News

The leading innovator of strong cryptography products, SSH Communications Security is to announce SSH (Secure Shell) compatibility with PGP (Pretty Good Privacy).

Now, SSH uses the same public key algorithms in user authentication that PGP uses for message encryption and digital signing. "SSH and PGP's public key infrastructure are a natural fit", says Phil Zimmermann, the developer of PGP and a Senior Fellow at Network Associates, "The user communities for SSH and PGP already overlap quite a bit, and this brings the two together in a synergistic manner."

"This facilitates the usage of these programs." continues Timo Rinne, Vice President for the Development, SSH Communications Security, "Now, the users of both SSH and PGP do not need to convert their PGP keys for SSH since SSH can access PGP key rings."

At the same time, SSH and PGP both have key generation mechanisms of their own so, any of the programs can generate the keys. Old SSH keys are still usable and they remain a default way to store public keys. PGP compatibility is available in both free and commercial versions of SSH 2.0.13.

PGP and SSH are widely referred as de-facto standards. Both products are going through the standardization process at the IETF (Internet Engineering Task Force), the organization which is setting Internet standards. As a result of this work, OpenPGP, is an Internet standard proposal that defines the file formats of PGP messages and keys (currently RFC-2440). There is also another OpenPGP implementation called GnuPG, and SSH can use keys generated with GnuPG as well.

PGP - first to use Public Key Cryptography

PGP was the first widely used email encryption program which uses Public Key Cryptography. It was published in 1991 as freeware, and today it has more then four million users world wide.

The encryption is controlled by two keys, private and public. Every PGP user has a unique pair of these two keys. The public key is generally known and serves to encrypt the data. The private key is known only to the owner and serves to decrypt the data. This means that everybody can use your public key to send encrypted messages to you but only you can decrypt them with your private key. On the other hand, you can encrypt outgoing messages using the addressee's public key.

SSH - strong cryptography for secure logins

SSH is a secure login program that uses strong cryptography for protecting all transmitted confidential data, including passwords, binary files, and administrative commands, creating encrypted terminal connections on the Internet. SSH is designed for companies that need a way to secure all confidential communications running through the insecure public networks today.

© 2002 SSH Communications Security Corp. All rights reserved. ssh® is a registered trademark of SSH Communications Security Corp in the United States and in certain other jurisdictions. All other names and marks are property of their respective owners.