Privacy Guard is a complete encryption suite with Open PGP at its core. The project started in 2011 and has been developed month on month, year on year to what is now an extremely powerful and versatile encryption suite.
Using PGP, AES, Blowfish, Twofish and TripleDES, Privacy Guard can take care of your data security needs
Digitally verify individuals, documents, files and data with PGP Digital Signatures and SHA Fingerprinting
Obtain Privacy Guard keys using the Public Key Server and validate them using PGP Digital Signatures
Using Privacy Guard Secure File Wipe, wipe sensitive files to ensure they are completely unrecoverable
"No decrypt available for this PGP encrypted message."
Privacy Guard is a desktop application, putting you in complete control of your own installations and use.
Built on .NET, Privacy Guard runs beautifully on Windows platforms
Switch between Simple and Advanced modes to suit your usage requirements
Designed to be minimalistic, Privacy Guard is easy to use.
Just download, install and you're set. No registration and no licencing!
Privacy Guard has everything you'll need to secure your data, and it's FREE!
Take a look at some key features of Privacy Guard at a glance and see how things work!
OpenPGP is an Open Source version of PGP.
PGP was developed in 1991 by Phil Zimmerman.
In 1997, it was agreed to release an Open Standard for PGP, freeing it from all the legal issues surrounding patents etc.
HMAC provides a method of sending messages in plain text but with an encrypted hash signature.
Using a shared (secret) key the plain text can be verified by your intended recipients. Without the shared key, the plain text cannot be verified.
If the text is changed, the hash will no longer match but it cannot be re-generated (as a standard hash can) without the shared key.
Supported algorithms include SHA1, SHA256, SHA512, HMAC-SHA1, HMAC-SHA256, HMAC-SHA384, HMAC-SHA512, HMAC-RIPEMD160
Privacy Guard now connects to our Public Key Server and newly generated keys are sent to the server automatically. Existing keys can also be shared with the server anytime.
The Public Key Server (PKS) extracts key information directly so what you provide in your key generation is replicated on the server.
The PKS also handles Key Revocations. Directly revoking a key in Privacy Guard sends the Revocation Certificate data (and the revoked key) to the PKS where others can check your key status.
Privacy Guard allows you to enter your own email details (server, username etc) and send emails direct from the application.
All email details are encrypted or hashed and stored in a CryptoStore secure data store in the application.
Privacy Guard will generates encryption keys based on random passwords, or passwords provided by the end user. This provides safe and authentic keys for use in both development and production environments.
Privacy Guard 2015 will include Xannum Instant Messenger. Send end-to-end encrypted messages to other Privacy Guard users.
CryptoStore is an encrypted settings system from COCA Solutions that stores both keys and values in a secure format by implementing 256-bit AES and SHA256 hashing algorithms.
Your Private Key passphrase is extremely important, it should NEVER be shared as this provides access to your Private Key; used for digital signing and encryption methods under the PGP architechture.
Multi-Factor Authentication (MFA) allows you to generate an encrypted token on a removable device (such as USB Stick or Mobile Phone) and secure this with a secondary password.
Using MFA, you need never key in your actual Private Key passphrase on a system suspected (for example) of running Key Loggers. Using both the MFA Token AND your secondary password allows a secure login without typing your passphrase. Should your secondary password be compromised, without the MFA Token, login in this way will not be possible. BOTH factors need to be present OR the original Private Key passphrase needs to be used.
Eventually you will build up a number of contacts (some with multiple keys) and all these will be on your Privacy Guard keyring.
Privacy Guard allows you to add an image to a public key for easy identification. This image is stored in the key itself and will be available to the recipient of that key if distributed. The image is shown automatically when the corresponding user is selected on your keyring.
In addition, clicking any key in your keyring, quickly shows the important information in a dedicated Information Panel.
The are many encryption algorithms available. Some have been successfully cracked while others remain secure.
Privacy Guard's default algorithm for symmetric encryption is AES (Rijndael) but it also offers additional algorithms if required.
These include Twofish, Blowfish, 3DES (TripleDES) in addition to AES.
These additional algorithms are available when creating Privacy Guard Archives.
Hashing algorithms include SHA1, SHA256, SHA512, HMAC-SHA1, HMAC-SHA256, HMAC-SHA384, HMAC-SHA512, HMAC-RIPEMD160
Privacy Guard speaks directly with an Update Server to check if you have the latest release available.
Simply click "Check For Updates", Privacy Guard will identify the installed version and check this against information on the update server. If an update is available, be given the ability to download it and start the upgrade from within Privacy Guard.
Note: In order to comply with UK export restrictions, some countries will not be allowed to download/update Privacy Guard.
Set a logout time and Privacy Guard will auto-close at that time. If you leave a workstation for the evening, logged in, Privacy Guard will log itself out for you!
When enabled, Privacy Guard will flush your clipboard every 60 seconds.
This feature provides piece of mind in case you leave sensitive data on your clipboard, Privacy Guard will clear it for you.
When symmetrically encrypting files the password is even more important.
To ensure a secure password is used, Privacy Guard now has a GENERATE button which will generate a random, 128 character password and drop this into the password fields for you.
Escrow Keys are 'hidden' keys in encryption hardware or software that allow another person or organisation access to any encrypted data.
What can happen is this, you specify a password for your data, this is then used to encrypt it. At the same time the software encrypts your data to the escrow key. This means there are now two keys (your personal key and the escrow key) that can decrypt the data.
There has been a lot of controversy recently surrounding the USA's NSA (National Security Agency) forcing large companies to insert such keys into their encryption software, allowing the NSA to decrypt any data - belonging to any person or any organisation - using that software.
Privacy Guard Archives (PGA's) are encrypted with the option of Rijndael (AES), Twofish, Blowfish or TripleDES algorithms.
Whatever algorithm you choose, Privacy Guard will format the output cipher text in a database friendly (BASE 64) format, allowing it to be reliably stored in any database.
When deleting a file from your Windows Operating System, the file is not actually removed from the disk.
What happens is the OS removes or 'scrubs' the File Header (the files identity) but leaves the physical file in place.
By removing the File Header, this 'hides' the files physical data from the operating system and allows that sector to be overwritten with new data.
Once overwritten, the data is safe from recovery but until such times, the data can be recovered using specialist 'Undelete Software'.
Privacy Guard overwrites the file in question ten times with random data, makes additional modifications to the file and its attributes before securely wiping the file altogether.
Right click on your Windows Desktop and click Open Privacy Guard to launch Privacy Guard.
In addition to double clicking a file to decrypt it, a right click and selecting 'Send To' will send the file (or files) to Privacy Guard. After logging in, if the file(s) are encrypted, Privacy Guard will prepare the files for decryption. If unencrypted, Privacy Guard will prepare them for encryption.
OTP (One-time Password) increase security by asking the user to enter their password (or in Privacy Guards case, passphrase) only once.
This is important as it means there is less chance of a password being seen as it's typed and also, less chance of keyloggers capturing the password as it is keyed.
The auto-decrypt feature monitors your clipboard for a valid PGP message and automatically decrypts it, replacing the encrypted text with the decrypted text.
This allows easy decryption of messages with a simple copy/paste.
When decrypting a PGP archive, Privacy Guard will analyse the file and list all the keys the archive is encrypted to.
This allows you to easily identify all intended recipients of the archive and identity if a message is encrypted to a key you have on your keyring.
It is also possible to view the intended recipients of a PGP encrypted message by simply copying it to your clipboard and checking the Message Recipients.
Non-repudiation is a legal term. In cryptography it gives a user confidence the file, text or email is from who it claims to be.
This is achieved by 'digitally signing' the item using your private key.
As only you have access to your private key, you cannot dispute you signed the item, likewise, the recipient(s) can say with certainty the item is genuine and from who it is claimed to be from.
There may be a time when you need to revoke a key you've previously distributed.
Examples of why a key would be revoked could be the private key has been compromised, another key supersedes it, the key is no longer in use or the user no longer needs that key.
Privacy Guard allows you to revoke your key directly against the Public Key Server and export a replacement public key or generate a Revocation Certificate which can be distributed to your contacts. Importing these into Privacy Guard revokes the relevant key, preventing further encryption to that key.
The power behind Privacy Guard is the OpenPGP engine.
While you may need to only encrypt a single item for a single recipient, you're more likely to need to encrypt multiple items to multiple recipients.
Many encryption solutions allow this using symmetric (password based) encryption only. Privacy Guard makes this possible using your recipients public keys so only the people you encrypt the data for can decrypt it. No need to worry about passwords falling into the wrong hands.
This also allows you to encrypt an item to your recipients public key, as well as your own. Allowing only you and them access to the data.
X.509 is a Digital Certificate standard.
Import Digital Certificates as public or private keys with Privacy Guard.
Privacy Guard supports .pfx, .p12 (essentially the same file, seperated by Microsoft and Netscape naming standards) files for Private Keys and .cer, .p7b and .key files for public keys.
Privacy Guard is OpenPGP compliant. This gives you - the end user - the ability to use PGP archives generated from other PGP and OpenPGP compliant software.
Likewise, any archives you create can be decrypted by other PGP compliant software.
Privacy Guard can create digital signatures of files, allowing you to create a unique signature which can be made available to the recipient to allow them to verify the file, to confirm the content hasn't changed since being signed.
This can be done using hashes/messages digests but Privacy Guard also allows PGP signatures to be generated - allowing them to be verified by other PGP compliant software.
The Keyring Manager screen contains a 'Drop Zone'.
Dragging files from a Windows folder onto this DropZone will add them to an archive and begin the encryption process.
Authentication is just as an important role in cryptography as encryption is.
Hashes/message digests are a set of unique characters, forming a 'digital signature' generated from a file or message.
This should be distributed securely or in a read-only format with any file allowing users to verify a file (or text) integrity.
An example of this is the SHA256 hash published alongside the Privacy Guard download.
This refers to the supported algorithms for hashing files.
See Verify files using hashes/message digests for more information.
Privacy Guard contains a secure notepad. This is a simple text editor that uses an encrypted memory space to store the information.
The information is auto-saved in case of power failure. This is also encrypted.
Privacy Guard uses SMTP to send email from the application. Provide these details, they'll be stored securely ready to send email to the anybody on your keyring.
Privacy Guard uses MAPI to connect your default mail client. This allows you to prepare a message in Secure Notepad and send it directly from there to any recipient on your Keyring.
Using the information from your recipients public key, Privacy Guard first digitally signs the text before opening an email form, containing the signed message - for you to check before sending.
The Privacy Guard keyring is fully PGP compatible.
This means you can share PGP keys with both other Privacy Guard users and users of other PGP compliant software.
Elliptic Curve (EC or ECC) was suggested in 1985 but didn't enter mainstream cryptography until around 2004/2005.
Privacy Guard's ECC keys are based on the ECDH (Elliptic Curve Diffie-Hellman) scheme.
For Elliptic curve based protocols, it's assumed that finding the discrete logarithm of a random elliptic curve element with respect to a publicly known base point is infeasible.
These are the two main types of keys used in PGP encryption.
In the basic of terms, these are asymmetric keys, key pairs. One is a private key (and MUST be kept secret and safe!) and the other is public (which you distribute freely, to anyone who wishes to contact you securely).
RSA is often the preferred algorithm (hence it is default in Privacy Guard) although ElGamal is used extensively and neither have a real advantage over the other in terms of security.
It's personal preference which is used.
A key size is measured in bits and as a rule, the larger the key, the more secure it is (it's worth noting Elliptic Curve key sizes aren't the same as their algorithms differ), although its performance may take a hit.
Most encryption software offers key sizes from 512-bits to 2048-bits. Some offer up to 4096-bits.
The strength of these keys relies on factorisation. These keys are essentially very, very large numbers, or semi-primes and made up from two smaller prime numbers.
Their security relies on how long it takes a computer to factor this massive number back to its two constituents. The two original prime numbers.
There is some talk 1024-bit keys may have been successfully factorised, so a minimum of 2048-bit key sizes are recommended.
Privacy Guard has a Basic and Advanced mode of operation.
Basic mode offers most of the features of Privacy Guard with some functionality removed for ease of use.
Advanced mode enables all the features, for the more confident user.
You can easily switch modes by clicking OPTIONS under the FILE menu and clicking the checkbox in the options screen.
Because Privacy Guard is OpenPGP compliant, you can import PGP key pairs (private/public) into Privacy Guard.
In addition, you can export your private/public key pairs from Privacy Guard.
Should your name or email address change, Privacy Guard allows you to change this information on your private key.
By distributing the replacement key, Privacy Guard will reflect these changes on their keyring.
A public key is the 'encryption key' for your recipient. You need to distribute this to your contacts or make it available for download from your website for example.
You could also be asked for a colleague or friends public key - which you are able to distribute with it being public.
Privacy Guard allows these to be easily exported to a (Armoured ASCII) file, straight from the keyring.
Privacy Guard allows multiple private keys on the same keyring. One - for example - may be the company private key, the other may be your own.
Privacy Guard allows you to export these as pairs.
Care should be taken when doing this. Whilst the keys are still encrypted, they are no longer under the protection of the keyring. You must keep any exported keys and their corresponding passphrases secure.
Sometimes you'll be sent a public key by email.
Privacy Guard allows you to copy this to your clipboard and import this directly to your keyring via the KEYS menu.
Your keyring contains your private key (and any others you may have created/imported) and the keys of your recipients.
To add an additional layer of security for your keys, Privacy Guard encrypts the keyring with 256-bit AES encryption.
It is always advisable to backup your keyring, just in case of hard disk or system failure.
We recommend completing this backup via Privacy Guard to ensure the relevant files are backed up and protected using AES-256 bit encryption.
This is done to provide an additional layer of security in case you choose to use external media.
If you do not backup and your private key is lost, any data encrypted with this key will be unrecoverable.
PGP allows you to sign another persons key.
This effectively means you 'verify' that key belongs to that person and you can vouch for this. When that key is sent to others, they can check the signatures on that key and see you have signed it, meaning they can be assured that key is from the person it claims to be, based on your recommendation.
So, Alice has Bob's public key. John doesn't know Bob but has received his public key. Alice says, Bob is OK, I know him, he is trustworthy and I have signed his key to prove this.
Privacy Guard allows you to set Trust Levels against a key.
FULL implies you implicitly trust this person.
MARGINAL implies you know them but not enough to implicitly trust them.
NONE implies you know the person (or may not) but don't trust them.
Key Trust is a way to quickly identify a person on your keyring and to make a decision as to whether or not to secure information against their public key.
Privacy Guard allows you to send your own (or other) public key by email. You can send this directly from your keyring, using your default mail client.
Using the same private key for signing and encryption can expose vulnerabilities and shorten the key's security life.
Because of this, Privacy Guard generates two key pairs, one for encrypting, another for signing. Both are 'packed' together on the keyring and the appropriate one is used for the appropriate action.
There may be occasions you need a private key for your own personal privacy and one for your company. Or maybe one for you and another for a partner.
Privacy Guard allows you to generate as many private/public key pairs as requried and manage them all on the same keyring.
If you have multiple private keys on your keyring, you can select which is to be used as default.
Privacy Guard protects your private key with a passphrase. This should be kept secret and only known to you.
Should this passphrase be compromised, you can change this at any time.
This relates to Key Signing.
This feature allows you to view the signatories on any particular key, from the Keyring Manager screen.
If you have a document, text or similar from another source, copy it to the clipboard and Privacy Guard can digitally sign it, replacing the plain text with the signed text.
Likewise, if you have a signed block of text, Privacy Guard can verify the signatures whilst on the clipboard.
If you have text on the clipboard, you can encrypt/decrypt this in Privacy Guard without having to copy/paste into Privacy Guard.
This can all be done on the fly and in memory.
Signing and Encryption allows you to sign the text on the clipboard, then encrypt it.
This means the recipient can first decrypt the text with their private key and verify it's authenticity at the same time.
This is a PGP standard and creates .ASC files.
ASCII armor involves encasing encrypted messages in ASCII so that they can be sent in a standard messaging format such as email.
A Self Decrypting Archive (SDA) is a way of distributing encrypted content in a compressed and encrypted executable (.EXE) file.
This allows documents/files to be distributed to others who may not use Privacy Guard or other PGP complaint applications.
The Keyring Manager is the main screen in Privacy Guard.
It provides a way for your to analyse and pull information about any of your imported PGP keys.
Including, the persons name/email, key fingerprint, key ID, expiry date, algorithm, key size etc.
Autosave allows your work in Secure Notepad to be saved at regular intervals.
All auto-saved work is first encrypted, then saved to disk.
AES is the international standard for secure encryption. All files encrypted with Privacy Guard uses AES-256 encryption to protect their contents.
"No one can duplicate the confidence that RSA offers after 20 years of cryptanalytic review"
Fill out your details below and we'll get back to you ASAP
Please note: Due to export restrictions, downloads have been restricted in the following countries:
Afghanistan, Armenia, Azerbaijan, Democratic Republic of the Congo, Democratic People's Republic of Korea, Iran, Iraq, Lebanon, Liberia, Peoples Republic of China, Sierra Leone, Syria, Somalia, Sudan, Uzbekistan, Zimbabwe
(This list is subject to change without prior notice to adhere to UK Export Regulations)