Video Screencast Help
Encryption Blog

Source Code Downloads

Created: 09 Sep 2010 • Updated: 05 Nov 2012 • 4 comments
Bryan Gillson's picture
0 0 Votes
Login to vote

Bryan Gillson - Senior Director Product Management

Update: As of September 9, 2010, source code downloads of PGP software are again available.

Encryption has always been about trust. Questions about who you trust and who you distrust, are critical to determining whether (and how) to encrypt your data. Of course, trust-related questions go beyond just specific threats and extend directly to the selection of an encryption vendor.

This is why, since its founding, PGP Corporation has made its source code publicly available for cryptographic review. We feel that the ability for the public to study our source code and personally confirm the quality, validity, and security of our cryptographic implementations has been a key reason for the trust placed in PGP Corporation and our products. This belief has been reinforced by many customers across the spectrum: corporate, individual, educational, and government.

Now that PGP Corporation is a part of Symantec, many customers have asked whether we will continue to publish our source code. In other words, does Symantec share this commitment to security and trust? The short answer is “Yes.” Symantec’s management team believes as we do: confidence in cryptographic implementations is critical to securing data against the latest  sophisticated threats coming from organized criminals and nation states.

The longer answer is slightly more complex.

As with all U.S. companies selling strong encryption software, Symantec must comply with  U.S. federal export regulations. These regulations require the filing of detailed information about ciphers, algorithms, functionality, and implementations. After review by the appropriate federal agencies, the products are assigned a classification and various ID numbers (you can see our existing export information here: http://www.pgp.com/products/export_compliance.html).

As part of the acquisition by Symantec, all of PGP Corporation’s products must be reclassified – and this includes the source code we make available.  Standard process would involve removing our source code from our download section during the period of review.  However, Symantec understands the potential impact this would have on our customers’ trust, and the questions it could raise.

Consequently, during this review period we have reached a compromise under which we will  allow download and review of our source code only from within the United States. This compromise allows us to continue with this important policy while also satisfying the strict regulations under which encryption vendors must operate.

Transparency is another element of trust, so we wanted to be sure to publicly communicate this change and the rationale. While it may cause some frustration for our many users outside of the U.S., we hope you understand. We expect this will be temporary and will update our blog and source code download pages when the review and reclassification is complete.

Comments 4 CommentsJump to latest comment

chemphill's picture

where is the pgp source code to download ... i need a link directly to the code ...

+1
Login to vote
Bannerdog's picture

 

Symantec claims to make the PGP source code available.

However, there seems to be no way to download the PGP source code.

Asking Customer Support requires either installing chat bloatware or navigating a series of drop-down menus containing no applicable selections and which will therefore almost certainly mis-steer the inquiry.

I would commend Symantec if they really did make the source code available.

They seem far less accessible and up front than when I purchased Symantec C++ v1.0 on 5 1/4" floppies (it being the only C++ complier available), allowing me to stop using CFront (a preprocessor that converted C++ to C).

 

 

 

 

 

 

 

 

 

 

+3
Login to vote
Arnesen's picture

Why is it still possible to download the source code from outside the U.S. then? And why hasn't the available source code been updated to reflect the latest versions of PGP? And why not take it one step further and make it easy for people to self-compile?

+2
Login to vote