GNU Privacy Guard (GnuPG or GPG) is a free software Free software, software libre or libre software is software that can be used, studied, and modified without restriction, and which can be copied and redistributed in modified or unmodified form either without restriction, or with minimal restrictions only to ensure that further recipients can also do these things and that manufacturers of consumer- alternative to the PGP Pretty Good Privacy is a computer program that provides cryptographic privacy and authentication. PGP is often used for signing, encrypting and decrypting e-mails to increase the security of e-mail communications. It was created by Philip Zimmermann in 1991 suite of cryptographic Cryptography is the practice and study of hiding information. Modern cryptography intersects the disciplines of mathematics, computer science, and engineering. Applications of cryptography include ATM cards, computer passwords, and electronic commerce software. GnuPG is compliant with RFC 4880, which is the current IETF The Internet Engineering Task Force develops and promotes Internet standards, cooperating closely with the W3C and ISO/IEC standards bodies and dealing in particular with standards of the TCP/IP and Internet protocol suite. It is an open standards organization, with no formal membership or membership requirements. All participants and managers are standards track specification of OpenPGP Pretty Good Privacy is a computer program that provides cryptographic privacy and authentication. PGP is often used for signing, encrypting and decrypting e-mails to increase the security of e-mail communications. It was created by Philip Zimmermann in 1991. Current versions of PGP (and Veridis' Filecrypt) are interoperable with GnuPG and other OpenPGP-compliant systems.

GPG is a part of the Free Software Foundation The Free Software Foundation is a non-profit corporation founded by Richard Stallman on 4 October 1985 to support the free software movement, a copyleft-based movement which aims to promote the universal freedom to create, distribute and modify computer software. The FSF is incorporated in Massachusetts, USA's GNU GNU (pronounced /ˈɡnuː/ ) is a Unix-like computer operating system developed by the GNU project, ultimately aiming to be a "complete Unix-compatible software system" composed wholly of free software. Development of GNU was initiated by Richard Stallman in 1983 and was the original focus of the Free Software Foundation (FSF), but no software project, and has received major funding from the German government Politics of Germany takes place in a framework of a federal parliamentary representative democratic republic, whereby the Federal Chancellor is the head of government, and of a plurality multi-party system. Federal legislative power is vested in the parliament and the Bundesrat as the representation of the regional states. Since 1949, the party. It is released under the terms of version 3 of the GNU General Public License The GNU General Public License is the most widely used free software license, originally written by Richard Stallman for the GNU project.

Contents

History

GnuPG was initially developed by Werner Koch Werner Koch is a German free software author. He is best known as the principal author of the GNU Privacy Guard (GnuPG or GPG). He was also Head of Office and German Vice-Chancellor of the Free Software Foundation Europe. Version 1.0.0 was released on September 7, 1999. The German Federal Ministry of Economics and Technology funded the documentation and the port to Microsoft Windows Microsoft Windows is a series of software operating systems and graphical user interfaces produced by Microsoft. Microsoft first introduced an operating environment named Windows in November 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal in 2000.

Because GnuPG is an OpenPGP standard compliant system, the history of OpenPGP is of importance. It was designed to interoperate with PGP Pretty Good Privacy is a computer program that provides cryptographic privacy and authentication. PGP is often used for signing, encrypting and decrypting e-mails to increase the security of e-mail communications. It was created by Philip Zimmermann in 1991, the email encryption protocol developed by Phil Zimmermann Philip R. "Phil" Zimmermann Jr. is the creator of Pretty Good Privacy (PGP), the most widely used email encryption software in the world[citation needed]. He is also known for his work in VoIP encryption protocols, notably ZRTP and Zfone.

Version 2.0 was released 13 November 2006. The old stable 1.x branch, whose latest version is 1.4.10, will be continued in parallel with the new GnuPG 2 series because there were significant changes in the architecture of the program which will not fit every purpose.[2]

Usage

Although the basic GnuPG program has a command line interface A command-line interface is a mechanism for interacting with a computer operating system or software by typing commands to perform specific tasks. This text-only interface contrasts with the use of a mouse pointer with a graphical user interface (GUI) to click on options, or menus on a text user interface (TUI) to select options. This method of, there exist various front-ends Front end and back end are generalized terms that refer to the initial and the end stages of a process. The front end is responsible for collecting input in various forms from the user and processing it to confirm to a specification the back end can use. The front end is an interface between the user and the back end that provide it with a graphical user interface A graphical user interface (sometimes pronounced gooey) is a type of user interface item that allows people to interact with programs in more ways than typing such as computers; hand-held devices such as MP3 Players, Portable Media Players or Gaming devices; household appliances and office equipment with images rather than text commands. A GUI. For example, GnuPG encryption support has been integrated into KMail Kontact is a personal information manager and groupware software suite for KDE. It supports calendars, contacts, notes, to-do lists, news, and email. It uses KParts to embed the various applications into the container application and Evolution Evolution or Novell Evolution is the official personal information manager and workgroup information management tool for GNOME. It combines e-mail, calendar, address book, and task list management functions. It has been an official part of GNOME since version 2.8 in September 2004. Evolution development is sponsored primarily by Novell, the graphical e-mail clients An email client, email reader, or more formally mail user agent , is a computer program used to manage a user's email found in the most popular Linux Linux refers to the family of Unix-like computer operating systems using the Linux kernel. Linux can be installed on a wide variety of computer hardware, ranging from mobile phones, tablet computers and video game consoles, to mainframes and supercomputers. Linux is predominantly known for its use in servers; in 2009 it held a server market share desktops KDE KDE is an international free software community producing an integrated set of cross-platform applications designed to run on Linux, FreeBSD, Windows, Solaris and Mac OS X systems. It is best known for its Plasma Desktop workspace, a desktop environment provided as the default working environment on many Linux distributions, such as openSUSE, and GNOME The word comes from Renaissance Latin gnomus, which first appears in the works of 16th Century Swiss alchemist Paracelsus. He is perhaps deriving the term from Latin gēnomos (itself representing a Greek γη-νομος, literally "earth-dweller". In this case, the omission of the ē is, as the OED calls it, a blunder. Alternatively, the. There are also graphical GnuPG front-ends (Seahorse for GNOME, KGPG KGpg is a KDE graphical frontend for GnuPG, which includes a key management window and an editor. Users can easily create cryptographic keys, and write, encrypt, decrypt, sign, or verify messages. Through integration with the Konqueror browser, users can easily encrypt files by right-clicking and choosing Actions > Encrypt File. Left-clicking for KDE). For Mac OS X Mac OS X is a series of Unix-based operating systems and graphical user interfaces developed, marketed, and sold by Apple Inc. Since 2002, Mac OS X has been included with all new Macintosh computer systems. It is the successor to Mac OS 9, the final release of the "classic" Mac OS, which had been Apple's primary operating system since 198, the Mac GPG project provides a number of Aqua Aqua is the GUI and primary visual theme of Apple Inc.'s Mac OS X operating system. It is based around the theme of water, as its name suggests, with droplet-like elements and liberal use of translucency and reflection effects. Steve Jobs noted Aqua's glossy aesthetic: "One of the design goals was when you saw it you wanted to lick it." front-ends for OS integration of encryption and key management Key management is the provisions made in a cryptography system design that are related to generation, exchange, storage, safeguarding, use, vetting, and replacement of keys. It includes cryptographic protocol design, key servers, user procedures, and other relevant protocols as well as GnuPG installations via Installer Installer is an application included in Mac OS X which extracts and installs files out of .pkg packages. It was created by NeXT, and is now maintained by Apple Inc. Its purpose is to help software developers create uniform software installers packages A software package refers to computer software packaged in an archive format to be installed by a package management system or a self-sufficient installer.[3] Instant messaging Instant messaging is a form of real-time direct text-based communication between two or more people using personal computers or other devices, along with shared software clients. The user's text is conveyed over a network, such as the Internet. More advanced instant messaging software clients also allow enhanced modes of communication, such as applications such as Psi and Fire Fire is the first instant messaging client for Mac OS X , that can access IRC, Jabber, AIM, ICQ, MSN, Yahoo! Messenger, and Bonjour. All services are built on GPL’d libraries, including firetalk, libfaim, libicq2000, libmsn, Jabber, and libyahoo2. Fire supports OS X v10.1 and higher can automatically secure messages when GnuPG is installed and configured. Web-based software such as Horde It offers applications such as the Horde IMP email client, a groupware package , a wiki and a time and task tracking software also makes use of it. The cross-platform plugin In computing, a plug-in is a set of software components that adds specific capabilities to a larger software application. If supported, plug-ins enable customizing the functionality of an application. For example, plug-ins are commonly used in web browsers to play video, scan for viruses, and display new file types. The image on the right is a Enigmail provides GnuPG support for Mozilla Thunderbird Mozilla Thunderbird is a free, open source, cross-platform e-mail and news client developed by the Mozilla Foundation. The project strategy is modeled after Mozilla Firefox, a project aimed at creating a web browser. On December 7, 2004, version 1.0 was released, and received over 500,000 downloads in its first three days of release, and 1,000,000 and SeaMonkey SeaMonkey is a free and open source cross-platform Internet suite. It is the continuation of the former Mozilla Application Suite, based on the same source code. Core Mozilla project source code is licensed under a disjunctive tri-license that gives the choice of one of the three following sets of licensing terms: Mozilla Public License, version 1. Similarly, Enigform and FireGPG provide GnuPG support for Mozilla Firefox Mozilla Firefox is a free and open source web browser descended from the Mozilla Application Suite and managed by Mozilla Corporation. A Net Applications statistic put Firefox at 24.59% of the recorded usage share of web browsers as of April 2010[update], making it the second most popular browser in terms of current use worldwide after Microsoft's.

In 2005, G10 Code and Intevation released Gpg4win, a software suite that includes GnuPG for Windows, WinPT, Gnu Privacy Assistant, and GnuPG plug-ins for Windows Explorer Windows Explorer is a file manager application that is included with releases of the Microsoft Windows operating system from Windows 95 onwards. It provides a graphical user interface for accessing the file systems. It is also the component of the operating system that presents the user interface on the monitor and enables the user to control the and Outlook Microsoft Outlook, formerly Microsoft Office Outlook, is a personal information manager from Microsoft. The 2007 version is available both as a separate application as well as a part of the Microsoft Office suite. The current versions are Microsoft Office Outlook 2007 for Windows and in late 2009, Microsoft released the beta version of Microsoft. These tools are wrapped in a standard Windows installer, making it easier for GnuPG to be installed and used on Windows systems.

Process

GnuPG encrypts messages using asymmetric keypairs Public-key cryptography is a cryptographic approach which involves the use of asymmetric key algorithms instead of or in addition to symmetric key algorithms. Unlike symmetric key algorithms, it does not require a secure initial exchange of one or more secret keys to both sender and receiver. The asymmetric key algorithms are used to create a individually generated by GnuPG users. The resulting public keys can be exchanged with other users in a variety of ways, such as Internet key servers. They must always be exchanged carefully to prevent identity spoofing by corrupting public key ↔ "owner" identity correspondences. It is also possible to add a cryptographic digital signature A digital signature or digital signature scheme is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit. Digital signatures are commonly used for software to a message, so the message integrity and sender can be verified, if a particular correspondence relied upon has not been corrupted.

GnuPG does not use patented or otherwise restricted software or algorithms, like the IDEA In cryptography, the International Data Encryption Algorithm is a block cipher designed by Xuejia Lai and James Massey of ETH Zurich and was first described in 1991. The algorithm was intended as a replacement for the Data Encryption Standard. IDEA is a minor revision of an earlier cipher, PES (Proposed Encryption Standard); IDEA was originally encryption algorithm which has been present in PGP almost from the beginning. (It is in fact possible to use IDEA in GnuPG by downloading a plugin for it, however this may require getting a license for some uses in some countries in which IDEA is patented.) Instead, GnuPG uses a variety of other, non-patented algorithms, including:[4]

GnuPG is a hybrid encryption software program in that it uses a combination of conventional symmetric-key cryptography Symmetric-key algorithms are a class of algorithms for cryptography that use trivially related, often identical, cryptographic keys for both decryption and encryption for speed, and public-key cryptography Public-key cryptography is a cryptographic approach which involves the use of asymmetric key algorithms instead of or in addition to symmetric key algorithms. Unlike symmetric key algorithms, it does not require a secure initial exchange of one or more secret keys to both sender and receiver. The asymmetric key algorithms are used to create a for ease of secure key exchange, typically by using the recipient's public key to encrypt a session key which is only used once. This mode of operation is part of the OpenPGP standard and has been part of PGP from its first version.

Problems

The OpenPGP standard specifies several methods of digitally signing messages. In 2003, due to an error in a change to GnuPG intended to make one of those methods more efficient, a security vulnerability was introduced.[5] It affected only one method of digitally signing messages, only for some releases of GnuPG (1.0.2 through 1.2.3), and there were fewer than 1000 such keys listed on the key servers.[6] Most people did not use this method, and were in any case discouraged from doing so, so the damage caused (if any, and none has been publicly reported) would appear to have been minimal. Support for this method has been removed from GnuPG versions released after this discovery (1.2.4 and later). Two further vulnerabilities were discovered in early 2006; the first being that scripted uses of GnuPG for signature verification may result in false positives,[7] the second that non-MIME messages were vulnerable to the injection of data which while not covered by the digital signature, would be reported as being part of the signed message.[8] In both cases updated versions of GnuPG were made available at the time of the announcement.

GnuPG is a command-line based system, that is not written as an API which can be incorporated into other software. GPGME is an API wrapper around GnuPG which parses the output of GnuPG, and various graphical front-ends based on GPGME have been created. This currently requires an out-of-process call to the GnuPG executable for many GPGME API calls. Because GPGME makes use of a special GnuPG interface designed for machine use, a stable and maintainable API between the components is given. Possible security problems in an application do not propagate to the actual crypto code due to the process barrier.

Other software wraps the command line in a Perl script (e.g. gpg-dialog) that is menu based and more user friendly.

See also

Free software portal
Cryptography portal

References

  1. ^ Koch, Werner (2009-12-21), GnuPG 2.0.14 released, lists.gnupg.org, http://lists.gnupg.org/pipermail/gnupg-announce/2009q4/000296.html, retrieved 2009-12-23
  2. ^ GnuPG-2.0 released, Werner Koch, 2006-11-13
  3. ^ "Mac GNU Privacy Guard". sourceforge. http://macgpg.sourceforge.net/. Retrieved 2008-04-29.
  4. ^ "GnuPG Features". http://www.gnupg.org/features.en.html. Retrieved October 1, 2009.
  5. ^ Phong Q. Nguyen "Can We Trust Cryptographic Software? Cryptographic Flaws in GNU Privacy Guard v1.2.3." EUROCRYPT 2004: 555–570
  6. ^ GnuPG's ElGamal signing keys compromised Werner Koch, November 27, 2003
  7. ^ False positive signature verification in GnuPG Werner Koch, February 15, 2006
  8. ^ GnuPG does not detect injection of unsigned data, Werner Koch, March 9, 2006

Show All>>

 

The above information uses material from Wikipedia and is licensed under the GNU Free Documentation License.
Some facts may not have been fully verified for accuracy. [Disclaimers]
This page was last archived by our server on Wed Sep 8 06:02:56 2010. [ refresh local cache ]
Displaying this page or its contents does not use any Wikimedia Foundation's resources.
The owners of this site proudly support the Wikimedia Foundation.

[Hide]▼
[Hide]▲