This component is supposed to provide a small library to support PGP signing, verifying of PGP signatures and maybe even PGP key management and encryption/decryption. Interested parties right now are the Ant and Maven projects (for signing tasks, mainly), Maven Wagon and the Repository team. The idea is to start with an implementation based on Bouncy Castle's library, but provide an interface that may allow to plug in different providers like cryptix as well. Cryptographic Software Notice ----------------------------- This distribution includes cryptographic software. The country in which you currently reside may have restrictions on the import, possession, use, and/or re-export to another country, of encryption software. BEFORE using any encryption software, please check your country's laws, regulations and policies concerning the import, possession, or use, and re-export of encryption software, to see if this is permitted. See for more information. The U.S. Government Department of Commerce, Bureau of Industry and Security (BIS), has classified this software as Export Commodity Control Number (ECCN) 5D002.C.1, which includes information security software using or performing cryptographic functions with asymmetric algorithms. The form and manner of this Apache Software Foundation distribution makes it eligible for export under the License Exception ENC Technology Software Unrestricted (TSU) exception (see the BIS Export Administration Regulations, Section 740.13) for both object code and source code. The following provides more details on the included cryptographic software: Apache Commons OpenPGP interfaces with the Bouncy Castle Crypto APIs to provide the digital signing and encryption of messages using the OpenPGP standard. Apache Commons OpenPGP does not distribute the Bouncy Castle library or source code.