[7][8] The new OpenPGP standard (RFC 9580) has also been criticised by the maintainer of GnuPG Werner Koch, who in response created his own specification LibrePGP.

From its first version, PGP has always included provisions for distributing user's public keys in an 'identity certification', which is also constructed cryptographically so that any tampering (or accidental garble) is readily detectable.

To the best of publicly available information, there is no known method which will allow a person or group to break PGP encryption by cryptographic or computational means.

The cryptographic security of PGP encryption depends on the assumption that the algorithms used are unbreakable by direct cryptanalysis with current equipment and techniques.

[18] Similarly, the symmetric key algorithm used in PGP version 2 was IDEA, which might at some point in the future be found to have previously undetected cryptanalytic flaws.

In 2003, an incident involving seized Psion PDAs belonging to members of the Red Brigade indicated that neither the Italian police nor the FBI were able to decrypt PGP-encrypted files stored on them.

A second incident in December 2006, (see In re Boucher), involving US customs agents who seized a laptop PC that allegedly contained child pornography, indicates that US government agencies find it "nearly impossible" to access PGP-encrypted files.

[22][23] The Fifth Amendment issue was opened again as the government appealed the case, after which a federal district judge ordered the defendant to provide the key.

[24] Evidence suggests that as of 2007[update], British police investigators are unable to break PGP,[25] so instead have resorted to using RIPA legislation to demand the passwords/keys.

In November 2009 a British citizen was convicted under RIPA legislation and jailed for nine months for refusing to provide police investigators with encryption keys to PGP-encrypted files.

[26] PGP as a cryptosystem has been criticized for complexity of the standard, implementation and very low usability of the user interface[27] including by recognized figures in cryptography research.

Backwards compatibility of the OpenPGP standard results in usage of relatively weak default choices of cryptographic primitives (CAST5 cipher, CFB mode, S2K password hashing).

Popular end-user implementations have suffered from various signature-striping, cipher downgrade and metadata leakage vulnerabilities which have been attributed to the complexity of the standard.

[32] This first version included a symmetric-key algorithm that Zimmermann had designed himself, named BassOmatic after a Saturday Night Live sketch.

First, I sent it to Allan Hoeltje, who posted it to Peacenet, an ISP that specialized in grassroots political organizations, mainly in the peace movement.

Users and supporters included dissidents in totalitarian countries (some affecting letters to Zimmermann have been published, some of which have been included in testimony before the US Congress), civil libertarians in other parts of the world (see Zimmermann's published testimony in various hearings), and the 'free communications' activists who called themselves cypherpunks (who provided both publicity and distribution); decades later, CryptoParty activists did much the same via Twitter.

Shortly after its release, PGP encryption found its way outside the United States, and in February 1993 Zimmermann became the formal target of a criminal investigation by the US Government for "munitions export without a license".

In 1995, he published the entire source code of PGP in a hardback book,[34] via MIT Press, which was distributed and sold widely.

After the Federal criminal investigation ended in 1996, Zimmermann and his team started a company to produce new versions of PGP encryption.

They merged with Viacrypt (to whom Zimmermann had sold commercial rights and who had licensed RSA directly from RSADSI), which then changed its name to PGP Incorporated.

Townsend Security partnered with Network Associates in 2000 to create a compatible version of PGP for the IBM i platform.

The new company was funded by Rob Theis of Doll Capital Management (DCM) and Terry Garnett of Venrock Associates.

On April 29, 2010, Symantec Corp. announced that it would acquire PGP Corporation for $300 million with the intent of integrating it into its Enterprise Security Group.

[46] In May 2018, a bug named EFAIL was discovered in certain implementations of PGP which from 2003 could reveal the plaintext contents of emails encrypted with it.

[49] On August 9, 2019, Broadcom Inc. announced they would be acquiring the Enterprise Security software division of Symantec, which includes PGP Corporation.

These newer versions of PGP software eliminate the use of e-mail plug-ins and insulate the user from changes to other desktop applications.

The company adopted an informal internal standard that they called "Unencumbered PGP" which would "use no algorithm with licensing difficulties".

The open source office suite LibreOffice implemented document signing with OpenPGP as of version 5.4.0 on Linux.

[9] The Free Software Foundation has developed its own OpenPGP-compliant software suite called GNU Privacy Guard, freely available together with all source code under the GNU General Public License and is maintained separately from several graphical user interfaces that interact with the GnuPG library for encryption, decryption, and signing functions (see KGPG, Seahorse, MacGPG).

The development of an open source OpenPGP-compliant library, OpenPGP.js, written in JavaScript and supported by the Horizon 2020 Framework Programme of the European Union,[54] has allowed web-based applications to use PGP encryption in the web browser.