GNU Privacy Guard
Encyclopedia
GNU Privacy Guard is a GPL Licensed
GNU General Public License
The GNU General Public License is the most widely used free software license, originally written by Richard Stallman for the GNU Project....

 alternative to the PGP
Pretty Good Privacy
Pretty Good Privacy is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting and decrypting texts, E-mails, files, directories and whole disk partitions to increase the security...

 suite of cryptographic
Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence of third parties...

 software. GnuPG is compliant with RFC 4880, which is the current IETF
Internet Engineering Task Force
The Internet Engineering Task Force develops and promotes Internet standards, cooperating closely with the W3C and ISO/IEC standards bodies and dealing in particular with standards of the TCP/IP and Internet protocol suite...

 standards track specification of OpenPGP. Current versions of PGP (and Veridis' Filecrypt) are interoperable
Interoperability
Interoperability is a property referring to the ability of diverse systems and organizations to work together . The term is often used in a technical systems engineering sense, or alternatively in a broad sense, taking into account social, political, and organizational factors that impact system to...

 with GnuPG and other OpenPGP-compliant systems.

GnuPG is a part of the Free Software Foundation
Free Software Foundation
The Free Software Foundation is a non-profit corporation founded by Richard Stallman on 4 October 1985 to support the free software movement, a copyleft-based movement which aims to promote the universal freedom to create, distribute and modify computer software...

's GNU
GNU
GNU is a Unix-like computer operating system developed by the GNU project, ultimately aiming to be a "complete Unix-compatible software system"...

 software project, and has received major funding from the German government.

History

GnuPG was initially developed by Werner Koch
Werner Koch
Werner Koch is a German free software author. He is best known as the principal author of the GNU Privacy Guard . He was also Head of Office and German Vice-Chancellor of the Free Software Foundation Europe....

. Version 1.0.0 was released on September 7, 1999. The German Federal Ministry of Economics and Technology
Federal Ministry of Economics and Technology (Germany)
The Federal Ministry of Economics and Technology is a ministry of the German Federal Government since 1998...

 funded the documentation and the port to Microsoft Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...

 in 2000.

Because GnuPG is an OpenPGP standard compliant system, the history of OpenPGP is of importance. It was designed to interoperate with PGP
Pretty Good Privacy
Pretty Good Privacy is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting and decrypting texts, E-mails, files, directories and whole disk partitions to increase the security...

, the email encryption program initially designed and developed by Phil Zimmermann
Phil Zimmermann
Philip R. "Phil" Zimmermann Jr. is the creator of Pretty Good Privacy , the most widely used email encryption software in the world. He is also known for his work in VoIP encryption protocols, notably ZRTP and Zfone....

.

Version 2.0 was released 13 November 2006. The old stable 1.x branch, whose latest version is 1.4.11, will be continued in parallel with the new GnuPG 2 series because there were significant changes in the architecture of the program which will not fit every purpose.

Usage

Although the basic GnuPG program has a command line interface, there exist various front-ends that provide it with a graphical user interface
Graphical user interface
In computing, a graphical user interface is a type of user interface that allows users to interact with electronic devices with images rather than text commands. GUIs can be used in computers, hand-held devices such as MP3 players, portable media players or gaming devices, household appliances and...

. For example, GnuPG encryption support has been integrated into KMail and Evolution, the graphical e-mail client
E-mail client
An email client, email reader, or more formally mail user agent , is a computer program used to manage a user's email.The term can refer to any system capable of accessing the user's email mailbox, regardless of it being a mail user agent, a relaying server, or a human typing on a terminal...

s found in KDE
KDE
KDE is an international free software community producing an integrated set of cross-platform applications designed to run on Linux, FreeBSD, Microsoft Windows, Solaris and Mac OS X systems...

 and GNOME
GNOME
GNOME is a desktop environment and graphical user interface that runs on top of a computer operating system. It is composed entirely of free and open source software...

, the most popular Linux
Linux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...

 desktops. There are also graphical GnuPG front-ends (Seahorse
Seahorse (software)
Seahorse is a GNOME front-end application for managing PGP and SSH keys. Seahorse integrates with Nautilus, gedit and Evolution for encryption, decryption and other operations. It has HKP and LDAP key server support...

 for GNOME, KGPG for KDE). For Mac OS X
Mac OS X
Mac OS X is a series of Unix-based operating systems and graphical user interfaces developed, marketed, and sold by Apple Inc. Since 2002, has been included with all new Macintosh computer systems...

, the Mac GPG project provides a number of Aqua
Aqua (user interface)
Aqua is the GUI and primary visual theme of Apple Inc.'s Mac OS X operating system. It is based around the theme of water, as its name suggests, with droplet-like elements and liberal use of translucency and reflection effects...

 front-ends for OS integration of encryption and key management
Key management
Key management is the provisions made in a cryptography system design that are related to generation, exchange, storage, safeguarding, use, vetting, and replacement of keys. It includes cryptographic protocol design, key servers, user procedures, and other relevant protocols.Key management concerns...

 as well as GnuPG installations via Installer
Installer (Mac OS X)
Installer is an application included in Mac OS X which extracts and installs files out of .pkg packages. It was created by NeXT, and is now maintained by Apple Inc...

 packages
Software package (installation)
In package management systems, which are commonly used with Linux-based operating systems, a package is a specific piece of software which the system can install and uninstall....

. Furthermore, the GPGTools
GPGTools
GPGTools is an installation package for Apple OS X with software tools for email and file encryption . GPGTools itself and all tools of GPGTools are free and open source software...

 Installer installs all related OpenPGP applications (GPG Keychain Access), plugins (GPGMail
GPGMail
GPGMail is an extension for Apple Mail that provides public key e-mail encryption and signing. GPGMail works under Mac OS and the actual cryptographic functionality is handled by GNU Privacy Guard....

) and dependencies (MacGPG) to use GnuPG based encryption. Instant messaging
Instant messaging
Instant Messaging is a form of real-time direct text-based chatting communication in push mode between two or more people using personal computers or other devices, along with shared clients. The user's text is conveyed over a network, such as the Internet...

 applications such as Psi
Psi (instant messaging client)
Psi is a GPL instant messaging client for the XMPP protocol which uses the Qt toolkit. It runs on Linux, Windows, Mac OS X and eComStation.Ready-to-install deb and RPM packages are available for many Linux distributions...

 and Fire
Fire (instant messaging client)
Fire is the first instant messaging client for Mac OS X , that can access IRC, XMPP, AIM, ICQ, MSN, Yahoo! Messenger, and Bonjour. All services are built on GPL’d libraries, including firetalk, libfaim, libicq2000, libmsn, XMPP, and libyahoo2. Fire supports OS X v10.1 and higher.The latest version...

 can automatically secure messages when GnuPG is installed and configured. Web-based software such as Horde
Horde (software)
Horde is a PHP-based Web application framework.It offers applications such as the Horde IMP email client, a groupware package , a wiki and a time and task tracking software.-Horde Email Platform:...

 also makes use of it. The cross-platform plugin Enigmail
Enigmail
Enigmail is an extension for the Mozilla Application Suite, SeaMonkey internet suite and Mozilla Thunderbird that provides public key e-mail encryption and signing. Enigmail works under Microsoft Windows, Unix-like, and Mac OS operating systems...

 provides GnuPG support for Mozilla Thunderbird
Mozilla Thunderbird
Mozilla Thunderbird is a free, open source, cross-platform e-mail and news client developed by the Mozilla Foundation. The project strategy is modeled after Mozilla Firefox, a project aimed at creating a web browser...

 and SeaMonkey
SeaMonkey
SeaMonkey is a free and open source cross-platform Internet suite. It is the continuation of the former Mozilla Application Suite, based on the same source code...

. Similarly, Enigform
Enigform
Enigform is a Mozilla Firefox extension authored by Arturo 'Buanzo' Busleiman which uses GnuPG to implement OpenPGP-signed HTTP requests. OpenPGP encryption began to be implemented in 2007. Some people believe it to be an alternative for the Secure Sockets Layer method for encrypting Hypertext...

 provides GnuPG support for Mozilla Firefox
Mozilla Firefox
Mozilla Firefox is a free and open source web browser descended from the Mozilla Application Suite and managed by Mozilla Corporation. , Firefox is the second most widely used browser, with approximately 25% of worldwide usage share of web browsers...

. FireGPG was discontinued June 7, 2010.

In 2005, G10 Code and Intevation released Gpg4win
Gpg4win
Gpg4win is an installation package for Windows with software tools and manuals for email and file encryption. Gpg4win itself and all tools of Gpg4win are free and open source software....

, a software suite that includes GnuPG for Windows, WinPT
WinPT
WinPT or Windows Privacy Tray is frontend to the Gnu Privacy Guard for the Windows platform. Released under GPL, it is compatible with OpenPGP compliant software....

, Gnu Privacy Assistant, and GnuPG plug-ins for Windows Explorer
Windows Explorer
This article is about the Windows file system browser. For the similarly named web browser, see Internet ExplorerWindows Explorer is a file manager application that is included with releases of the Microsoft Windows operating system from Windows 95 onwards. It provides a graphical user interface...

 and Outlook
Microsoft Outlook
Microsoft Outlook is a personal information manager from Microsoft, available both as a separate application as well as a part of the Microsoft Office suite...

. These tools are wrapped in a standard Windows installer, making it easier for GnuPG to be installed and used on Windows systems.

Process

GnuPG encrypts messages using asymmetric keypairs
Public-key cryptography
Public-key cryptography refers to a cryptographic system requiring two separate keys, one to lock or encrypt the plaintext, and one to unlock or decrypt the cyphertext. Neither key will do both functions. One of these keys is published or public and the other is kept private...

 individually generated by GnuPG users. The resulting public keys can be exchanged with other users in a variety of ways, such as Internet key server
Key server (cryptographic)
In computer security, a key server is a computer that receives and then serves existing cryptographic keys to users or other programs. The users' programs can be working on the same network as the key server or on another networked computer....

s. They must always be exchanged carefully to prevent identity spoofing by corrupting public key ↔ "owner" identity correspondences. It is also possible to add a cryptographic digital signature
Digital signature
A digital signature or digital signature scheme is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit...

 to a message, so the message integrity and sender can be verified, if a particular correspondence relied upon has not been corrupted.

GnuPG also supports symmetric encryption algorithms. By default GnuPG uses the CAST5 symmetrical algorithm.

GnuPG does not use patented or otherwise restricted software or algorithms, like the IDEA
International Data Encryption Algorithm
In cryptography, the International Data Encryption Algorithm is a block cipher designed by James Massey of ETH Zurich and Xuejia Lai and was first described in 1991. As a block cipher, it is also symmetric. The algorithm was intended as a replacement for the Data Encryption Standard[DES]...

 encryption algorithm used in PGP. (It is in fact possible to use IDEA in GnuPG by downloading a plugin for it, however this may require getting a license for some uses in some countries in which IDEA is patented.) Instead, GnuPG uses a variety of other, non-patented algorithms, including:
  • Block cipher
    Block cipher
    In cryptography, a block cipher is a symmetric key cipher operating on fixed-length groups of bits, called blocks, with an unvarying transformation. A block cipher encryption algorithm might take a 128-bit block of plaintext as input, and output a corresponding 128-bit block of ciphertext...

    s (symmetric encryption algorithms): CAST5, Camellia
    Camellia (cipher)
    In cryptography, Camellia is a 128-bit block cipher jointly developed by Mitsubishi and NTT. The cipher has been approved for use by the ISO/IEC, the European Union's NESSIE project and the Japanese CRYPTREC project...

    , Triple DES
    Triple DES
    In cryptography, Triple DES is the common name for the Triple Data Encryption Algorithm block cipher, which applies the Data Encryption Standard cipher algorithm three times to each data block....

    , AES
    Advanced Encryption Standard
    Advanced Encryption Standard is a specification for the encryption of electronic data. It has been adopted by the U.S. government and is now used worldwide. It supersedes DES...

    , Blowfish
    Blowfish (cipher)
    Blowfish is a keyed, symmetric block cipher, designed in 1993 by Bruce Schneier and included in a large number of cipher suites and encryption products. Blowfish provides a good encryption rate in software and no effective cryptanalysis of it has been found to date...

    , and Twofish
    Twofish
    In cryptography, Twofish is a symmetric key block cipher with a block size of 128 bits and key sizes up to 256 bits. It was one of the five finalists of the Advanced Encryption Standard contest, but was not selected for standardisation...

    .
  • Asymmetric-key ciphers: ElGamal and RSA
  • Cryptographic hashes: RIPEMD-160, MD5
    MD5
    The MD5 Message-Digest Algorithm is a widely used cryptographic hash function that produces a 128-bit hash value. Specified in RFC 1321, MD5 has been employed in a wide variety of security applications, and is also commonly used to check data integrity...

    , SHA-1, SHA-2
    SHA-2
    In cryptography, SHA-2 is a set of cryptographic hash functions designed by the National Security Agency and published in 2001 by the NIST as a U.S. Federal Information Processing Standard. SHA stands for Secure Hash Algorithm. SHA-2 includes a significant number of changes from its predecessor,...

    , and Tiger
  • Digital signatures: DSA
    Digital Signature Algorithm
    The Digital Signature Algorithm is a United States Federal Government standard or FIPS for digital signatures. It was proposed by the National Institute of Standards and Technology in August 1991 for use in their Digital Signature Standard , specified in FIPS 186, adopted in 1993. A minor...

     and RSA


GnuPG is a hybrid encryption software program in that it uses a combination of conventional symmetric-key cryptography
Symmetric-key algorithm
Symmetric-key algorithms are a class of algorithms for cryptography that use trivially related, often identical, cryptographic keys for both encryption of plaintext and decryption of ciphertext. The encryption key is trivially related to the decryption key, in that they may be identical or there is...

 for speed, and public-key cryptography
Public-key cryptography
Public-key cryptography refers to a cryptographic system requiring two separate keys, one to lock or encrypt the plaintext, and one to unlock or decrypt the cyphertext. Neither key will do both functions. One of these keys is published or public and the other is kept private...

 for ease of secure key exchange, typically by using the recipient's public key to encrypt a session key
Session key
A session key is a single-use symmetric key used for encrypting all messages in one communication session. A closely related term is traffic encryption key or TEK, which refers to any key used to encrypt messages, as opposed to other uses, like encrypting other keys .Session keys can introduce...

 which is only used once. This mode of operation is part of the OpenPGP standard and has been part of PGP from its first version.

Problems

The OpenPGP standard specifies several methods of digitally signing
Digital signature
A digital signature or digital signature scheme is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit...

 messages. In 2003, due to an error in a change to GnuPG intended to make one of those methods more efficient, a security vulnerability was introduced. It affected only one method of digitally signing messages, only for some releases of GnuPG (1.0.2 through 1.2.3), and there were fewer than 1000 such keys listed on the key servers. Most people did not use this method, and were in any case discouraged from doing so, so the damage caused (if any, and none has been publicly reported) would appear to have been minimal. Support for this method has been removed from GnuPG versions released after this discovery (1.2.4 and later). Two further vulnerabilities were discovered in early 2006; the first being that scripted uses of GnuPG for signature verification may result in false positives, the second that non-MIME messages were vulnerable to the injection of data which while not covered by the digital signature, would be reported as being part of the signed message. In both cases updated versions of GnuPG were made available at the time of the announcement.

GnuPG is a command-line based system, that is not written as an API
Application programming interface
An application programming interface is a source code based specification intended to be used as an interface by software components to communicate with each other...

 which can be incorporated into other software. GPGME is an API wrapper around GnuPG which parses
Parsing
In computer science and linguistics, parsing, or, more formally, syntactic analysis, is the process of analyzing a text, made of a sequence of tokens , to determine its grammatical structure with respect to a given formal grammar...

 the output of GnuPG, and various graphical front-ends based on GPGME have been created. This currently requires an out-of-process call to the GnuPG executable for many GPGME API calls. Because GPGME makes use of a special GnuPG interface designed for machine use, a stable and maintainable API between the components is given. Possible security problems in an application do not propagate to the actual crypto code due to the process barrier.

Other software wraps the command line in a Perl
Perl
Perl is a high-level, general-purpose, interpreted, dynamic programming language. Perl was originally developed by Larry Wall in 1987 as a general-purpose Unix scripting language to make report processing easier. Since then, it has undergone many changes and revisions and become widely popular...

 script (e.g. gpg-dialog) that is menu based.

See also

  • Claws mail
    Claws Mail
    Claws Mail is a free, GTK+-based, open source email and news client. It offers easy configuration and an abundance of features. It stores mail in the MH mailbox format and also the Mbox mailbox format via a plugin...

     – email client with GPG plugin
  • Comparison of e-mail clients
    Comparison of e-mail clients
    The following tables compare general and technical features of a number of email client programs. Please see the individual products articles for further information. This article is not all-inclusive or necessarily up to date.-General:...

  • E-mail privacy
    E-mail privacy
    The protection of email from unauthorized access and inspection is known as electronic privacy. In countries with a constitutional guarantee of the secrecy of correspondence, email is equated with letters and thus legally protected from all forms of eavesdropping.In the United States, privacy of...

  • Enigform
    Enigform
    Enigform is a Mozilla Firefox extension authored by Arturo 'Buanzo' Busleiman which uses GnuPG to implement OpenPGP-signed HTTP requests. OpenPGP encryption began to be implemented in 2007. Some people believe it to be an alternative for the Secure Sockets Layer method for encrypting Hypertext...

     – Firefox extension
  • Enigmail
    Enigmail
    Enigmail is an extension for the Mozilla Application Suite, SeaMonkey internet suite and Mozilla Thunderbird that provides public key e-mail encryption and signing. Enigmail works under Microsoft Windows, Unix-like, and Mac OS operating systems...

     – Mozilla Thunderbird
    Mozilla Thunderbird
    Mozilla Thunderbird is a free, open source, cross-platform e-mail and news client developed by the Mozilla Foundation. The project strategy is modeled after Mozilla Firefox, a project aimed at creating a web browser...

     plug-in
  • FireGPG – Firefox extension (discontinued)
  • Gpg4win
    Gpg4win
    Gpg4win is an installation package for Windows with software tools and manuals for email and file encryption. Gpg4win itself and all tools of Gpg4win are free and open source software....

     – a Windows package with tools and manuals for email and file encryption
  • Gpg4usb - a simplified package for Windows and Linux for portable devices (like a USB drive)
  • GPGMail
    GPGMail
    GPGMail is an extension for Apple Mail that provides public key e-mail encryption and signing. GPGMail works under Mac OS and the actual cryptographic functionality is handled by GNU Privacy Guard....

     – OS X Mail.app plug-in
  • GPGServices
    GPGServices
    GPGServices is a plugin for the global OS X Services menu, which adds the ability to almost any application to use OpenPGP functionalities...

     – OS X Services Menu plug-in
  • GPGTools
    GPGTools
    GPGTools is an installation package for Apple OS X with software tools for email and file encryption . GPGTools itself and all tools of GPGTools are free and open source software...

     – an OS X package with tools for email and file encryption (incl. GPGMail, GPG Keychain Access, MacGPG2, GPG Services, ...)
  • Key signing party
    Key signing party
    In cryptography, a key signing party is an event at which people present their PGP-compatible keys to others in person, who, if they are confident the key actually belongs to the person who claims it, digitally sign the PGP certificate containing that public key and the person's name, etc...

  • KGPG – KDE graphical frontend for GnuPG,
  • MCabber
    MCabber
    MCabber is a free software client for the instant messaging protocol XMPP with a text user interface based on ncurses. It runs on a range of platforms, including GNU/Linux, BSD, and Mac OS X. As free software it is freely available – including the source code – under the terms of the GNU General...

     – Jabber client
  • Mutt
    Mutt (e-mail client)
    Mutt is a text-based email client for Unix-like systems. It was originally written by Michael Elkins in 1995 and released under the GNU General Public License version 2 or any later version....

     – email client with PGP/GPG support built-in
  • Off-the-Record Messaging
    Off-the-record messaging
    Off-the-Record Messaging, commonly referred to as OTR, is a cryptographic protocol that provides strong encryption for instant messaging conversations. OTR uses a combination of the AES symmetric-key algorithm, the Diffie–Hellman key exchange, and the SHA-1 hash function...

     – also known as OTR.
  • OpenPGP card
    OpenPGP card
    In cryptography, the OpenPGP card is an ISO/IEC 7816-4, -8 compatible smart card implementation that is integrated with many GnuPG functions. Using this smart card, various cryptographic tasks can be performed.Built on BasicCard, OpenPGP cards can be obtained from a vendor or by becoming a fellow...

     – a smartcard with many GnuPG functions
  • Psi (instant messaging client)
    Psi (instant messaging client)
    Psi is a GPL instant messaging client for the XMPP protocol which uses the Qt toolkit. It runs on Linux, Windows, Mac OS X and eComStation.Ready-to-install deb and RPM packages are available for many Linux distributions...

  • Web of trust
    Web of trust
    In cryptography, a web of trust is a concept used in PGP, GnuPG, and other OpenPGP-compatible systems to establish the authenticity of the binding between a public key and its owner. Its decentralized trust model is an alternative to the centralized trust model of a public key infrastructure ,...

  • WinPT
    WinPT
    WinPT or Windows Privacy Tray is frontend to the Gnu Privacy Guard for the Windows platform. Released under GPL, it is compatible with OpenPGP compliant software....

    – a graphical frontend to GPG for Windows

External links

The source of this article is wikipedia, the free encyclopedia.  The text of this article is licensed under the GFDL.
 
x
OK