin Hellman discovers public key
cryptography. (DH key exchange is still a commonly used key exchange
protocol -- DH = Diffie-Hellman).

2. 1977 Ron Rivest, Adi Shamir, and
Len Adleman discover another more general public key system called RSA
(after surnames Rivest, Shamir, and Adleman). R, S & A were
researchers at MIT (significant later, because MIT has part ownership
of patents.)

3. NSA tells MIT and R, S & A that they'd better not
publish this or else.

4. Amusingly Adi Shamir (S from RSA) isn't even a
US citizen, he's an Israeli national, and is now back in Israel at the
Weitzmann Institute. Who knows what the NSA would have done about him
if they had succeeded in supressing RSA - not allowed him out of the

5. MIT and R, S & A ignore NSA and publish anyway in SciAm July
1977, in an article entitled "New Directions in Cryptography". They
later published RSA in Comms ACM (feb 1978, vol 21, no 2, pp 120-126
(an international publication) in case you want to see if it's in your
library - it's in Exeter Univ (UK) library).

6. Because the publication
was a rush job due to the NSA, R,S & A and the later formed PKP and
RSADSI lose patent rights to RSA crypto outside the US. This is because
most places outside the US, you have to obtain a patent *before*
publication, whereas in the US, you have one year from the publication
date to file for patents. This also had implications for PGP later.
Another issue is that the patent law in the US is unusual in that it
allows the patenting of algorithms (well algorithms as embodied by a
system for a specific purpose -- what is being patented is the system).
The RSA crypto system would probably not have obtained a patent in many
other countries due to it being an algorithm, and hence it would
probably have been ruled unpatentable, even if R, S and A had not been
rushed by the NSAs interference.

7. IDEA was developed by Xuejia Lai
and James Massey at ETH in Zurich. (Relevant to PGP because IDEA is the
symmetric key cipher used together with RSA in PGP). Also crypto
politics relevance in that it is another (of many) examples of the fact
that crypto knowledge and expertise is worldwide, ie why export
restrict something which is available both sides of the ITAR fence, or
even originated *outside* it? (Strangely, ITAR applies to importing and
then re-exporting a crypto system, even if no modifications are made).
There are lots of other symmetric key ciphers, IDEA is one with a good
reputation (no known practical attacks better than brute-force to date,
and a good key size), and is just referenced here because of its use in
PGP. (some years pass...)
3. Birth of PGP

1. While Iraq was still a secret US ally against Iran,
Iraqi exchange students using the same literature as PRZ later did
wrote a working PK cryptosystem for their military (which was using
poison gas against the Kurds at the time). Not a peep from the govt.,
of course.

2. The US government introduces the 1991 Senate Bill 266.
This omnibus anti-crime bill had a measure in it that all encryption
software must have a back door in it. An excerpt is in pgpdoc1.txt,
distributed with PGP. This bill prompted PRZ to write PGP. This is what
PRZ says in pgpguide.lst in pgp1.0: The 17 Apr 1991 New York Times
reports on an unsettling US Senate proposal that is part of a
counterterrorism bill. If this nonbinding resolution became real law,
it would force manufacturers of secure communications equipment to
insert special "trap doors" in their products, so that the Government
can read anyone's encrypted messages. It reads: "It is the sense of
Congress that providers of electronic communications services and
manufacturers of electronic communications service equipment shall
insure that communications systems permit the Government to obtain the
plain text contents of voice, data, and other communications when
appropriately authorized by law." (This was 1991 Senate Bill 266 and it
eventually failed to pass into law.)

3. PRZ wrote pgp1.0. He
implemented RSA encryption, combined with a symmetric key cipher of his
own design called Bass-O-Matic. It later turned out that Bass-O-Matic
was weak, and he replaced it with the use of IDEA for subsequent
versions of PGP. pgp2.0 and later versions have used IDEA. There were
other differences between pgp1.0 and pgp2.0 and later versions. pgp1.0
used the MD4 message digest algorithm, Ron Rivest designed MD5 to fix a
weakness which was discovered in MD4, and pgp2.0 and subsequent
versions use MD5. pgp1.0 used uuencode for 7 bit transport, where as
versions 2.0 and later use radix-64 ascii armor. pgp2.0 and later
versions use ZIP compresion code (as used by PKZIP the popular DOS
compression program, GNU ZIP also uses this code), where as pgp1.0 used
LZHuf (an adaptive Lempel-Ziv Huffman compression alogorithm).

4. PRZ gave PGP 1.0 to some friends

5. Some friends up loaded onto a few
bulletin boards (US only) One friend (allegedly Kelly Goen) went around
pay-phones with a portable, an acoustic coupler, and a list of BBS
phone numbers uploading and then driving on to another area. This cloak
and dagger stuff was because at the time the USG had some draconian
sounding proposed law on the books which sounded like it was going to
outlaw crypto. The intention was to ensure that PGP was available
before this law came into effect, and to avoid being stopped if the USG
took interest.

6. Somehow PGP leaked outside the US via the internet.
Information wants to be free, as someone said: `trying to control the
free flow of information on the internet is like trying to plug a sieve
with a hole in it'. Also Tim May's quote 'National borders are just
speedbumps on the information superhighway' expresses the point very

7. People all over the world (yeah outside the US too) start
using PGP

8. RSA complains to PRZ that PGP violates their PK patents

9. PRZ tells RSA to get stuffed, says its the users problem to get a
license - this text from the pgp1.0 documentation lays out PRZs
original stance on the patent issue, before this was resolved: The RSA
public key cryptosystem was developed at MIT with Federal funding from
grants from the National Science Foundation and the Navy. It is
patented by MIT (U.S. patent #4,405,829, issued 20 Sep 1983). A company
called Public Key Partners (PKP) holds the exclusive commercial license
to sell and sub-license the RSA public key cryptosystem. For licensing
details on the RSA algorithm, you can contact Robert Fougner at PKP, at
408/735-6779. The author of this software implementation of the RSA
algorithm is providing this implementation for educational use only.
Licensing this algorithm from PKP is the responsibility of you, the
user, not Philip Zimmermann, the author of this software
implementation. The author assumes no liability for any breach of
patent law resulting from the unlicensed use by the user of the
underlying RSA algorithm used in this software.

10. PGP is considered
potentially patent infringing because of 2.6. Eventually PRZ signs an
agreement with PKP. They won't sue him if he stops distributing PGP.
PRZ has stopped distributing PGP -- others have taken over development
and distribution.

11. Illegality taint increases the spread of PGP,
generates news, more people get a copy to see what the fuss is about
(some time passes, PGP gets real popular...)

4. USG decides they don't like PRZ

1. The US gov gets a complaint from
Bidzos that PGP breaks a bunch of laws. When customs first started
investigating PRZ they were under the impression that PGP was developed
by PKP and PRZ stole it and was not distributing it around the world.

2. USG decides that they don't like PRZ because the NSA can't tap all
those internet mail messages anymore. (the NSA part is speculation, but
in my opinion likely true). 3. USG begins investigating PRZ for alleged
aiding with ITAR violation. It is clear from the very begining that PRZ
did not, and is not encouraging export of PGP, as demonstrated by this
excerpt from the pgp1.0 docs: Export Controls The Government has made
it illegal in many cases to export good cryptographic technology, and
that may include PGP. This is determined by volatile State Department
policies, not fixed laws. Many foreign governments impose serious
penalties on anyone inside their country using encrypted
communications. In some countries they might even shoot you for that. I
will not export this software in cases when it is illegal to do so
under US State Department policies, and I assume no responsibility for
other people exporting it without my permission. 4. Phil Zimmermann
legal defense fund (the yellow ribbon campaign) set up to cover his
legal expenses. This defense fund is now closed since the investigation
was dropped. See: http://www.netresponse.com/zldf/ (concurrently...)

5. PRZ, MIT sort out earlier patent issues

1. PGP2.5 is written which
uses RSAREF 1.0 in place of MPILIB (also has backwards compatibility
with older versions impaired to discourage use of older allegedly
patent infringing versions). MIT with PRZs approval start distributing
a version of PGP using RSAs RSAREF library, this ensures that the new
version of PGP (pgp 2.5) does not infringe any patents as it falls
within the license for RSAREF1.0.

2. RSADSI threatens MIT with legal
action, and eventually backs down when MIT refuses to budge. (Recall
1.6 MIT owns part of the RSA patent which gave them a unique bargaining
position against the somewhat litigious RSADSI).

3. RSAREF may be
slower, but at least after some hassles from RSADSI, a version of PGP
is now 100% legal, and they agree that it is non patent infringing.

4. MIT begins acting as official US distributor of PGP

5. As usual, a few
milli-seconds (well okay, minutes) after the official release of a new
version of PGP, it gets exported from the US.

6. The deal with RSA over
RSAREF has fixed the patent related problems in the US, but it has
created a copyright related problem outside the US, (recall 1.6).
RSAREF is a software package copyrighted by RSA, and RSA is not allowed
to export it because of ITAR, and their license agreement says as much
(ie it says that you must not export it, and if you do export, you, and
the subsequent users of it, are in breach of license). It is therefore
supposed that RSA could if they wanted complain about this (who knows
that they would want to, or what conceivable benefit it would give them
if they did). This isn't enough to bother most people, but commercial
users, and big organisations have lawyers, and are wary of such things.

7. Stale Schumacher put together pgp26i to avoid this problem. Main
difference between pgp26x and pgp26xi is that pgp26xi uses PRZs
original big integer library MPILIB, which is any case faster than
RSADSI's RSAREF, and the lack of the legal kludge noted in 3.3. 8. MIT
and PRZ publish PGP internals book. The book is currently available
throughout the world. It has complete PGP source code in an OCR font.
The page numbers are inserted in C style comments /* pagenum */ so that
they do not interfere with scanning. See mit press page for ordering
info for the book: [insert mit press URL for book] MIT were following
on from Phil Karn's fun had at the expense of the NSA and ODTC with his
case of the ODTCs ruling that Bruce Schneier's book Applied
Cryptography was exportable while the disk set (with the very same
source code) was ruled as not exportable. Phil Karn is appealing at
this decision. See, for documents Phil Karn has scanned on the case:
http://www.qualcomm.com/people/pkarn/export/ MIT has asked for
permission to export the PGP internals book, so far the NSA sounds like
they want to ban the export of the book, PRZs declaration (PRZ made a
declaration in connection with Phil Karn's case against the NSA, the
ODTC, and miscellaneous government officials) this was taken from
bottom of: http://www.qualcomm.com/people/pkarn/export/zimm.html ...
10. I believe that the commodity jurisdiction request referred on page
28 of the Justice filing is the one which was filed by MIT Press for my
book, PGP: Source Code and Internals. I am further informally advised
that the National Security Agency has considered the Request and
recommended that the book be controlled for export under the ITAR and
that the Department of Commerce has recommended that it not be subject
to ITAR controls.
6. Current legal status 1. PGP is legal both inside and outside the US.
You just need to use pgp262 version inside the US, and pgp262i versions
outside the US. If you are in the US and pgp262 does not compile for
your platform, another option may be to obtain pgp262i and compile it
with -DMIT, which makes it use RSAREF (which keeps RSADSI happy),
pgp262i compiles for a wider range of platforms. See Stale Schumacher's
pgp pages for a table of which versions to use in USA/Canada/Rest of
world depending on whether you are using in a commercial or a
non-commercial setting: http://www.ifi.uio.no/~staalesc/PGP/
http://www.ifi.uio.no/~staalesc/PGP/which-version.shtml 2. In the US if
you are using PGP in a commercial setting, and care about patents, you
should purchase a copy of ViaCrypt pgp2.7, here is the relevant quote
from the pgp2.6.2i documentation: Ascom-Tech AG has granted permission
for the freeware version PGP to use the IDEA cipher in non-commercial
uses, everywhere. In the US and Canada, all commercial or Government
users must obtain a licensed version from ViaCrypt, who has a license
from Ascom-Tech for the IDEA cipher. 3. Commercial use outside the US
and Canada: RSA is free as RSA is not patented outside the US, but a
license is required from Ascom Systec for IDEA. See Ascom's www pages:
http://www.ascom.ch/Web/systec/security/license.htm Ascom Systec
contact info: Ascom Systec AG IDEA Licensing Gewerbepark CH-5506
Maegenwil Switzerland Phone: +41 62 889 59 54 Fax: +41 62 889 59 54
7. ITARs viewed from inside the US 1. ITAR means that if you are in the
US you should not export PGP. (Yeah it's already available on a few
thousand ftp sites around the free world, so another export isn't going
to make any difference, but the NSA and the ODTC might not see it in
that light). 2. Even though controlling the export of freeware software
available worldwide might seem incredibly stupid (not to mention
pointless), you should bear in mind that the penalties for getting
successfully prosecuted for violating ITAR are rather steep. Up to
$1,000,000 (US$) fine, and and up to 10 years imprisonment per count of
export. 3. They'd probably never do anything to you, PRZ is just a
scape goat (someone they can symbolically persecute to discourage
others). I have personally seen several people from US sites post
crypto source and binaries (nautilus, PGP itself even). Plus of course
-export-a-crypto-system-sig -RSA-3-lines-PERL #!/bin/perl -sp0777i
Comments, html bugs to me (Adam Back) at