Where to Get PGP

For all freeware versions of PGP, visit the International PGP Home Page at http://www.pgpi.org. That site is run by PGP activist Stale Schumacher, who has been operating that site in Norway since before PGP became a commercial company. His site also includes a lot of general information about PGP, including frequently asked questions about PGP, PGP source code, and where else to get PGP all over the world. US users can also get PGP at that site, which carries more up to date versions of PGP than the MIT site. It also has information on where to get other OpenPGP software.

To get older freeware versions of PGP (versions 6.5.8 and earlier, including source code) inside the US, see the MIT PGP web page at http://web.mit.edu/network/pgp.html. Note that the MIT site does not have the most up to date versions of PGP, due to changes in NAI policies after PGP 6.5.8. They only carry PGP 6.5.8 and earlier versions. This MIT site still has some mechanisms in place to impede downloads outside the US, because MIT has not updated their web site since the US export restrictions were lifted in 2000. If you have any problems with it, use the www.pgpi.org site.

Since February 2002, Network Associates (NAI) has discontinued development, marketing, and sales of its own version of PGP. This means we can no longer get it from them. If you have a need to use PGP commercially, you might consider using one of the other providers of OpenPGP-compliant software, which you can find at http://openpgp.org, under the "Members" tab. Since NAI is no longer accepting orders for purchasing PGP, you might consider using the freeware version of PGP for commercial use and offer to pay NAI and see if they take your money. If they don't return your calls (which they often did not do even when they were selling PGP), it seems to me you would have discharged your moral responsibility to pay for using the product. For those of you who just cannot stomach the idea of using the freeware product for commercial use, even when NAI won't take your money, you can still download the non-freeware version of PGP 7.0.3 from Amazon.com web site for about US$40. You can then download a hotfix upgrade from www.pgpi.org to upgrade the Windows version of PGP 7.0.3 to PGP 7.0.4.

Unfortunately, NAI pulled the plug before releasing a version of PGP for Windows XP or Mac OS X. Eventually, a Windows XP version of an OpenPGP compliant product will be created by someone else. Or maybe someone will acquire the product from NAI and upgrade it. Until a solution can be found, I suggest you not use Windows XP and stick with Windows 2000, and use PGP 7.0.3 or 7.0.4.

Note that there is no significant difference between any version of PGP you get inside the US and the corresponding version you get from outside the US, as far as cryptographic strength is concerned. There is no difference in key sizes, quality of the cryptographic algorithms, or any other differences in cryptographic security characteristics. Regardless of whether you get it from the MIT site, Network Associates, or the www.pgpi.org site, all versions of PGP are secure, and no versions have ever been weakened for export or for any other reason, in the history of PGP since the first release in 1991. This is true at least up through PGP version 7.1.