Privacy Guard

Encryption Suite

About Privacy Guard

Privacy Guard is a complete encryption suite with Open PGP at its core. The project started in 2011 and has been developed month on month, year on year to what is now an extremely powerful and versatile encryption suite.

Encrypt

Using PGP, AES, Blowfish, Twofish and TripleDES, Privacy Guard can take care of your data security needs

Verify

Digitally verify individuals, documents, files and data with PGP Digital Signatures and SHA Fingerprinting

Validate

Obtain Privacy Guard keys using the Public Key Server and validate them using PGP Digital Signatures

Secure

Using Privacy Guard Secure File Wipe, wipe sensitive files to ensure they are completely unrecoverable

National Security Agency (NSA)

"No decrypt available for this PGP encrypted message."

Why Use Privacy Guard

Privacy Guard is a desktop application, putting you in complete control of your own installations and use.

Built on .NET

Built on .NET, Privacy Guard runs beautifully on Windows platforms

Simple Settings

Switch between Simple and Advanced modes to suit your usage requirements

Simple Interface

Designed to be minimalistic, Privacy Guard is easy to use.

Ready To Use

Just download, install and you're set. No registration and no licencing!

The Only Encryption Suite You'll Need

Privacy Guard has everything you'll need to secure your data, and it's FREE!

Key Features

Take a look at some key features of Privacy Guard at a glance and see how things work!


Complies to Open PGP standards

OpenPGP is an Open Source version of PGP.

PGP was developed in 1991 by Phil Zimmerman.

In 1997, it was agreed to release an Open Standard for PGP, freeing it from all the legal issues surrounding patents etc.

Full HMAC Support

HMAC provides a method of sending messages in plain text but with an encrypted hash signature.

Using a shared (secret) key the plain text can be verified by your intended recipients. Without the shared key, the plain text cannot be verified.

If the text is changed, the hash will no longer match but it cannot be re-generated (as a standard hash can) without the shared key.

Supported algorithms include SHA1, SHA256, SHA512, HMAC-SHA1, HMAC-SHA256, HMAC-SHA384, HMAC-SHA512, HMAC-RIPEMD160

Public Key Server

Privacy Guard now connects to our Public Key Server and newly generated keys are sent to the server automatically. Existing keys can also be shared with the server anytime.

The Public Key Server (PKS) extracts key information directly so what you provide in your key generation is replicated on the server.

The PKS also handles Key Revocations. Directly revoking a key in Privacy Guard sends the Revocation Certificate data (and the revoked key) to the PKS where others can check your key status.

SMTP Support

Privacy Guard allows you to enter your own email details (server, username etc) and send emails direct from the application.

All email details are encrypted or hashed and stored in a CryptoStore secure data store in the application.

Encryption Key Generator

Privacy Guard will generates encryption keys based on random passwords, or passwords provided by the end user. This provides safe and authentic keys for use in both development and production environments.

Full End to End Encrypted Messenger

Privacy Guard 2105 will include Xannum Instant Messenger. Send end-to-end encrypted messages to other Privacy Guard users.

Uses CryptoStore Technology

CryptoStore is an encrypted settings system from COCA Solutions that stores both keys and values in a secure format by implementing 256-bit AES and SHA256 hashing algorithms.

Multi-Factor Authentication Login

Your Private Key passphrase is extremely important, it should NEVER be shared as this provides access to your Private Key; used for digital signing and encryption methods under the PGP architechture.

Multi-Factor Authentication (MFA) allows you to generate an encrypted token on a removable device (such as USB Stick or Mobile Phone) and secure this with a secondary password.

Using MFA, you need never key in your actual Private Key passphrase on a system suspected (for example) of running Key Loggers. Using both the MFA Token AND your secondary password allows a secure login without typing your passphrase. Should your secondary password be compromised, without the MFA Token, login in this way will not be possible. BOTH factors need to be present OR the original Private Key passphrase needs to be used.

Public Key Information And Images

Eventually you will build up a number of contacts (some with multiple keys) and all these will be on your Privacy Guard keyring.

Privacy Guard allows you to add an image to a public key for easy identification. This image is stored in the key itself and will be available to the recipient of that key if distributed. The image is shown automatically when the corresponding user is selected on your keyring.

In addition, clicking any key in your keyring, quickly shows the important information in a dedicated Information Panel.

AES, Blowfish, Twofish And 3DES

The are many encryption algorithms available. Some have been successfully cracked while others remain secure.

Privacy Guard's default algorithm for symmetric encryption is AES (Rijndael) but it also offers additional algorithms if required.

These include Twofish, Blowfish, 3DES (TripleDES) in addition to AES.

These additional algorithms are available when creating Privacy Guard Archives.

Hashing algorithms include SHA1, SHA256, SHA512, HMAC-SHA1, HMAC-SHA256, HMAC-SHA384, HMAC-SHA512, HMAC-RIPEMD160

Stay Up To Date

Privacy Guard speaks directly with an Update Server to check if you have the latest release available.

Simply click "Check For Updates", Privacy Guard will identify the installed version and check this against information on the update server. If an update is available, be given the ability to download it and start the upgrade from within Privacy Guard.

Note: In order to comply with UK export restrictions, some countries will not be allowed to download/update Privacy Guard.

Auto Logout

Set a logout time and Privacy Guard will auto-close at that time. If you leave a workstation for the evening, logged in, Privacy Guard will log itself out for you!

Auto Clear Clipboard

When enabled, Privacy Guard will flush your clipboard every 60 seconds.

This feature provides piece of mind in case you leave sensitive data on your clipboard, Privacy Guard will clear it for you.

Generate Secure Random Passwords

When symmetrically encrypting files the password is even more important.

To ensure a secure password is used, Privacy Guard now has a GENERATE button which will generate a random, 128 character password and drop this into the password fields for you.

No Escrow Keys

Escrow Keys are 'hidden' keys in encryption hardware or software that allow another person or organisation access to any encrypted data.

What can happen is this, you specify a password for your data, this is then used to encrypt it. At the same time the software encrypts your data to the escrow key. This means there are now two keys (your personal key and the escrow key) that can decrypt the data.

There has been a lot of controversy recently surrounding the USA's NSA (National Security Agency) forcing large companies to insert such keys into their encryption software, allowing the NSA to decrypt any data - belonging to any person or any organisation - using that software.

Database Ready Cipher Text

Privacy Guard Archives (PGA's) are encrypted with the option of Rijndael (AES), Twofish, Blowfish or TripleDES algorithms.

Whatever algorithm you choose, Privacy Guard will format the output cipher text in a database friendly (BASE 64) format, allowing it to be reliably stored in any database.

Secure File Wipe

When deleting a file from your Windows Operating System, the file is not actually removed from the disk.

What happens is the OS removes or 'scrubs' the File Header (the files identity) but leaves the physical file in place.

By removing the File Header, this 'hides' the files physical data from the operating system and allows that sector to be overwritten with new data.

Once overwritten, the data is safe from recovery but until such times, the data can be recovered using specialist 'Undelete Software'.

Privacy Guard overwrites the file in question ten times with random data, makes additional modifications to the file and its attributes before securely wiping the file altogether.

Access Privacy Guard With A Right Click

Right click on your Windows Desktop and click Open Privacy Guard to launch Privacy Guard.

In addition to double clicking a file to decrypt it, a right click and selecting 'Send To' will send the file (or files) to Privacy Guard. After logging in, if the file(s) are encrypted, Privacy Guard will prepare the files for decryption. If unencrypted, Privacy Guard will prepare them for encryption.

One-time Passphrase Entry

OTP (One-time Password) increase security by asking the user to enter their password (or in Privacy Guards case, passphrase) only once.

This is important as it means there is less chance of a password being seen as it's typed and also, less chance of keyloggers capturing the password as it is keyed.

Auto-Decrypt Clipboard

The auto-decrypt feature monitors your clipboard for a valid PGP message and automatically decrypts it, replacing the encrypted text with the decrypted text.

This allows easy decryption of messages with a simple copy/paste.

See Recipients Of Archives And Messages

When decrypting a PGP archive, Privacy Guard will analyse the file and list all the keys the archive is encrypted to.

This allows you to easily identify all intended recipients of the archive and identity if a message is encrypted to a key you have on your keyring.

It is also possible to view the intended recipients of a PGP encrypted message by simply copying it to your clipboard and checking the Message Recipients.

Non-repudiation With Digital Signatures

Non-repudiation is a legal term. In cryptography it gives a user confidence the file, text or email is from who it claims to be.

This is achieved by 'digitally signing' the item using your private key.

As only you have access to your private key, you cannot dispute you signed the item, likewise, the recipient(s) can say with certainty the item is genuine and from who it is claimed to be from.

Direct & Cert Based Key Revocation

There may be a time when you need to revoke a key you've previously distributed.

Examples of why a key would be revoked could be the private key has been compromised, another key supersedes it, the key is no longer in use or the user no longer needs that key.

Privacy Guard allows you to revoke your key directly against the Public Key Server and export a replacement public key or generate a Revocation Certificate which can be distributed to your contacts. Importing these into Privacy Guard revokes the relevant key, preventing further encryption to that key.

Encrypt To Multiple Recipients

The power behind Privacy Guard is the OpenPGP engine.

While you may need to only encrypt a single item for a single recipient, you're more likely to need to encrypt multiple items to multiple recipients.

Many encryption solutions allow this using symmetric (password based) encryption only. Privacy Guard makes this possible using your recipients public keys so only the people you encrypt the data for can decrypt it. No need to worry about passwords falling into the wrong hands.

This also allows you to encrypt an item to your recipients public key, as well as your own. Allowing only you and them access to the data.

Multi-Party, One Pass Encryption

The power behind Privacy Guard is the OpenPGP engine.

While you may need to only encrypt a single item for a single recipient, you're more likely to need to encrypt multiple items to multiple recipients.

Many encryption solutions allow this using symmetric (password based) encryption only. Privacy Guard makes this possible using your recipients public keys so only the people you encrypt the data for can decrypt it. No need to worry about passwords falling into the wrong hands.

This also allows you to encrypt an item to your recipients public key, as well as your own. Allowing only you and them access to the data.

X.509 Digital Certificate Support

X.509 is a Digital Certificate standard.

Import Digital Certificates as public or private keys with Privacy Guard.

Privacy Guard supports .pfx, .p12 (essentially the same file, seperated by Microsoft and Netscape naming standards) files for Private Keys and .cer, .p7b and .key files for public keys.

Decrypt PGP encrypted archives

Privacy Guard is OpenPGP compliant. This gives you - the end user - the ability to use PGP archives generated from other PGP and OpenPGP compliant software.

Likewise, any archives you create can be decrypted by other PGP compliant software.

PGP Sign and Verify files

Privacy Guard can create digital signatures of files, allowing you to create a unique signature which can be made available to the recipient to allow them to verify the file, to confirm the content hasn't changed since being signed.

This can be done using hashes/messages digests but Privacy Guard also allows PGP signatures to be generated - allowing them to be verified by other PGP compliant software.

Drag and Drop file encryption

The Keyring Manager screen contains a 'Drop Zone'.

Dragging files from a Windows folder onto this DropZone will add them to an archive and begin the encryption process.

Hash/Digest File Verification

Authentication is just as an important role in cryptography as encryption is.

Hashes/message digests are a set of unique characters, forming a 'digital signature' generated from a file or message.

This should be distributed securely or in a read-only format with any file allowing users to verify a file (or text) integrity.

An example of this is the SHA256 hash published alongside the Privacy Guard download.

Hash/Fingerprint Any File

Authentication is just as an important role in cryptography as encryption is.

Hashes/message digests are a set of unique characters, forming a 'digital signature' generated from a file or message.

Privacy Guard allows you to generate SHA1, SHA256, SHA512 and MD5 hashes/message digests of files.

An example of this is the SHA256 hash published alongside the Privacy Guard download.

SHA1, SHA256, SHA384, SHA512 and MD5 Hashing

This refers to the supported algorithms for hashing files.

See Verify files using hashes/message digests for more information.

Secure Notepad

Privacy Guard contains a secure notepad. This is a simple text editor that uses an encrypted memory space to store the information.

The information is auto-saved in case of power failure. This is also encrypted.

Encrypt & Email From Secure Notepad

Privacy Guard uses MAPI to connect your default mail client. This allows you to prepare a message in Secure Notepad and send it directly from there to any recipient on your keyring.

Using the information from your recipients public key, Privacy Guard first encrypts the message to that key and opens an email form, containing the encrypted message - for you to check before sending.

Digitally Sign & Email Secure Notepad

Privacy Guard uses MAPI to connect your default mail client. This allows you to prepare a message in Secure Notepad and send it directly from there to any recipient on your Keyring.

Using the information from your recipients public key, Privacy Guard first digitally signs the text before opening an email form, containing the signed message - for you to check before sending.

PGP compatible Keyring Manager

The Privacy Guard keyring is fully PGP compatible.

This means you can share PGP keys with both other Privacy Guard users and users of other PGP compliant software.

Generate Elliptic Curve Keys

Elliptic Curve (EC or ECC) was suggested in 1985 but didn't enter mainstream cryptography until around 2004/2005.

ECC is a form of Public Key encryption; and all this protocols strength is reliant on the problems with large semi-prime factoring or the discrete logarithm problem.

Privacy Guard's ECC keys are based on the ECDH (Elliptic Curve Diffie-Hellman) scheme.

For Elliptic curve based protocols, it's assumed that finding the discrete logarithm of a random elliptic curve element with respect to a publicly known base point is infeasible.

RSA and ElGamal (DH/DSS) keys

These are the two main types of keys used in PGP encryption.

In the basic of terms, these are asymmetric keys, key pairs. One is a private key (and MUST be kept secret and safe!) and the other is public (which you distribute freely, to anyone who wishes to contact you securely).

RSA is often the preferred algorithm (hence it is default in Privacy Guard) although ElGamal is used extensively and neither have a real advantage over the other in terms of security.

It's personal preference which is used.

1024-bit to 16384-bit Keys

A key size is measured in bits and as a rule, the larger the key, the more secure it is (it's worth noting Elliptic Curve key sizes aren't the same as their algorithms differ), although its performance may take a hit.

Most encryption software offers key sizes from 512-bits to 2048-bits. Some offer up to 4096-bits.

The strength of these keys relies on factorisation. These keys are essentially very, very large numbers, or semi-primes and made up from two smaller prime numbers.

Their security relies on how long it takes a computer to factor this massive number back to its two constituents. The two original prime numbers.

There is some talk 1024-bit keys may have been successfully factorised, so a minimum of 2048-bit key sizes are recommended.

Basic/Advanced Interface

Privacy Guard has a Basic and Advanced mode of operation.

Basic mode offers most of the features of Privacy Guard with some functionality removed for ease of use.

Advanced mode enables all the features, for the more confident user.

You can easily switch modes by clicking OPTIONS under the FILE menu and clicking the checkbox in the options screen.

Import PGP Private and Public Keys

Because Privacy Guard is OpenPGP compliant, you can import PGP key pairs (private/public) into Privacy Guard.

In addition, you can export your private/public key pairs from Privacy Guard.

Change Private Key User ID

Should your name or email address change, Privacy Guard allows you to change this information on your private key.

By distributing the replacement key, Privacy Guard will reflect these changes on their keyring.

Export Public Keys

A public key is the 'encryption key' for your recipient. You need to distribute this to your contacts or make it available for download from your website for example.

You could also be asked for a colleague or friends public key - which you are able to distribute with it being public.

Privacy Guard allows these to be easily exported to a (Armoured ASCII) file, straight from the keyring.

Export Key Pairs

Privacy Guard allows multiple private keys on the same keyring. One - for example - may be the company private key, the other may be your own.

Privacy Guard allows you to export these as pairs.

Care should be taken when doing this. Whilst the keys are still encrypted, they are no longer under the protection of the keyring. You must keep any exported keys and their corresponding passphrases secure.

Import Public Keys From Clipboard

Sometimes you'll be sent a public key by email.

Privacy Guard allows you to copy this to your clipboard and import this directly to your keyring via the KEYS menu.

AES Encrypted Keyring

Your keyring contains your private key (and any others you may have created/imported) and the keys of your recipients.

To add an additional layer of security for your keys, Privacy Guard encrypts the keyring with 256-bit AES encryption.

AES encrypted Keyring backups

It is always advisable to backup your keyring, just in case of hard disk or system failure.

We recommend completing this backup via Privacy Guard to ensure the relevant files are backed up and protected using AES-256 bit encryption.

This is done to provide an additional layer of security in case you choose to use external media.

If you do not backup and your private key is lost, any data encrypted with this key will be unrecoverable.

Key Signing

PGP allows you to sign another persons key.

This effectively means you 'verify' that key belongs to that person and you can vouch for this. When that key is sent to others, they can check the signatures on that key and see you have signed it, meaning they can be assured that key is from the person it claims to be, based on your recommendation.

So, Alice has Bob's public key. John doesn't know Bob but has received his public key. Alice says, Bob is OK, I know him, he is trustworthy and I have signed his key to prove this.

Key Trust Management

Privacy Guard allows you to set Trust Levels against a key.

FULL implies you implicitly trust this person.

MARGINAL implies you know them but not enough to implicitly trust them.

NONE implies you know the person (or may not) but don't trust them.

Key Trust is a way to quickly identify a person on your keyring and to make a decision as to whether or not to secure information against their public key.

Share Keyring Keys

Privacy Guard allows you to send your own (or other) public key by email. You can send this directly from your keyring, using your default mail client.

Separate Signing and Encryption Keys

Using the same private key for signing and encryption can expose vulnerabilities and shorten the key's security life.

Because of this, Privacy Guard generates two key pairs, one for encrypting, another for signing. Both are 'packed' together on the keyring and the appropriate one is used for the appropriate action.

Multiple Private Keys

There may be occasions you need a private key for your own personal privacy and one for your company. Or maybe one for you and another for a partner.

Privacy Guard allows you to generate as many private/public key pairs as requried and manage them all on the same keyring.

Create Default Key Pairs

If you have multiple private keys on your keyring, you can select which is to be used as default.

Change Private Key passphrase

Privacy Guard protects your private key with a passphrase. This should be kept secret and only known to you.

Should this passphrase be compromised, you can change this at any time.

View Key Signatures

This relates to Key Signing.

This feature allows you to view the signatories on any particular key, from the Keyring Manager screen.

Sign and Verify Clipboard

If you have a document, text or similar from another source, copy it to the clipboard and Privacy Guard can digitally sign it, replacing the plain text with the signed text.

Likewise, if you have a signed block of text, Privacy Guard can verify the signatures whilst on the clipboard.

Encrypt and Decrypt Clipboard

If you have text on the clipboard, you can encrypt/decrypt this in Privacy Guard without having to copy/paste into Privacy Guard.

This can all be done on the fly and in memory.

Sign and Encrypt Clipboard

Signing and Encryption allows you to sign the text on the clipboard, then encrypt it.

This means the recipient can first decrypt the text with their private key and verify it's authenticity at the same time.

Armoured ASCII output

This is a PGP standard and creates .ASC files.

ASCII armor involves encasing encrypted messages in ASCII so that they can be sent in a standard messaging format such as email.

Self-Decrypting Archives

A Self Decrypting Archive (SDA) is a way of distributing encrypted content in a compressed and encrypted executable (.EXE) file.

This allows documents/files to be distributed to others who may not use Privacy Guard or other PGP complaint applications.

Key Analysis

The Keyring Manager is the main screen in Privacy Guard.

It provides a way for your to analyse and pull information about any of your imported PGP keys.

Including, the persons name/email, key fingerprint, key ID, expiry date, algorithm, key size etc.

Secure Notepad Autosave

Autosave allows your work in Secure Notepad to be saved at regular intervals.

All auto-saved work is first encrypted, then saved to disk.

AES-256 file encryption

AES is the international standard for secure encryption. All files encrypted with Privacy Guard uses AES-256 encryption to protect their contents.

Bruce Schneier

"No one can duplicate the confidence that RSA offers after 20 years of cryptanalytic review"

Get In Touch

Fill out your details below and we'll get back to you ASAP

Get Privacy Guard

Please note: Due to export restrictions, downloads have been restricted in the following countries:

Afghanistan, Armenia, Azerbaijan, Democratic Republic of the Congo, Democratic People's Republic of Korea, Iran, Iraq, Lebanon, Liberia, Peoples Republic of China, Sierra Leone, Syria, Somalia, Sudan, Uzbekistan, Zimbabwe

(This list is subject to change without prior notice to adhere to UK Export Regulations)