Open-source software group GNU yesterday announced the release of its message-encryption tool GNU Privacy Guard (GnuPG) version 1.0.0.
The privacy-protection program, which is available now, is billed as a replacement for PGP (Pretty Good Privacy) protection. Because GnuPG does not use patented algorithms such as IDEA (International Data Encryption Algorithm), as well as the fact that it was developed outside of the US, it is not subject to export restrictions as PGP is, the group said.
"This was all developed outside the US, and that was done deliberately so GnuPG could be distributed both inside and outside the US," according to Brian Youmans, distribution manager at the Free Software Foundation (FSF), which was originally created to support the GNU Project.
According to the GnuPG Web site, the software is not controlled by the Wassenar agreement either, because it is in the public domain. The Wassenar agreement was signed in December 1998 by 33 countries to put export controls on some types of encryption software.
"The [encryption] project is not a formal project of the foundation itself, and we didn't actually pay anyone to work on it, but we are certainly very glad it happened," Youmans stated. He added that if the FSF had paid anyone, it could possibly have broken the "created outside the US" rule which is needed to avoid export restrictions.
Yesterday's release of GnuPG is the first "fully functional production release", according to Youmans, but the application has been beta tested in different pre-production versions for more than a year. Like PGP, GnuPG uses 128-bit encryption. It was created by Werner Koch, a software developer based in Germany. A beta version of the product was released in January.