Crypto Pig


PGP/GPG Binaries

A list of locations where you can download PGP or GPG encryption software.



List Subject to Update Addendum: My personal thoughts are that PGP 6.5.8ckt - Build 08 is the best version. I have used CKT (( Cyber Knights Templar - PGP taken from the NAI Source Code by Imad Faiad. he published the Source Code used for each build at the same time he published the binary files to enable peer review. To read about what has happened to Imad, look at this thread here. )) builds since they first came out. This is an OLD version (2002) but it runs on Windows 7 (run the installer as Admin) for Key Generation. This version allows the creation of some HUGE PGP keys (Diffie/Hellman/DSS up to 8192 bits and RSA up to 16384 bits). Philip Zimmermann, PGP Creator, does not advise the creation of key pairs larger than 3000 bits -

There is no advantage for using the keys larger than about 3000 bits. The 128-bit session keys have the same work factor to break as a 3000 bit RSA or DH key. Therefore, the larger keys contribute nothing to security, and, in my opinion, spread superstition and ignorance about cryptography. They also slow everything down and burden the key servers and everyone’s keyrings, as well as cause interoperability problems with present and future releases of PGP. Perhaps even more importantly, they also undermine other people’s faith in their own keys that are of appropriate size. While it may have been well-intentioned, this massive expansion of key size is a disservice to the PGP community.

Also, larger DSA keys don’t contribute anything unless the hash grows bigger with it. That requires selecting a good well-designed bigger hash that has been specifically designed to have the full work factor for breaking it. Using two SHA1 hashes in that manner has not been adequately shown to achieve this result.

Anyone with a sophisticated understanding of cryptography would not make the keys bigger this way.

Experimental code that we put into PGP during its development should not be used. It was protected with conditional compilation flags and should never have been revealed to uninformed users who decide to perform a “public service” by enabling the code and releasing it. This is part of the reason why we ask people not to release code changes on their own, but to send them to us, so that we may incorporate some of them (if they seem like good ideas) into our next product release. That is how PGP enhancements from the user community have always been managed since PGP source code was released in 1991.

- Philip Zimmermann (( From the PGP 6.5.8CKT  Build 08 Key Generation screen. )) .