Secure PGP Presentation
SecurePGP KMS (Key Management System) is the central key management system for PGP keys (both master and application keys). The keys generated by the system meet the standards specified by OpenPGP (RFC 4880) and the Banque de France’s (Bank of France’s) OpenPGP Convention, and are thus interoperable with the Banque de France, and any of its partners’, applications.
SecurePGP Server provides the ability to secure and de-secure files. It is composed of several modules to support the following platforms: AIX, Red Hat Enterprise Linuz (RHEL), and Windows Server.
We have already implemented the SecurePGP solution in systems belonging to Volkswagen and the Banque de France.
Wide range of cryptography coverage
SecurePGP supports several cryptography algorithms, including RSA (jusqu’à 4096 bits), SHA-2 (SHA-256, etc.), AES (128, 192 et 256 bits), Camellia (128, 192 et 256 bits), TripleDES, Twofish, etc.
Compressing data provides three high impact benefits: increasing security (by reducing redundancy), freeing storage space and minimizing the network load, as well as decreasing overall processing time.
Integrity and non-repudiation principle
When working with electronic signatures, data integrity is guaranteed as no application user can deny the fact that an application has produced a signed document (as permitted by an application key). The benefit of electronic signatures are truly appreciated when conducting security audits.
Creation and centralized key management
The PGP keys’ integrated and centralized management system primarily allows – according to an established hierarchical model – creation of a secure environment and (if needed) confidence with external partners. At the same time, this system allows for the creation, renewal, revocation, and distribution of application keys as well as automatically distributing keys within the system infrastructure.
Complete CLI API
The API (Application Program Interface) allows the CLI tool to be integrated in third-party applications and to automatically process large volumes of data.
Secure PGP supports multiple systems (GNU/Linux, Windows, AIX, Z/OS) and works across multiple environments (e.g. Production, Test). The KMS server only functions in a Windows environment.
Below is a list of SecurePGP's key advantages :
- Similar to PGP Command Line, but is Open Source under the free license GnuPG
- Automatic transcoding of text files regardless of the target system
- SecurePGP’s secure model that also automatically distributes master keys
- Compliant with ANSSI’s RGS v2 and with the Bank of France’s OpenPGP Convention
- Script automation by a API that conforms to the CLI command line
- Interoperable with proprietary market solutions
The SecurePGP Server is an application for sending that begins an operation by securing a file, and then sends this file to one or more destined applications.
When receiving a secure file, each destined application’s SecurePGP Server de-securing the file in order to recuperate the original file, which could also be encoded according to the character set of the target system in which is executing the application in question.
Securing operation :
De-securing operation :
- Signature verification
The OpenPGP standard
The OpenPGP standard
OpenPGP is a protocol for encrypting and signing emails, using public key cryptography mechanisms. It is based on PGP developed by Phil Zimmermann.
OpenPGP is a standard defined by IEFTF (Internet Engineering Task Force) in RFC 4880. It is a standard that can be used by every enterprise without any license fee.
The Free Software Foundation developed its own software, compliant with the OpenPGP standard, called GNU Privacy Guard (GnuPG ou GPG). GnuPG is released under the free license GNU General Public License (GPL).
Symantex developed its own solution to conform to the OpenPGP standard, using GnuPG, called PGP Command Line.