PGP announced Monday that it plans to make its encryption interfaces openly available. In addition, the company announced it intends to obtain Common Criteria certification for its disk encryption and Universal Gateway Email products.
PGP is publishing its encryption APIs to make it easier for companies, including telecommunications companies using PGP encryption for mobile applications, to build products that use PGP's key-management scheme and console.
"We publish our source code to anybody," says Phil Dunkelberger, PGP president and CEO. "Now we're publishing our APIs, so people can code to our products."
Dunkelberger says PGP will certify what works with these APIs. "Crypto is about being open and having people test it," he says. "In the crypto community, more transparency is better than not."
In a separate effort, PGP is seeking to have its whole-disk encryption product and its Universal Gateway Email product certified to meet security guidelines specified under the international Common Criteria program. Common Criteria is supported by about two dozen countries to encourage evaluation of security products by accredited laboratories.
"Governments want Common Criteria certification," Dunkelberger says. In addition, he points out, the financial services organization BITS, which articulates security requirements for its industry, also has called for Common Criteria certification of products.
Dunkelberger says PGP will seek the Common Criteria EAL2 certification for its Universal Gateway Email product and EAL4 for its whole-disk encryption product through the Domus IT Security Lab in Canada, in a process expected to take several months.