Everything Totally Explained


Ask & we'll explain, totally!
GNU Privacy Guard
Totally Explained

  FOR SALE!Either this or the left-hand panel are available for just $19.95 per
day, or you can have both for only $34.95! Contact us for details.  

View this entry using RSS

Everything about Gnupg totally explained

| operating_system = Cross-platform | genre = PGP | license = GNU General Public License | website = gnupg.org }}
GNU Privacy Guard (GnuPG or GPG) is a replacement for the PGP suite of cryptographic software. GnuPG is completely compliant with RFC 4880, which is the current IETF standards track specification of OpenPGP. Current versions of PGP (and Veridis' Filecrypt) are interoperable with GnuPG and other OpenPGP-compliant systems. Although some older versions of PGP are also interoperable, not all features of newer software are supported by the older software.
   GPG is a part of the Free Software Foundation's GNU software project, and has received major funding from the German government. Released under the terms of version 3 of the GNU General Public License, GPG is free software.

History

GnuPG was initially developed by Werner Koch. Version 1.0.0 was released on September 7, 1999. The German Federal Ministry of Economics and Technology funded the documentation and the port to Microsoft Windows in 2000.
   Because GnuPG is an OpenPGP standard compliant system, the history of OpenPGP is of importance. It was designed to interoperate with PGP, the email encryption protocol developed by Phil Zimmermann.
   Version 2.0 was released 13 November 2006. The old stable 1.x branch, whose last version is 1.4.9 will be continued in parallel with the new GnuPG 2 series, because there were significant changes in the architecture of the program which won't fit every purpose.

Usage

GnuPG is stable, production-quality software. It is frequently included in free operating systems, such as FreeBSD, OpenBSD, and NetBSD and nearly all Linux distributions.
   GnuPG can be compiled for numerous operating systems. Cross compilation isn't a trivial exercise, at least in part because security provisions vary with operating system and adapting to them is often tricky. High quality compilers should routinely produce executables which will interoperate correctly with other GnuPG implementations. Pre-compiled installations are available for popular operating systems including Microsoft Windows and Mac OS X.
   Although the basic GnuPG program has a command line interface, there exist various front-ends that provide it with a graphical user interface. For example, GnuPG encryption support has been integrated into KMail and Evolution, the graphical e-mail clients found in the most popular Linux desktops KDE and GNOME. There are also graphical GnuPG front-ends (Seahorse for GNOME, KGPG for KDE). For Mac OS X, the Mac GPG project provides a number of Aqua front-ends for OS integration of encryption and key management as well as GnuPG installations via Installer packages. Instant messaging applications such as Psi and Fire can automatically secure messages when GnuPG is installed and configured. Web-based software such as Horde also makes use of it. The cross-platform plugin Enigmail provides GnuPG support for Mozilla Thunderbird and SeaMonkey. Similarly, Enigform and FireGPG provide GnuPG support for Mozilla Firefox.
   In 2005, G10 Code and Intevation released Gpg4win, a software suite that includes GnuPG for Windows, WinPT, Gnu Privacy Assistant, and GnuPG plug-ins for Windows Explorer and Outlook. These tools are wrapped in a standard Windows installer, making it trivial for GnuPG to be installed and used on almost any recent Windows system.

Process

GnuPG encrypts messages using asymmetric keypairs individually generated by GnuPG users. The resulting public keys can be exchanged with other users in a variety of ways, such as Internet key servers. They must always be exchanged carefully to prevent identity spoofing by corrupting public key ↔ 'owner' identity correspondences. It is also possible to add a cryptographic digital signature to a message, so the message integrity and sender can be verified, if a particular correspondence relied upon hasn't been corrupted.
   GnuPG doesn't use patented or otherwise restricted software or algorithms, including the IDEA encryption algorithm which has been present in PGP almost from the beginning. Instead, it uses a variety of other, non-patented algorithms such as CAST5, Triple DES, AES, Blowfish and Twofish. It is still possible to use IDEA in GnuPG by downloading a plugin for it, however this may require getting a license for some uses in some countries in which IDEA is patented.
   GnuPG is a hybrid encryption software program in that it uses a combination of conventional symmetric-key cryptography for speed, and public-key cryptography for ease of secure key exchange, typically by using the recipient's public key to encrypt a session key which is only used once. This mode of operation is part of the OpenPGP standard and has been part of PGP from its first version.

Problems

The OpenPGP standard specifies several methods of digitally signing messages. In 2003, due to an error in a change to GnuPG intended to make one of those methods more efficient, a security vulnerability was introduced. It affects only one method of digitally signing messages, only for some releases of GnuPG (1.0.2 through 1.2.3), and there were less than 1000 such keys listed on the key servers. Most people didn't use this method, and were in any case discouraged from doing so, so the damage caused (if any, and none has been publicly reported) would appear to have been minimal. Support for this method has been removed from GnuPG versions released after this discovery (1.2.4 and later). Two further vulnerabilities were discovered in early 2006; the first being that scripted uses of GnuPG for signature verification may result in false positives, the second that non-MIME messages were vulnerable to the injection of data which while not covered by the digital signature, would be reported as being part of the signed message. In both cases updated versions of GnuPG were made available at the time of the announcement.
   GnuPG is a command-line based system, that isn't written as an API which can be incorporated into other software. GPGME is an API wrapper around GnuPG which parses the output of GnuPG, and various graphical front-ends based on GPGME have been created. This currently requires an out-of-process call to the GnuPG executable for many GPGME API calls. Because GPGME makes use of a special GnuPG interface designed for machine use, a stable and maintainable API between the components is given. Possible security problems in an application don't propagate to the actual crypto code due to the process barrier.
   Other software wraps the command line in a Perl script (for example gpg-dialog) that's menu based and more user friendly.

Further Information

Get more info on 'Gnupg'.


External Link Exchanges

Do you know how hard it is to get a link from a large encyclopaedia? Well we're different and will prove it. To get a link from us just add the following HTML to your site on a relevant page:

    <a href="http://gnu_privacy_guard.totallyexplained.com">GNU Privacy Guard Totally Explained</a>

Then simply click through this link from your web page. Our crawlers will verify your link, extract the title of your web page and instantly add a link back to it. If you like you can remove the words Totally Explained and embed the link in article text.
   As long as your link remains in place, we'll keep our link to you right here. Please play fair - our crawlers are watching. Your site must be closely related to this one's topic. Any kind of spamming, dubious practises or removing the link will result in your link from us being dropped and, potentially, your whole site being banned.



Copyright © 2007-8 totallyexplained.com | Licensed under the GNU Free Documentation License | Site Map
This article contains text from the Wikipedia article GNU Privacy Guard (History) and is released under the GFDL | RSS Version