GNU Privacy Guard explained

GNU Privacy Guard
Logo Size:250px
Logo Alt:The GNU Privacy Guard logo
Author:Werner Koch
Developer:GNU Project
Ver Layout:stacked
Programming Language:C
Operating System:Microsoft Windows, macOS, RISC OS, Android, Linux
Genre:OpenPGP
License:2007: GPL-3.0-or-later
1997: GPL-2.0-or-later

GNU Privacy Guard (GnuPG or GPG) is a free-software replacement for Symantec's cryptographic software suite PGP. The software is compliant with, the IETF standards-track specification of OpenPGP. Modern versions of PGP are interoperable with GnuPG and other OpenPGP v4-compliant systems.[1]

November 2023 saw two drafts aiming to update the 2007 OpenPGP v4 specification (RFC4880), ultimately resulting in the RFC 9580 proposed standard in July 2024. The proposal from the GnuPG developers is called LibrePGP. [2]

GnuPG is part of the GNU Project and received major funding from the German government in 1999.[3]

Overview

GnuPG is a hybrid-encryption software program because it uses a combination of conventional symmetric-key cryptography for speed, and public-key cryptography for ease of secure key exchange, typically by using the recipient's public key to encrypt a session key which is used only once. This mode of operation is part of the OpenPGP standard and has been part of PGP from its first version.

The GnuPG 1.x series uses an integrated cryptographic library, while the GnuPG 2.x series replaces this with Libgcrypt.

GnuPG encrypts messages using asymmetric key pairs individually generated by GnuPG users. The resulting public keys may be exchanged with other users in a variety of ways, such as Internet key servers. They must always be exchanged carefully to prevent identity spoofing by corrupting public key ↔ "owner" identity correspondences. It is also possible to add a cryptographic digital signature to a message, so the message integrity and sender can be verified, if a particular correspondence relied upon has not been corrupted.

GnuPG also supports symmetric encryption algorithms. By default, GnuPG uses the AES symmetrical algorithm since version 2.1,[4] This branch reached its end-of-life on December 31, 2017;[18] Its last version is 2.0.31, released on December 29, 2017.[19]

Before the release of GnuPG 2.0, all stable releases originated from a single branch; i.e., before November 13, 2006, no multiple release branches were maintained in parallel. These former, sequentially succeeding (up to 1.4) release branches were:

Notes and References

  1. Web site: Gnu Privacy Guard . GnuPG.org . 2015-05-26 . https://web.archive.org/web/20150429192132/https://www.gnupg.org/faq/gnupg-faq.html#compatible . 2015-04-29 . live .
  2. Web site: A schism in the OpenPGP world . Linux Weekly News . 2023-12-09 .
  3. Web site: Bundesregierung fördert Open Source . Heise Online . de . 1999-11-15 . July 24, 2013 . https://web.archive.org/web/20131012024601/http://www.heise.de/newsticker/meldung/Bundesregierung-foerdert-Open-Source-24110.html . October 12, 2013 . live .
  4. Web site: GnuPG Features. October 1, 2009. https://web.archive.org/web/20091004174134/http://www.gnupg.org/features.en.html. October 4, 2009. live.
  5. Koch . Werner . GnuPG 1.4.13 released . gnupg-users . 2012-12-21 . 2013-05-19 . https://web.archive.org/web/20130212065951/http://lists.gnupg.org/pipermail/gnupg-users/2012-December/045844.html . 2013-02-12 . live .
  6. Web site: The World's Email Encryption Software Relies on One Guy, Who is Going Broke . 5 February 2015 . 6 February 2015 . Julia . Angwin . Julia Angwin . . https://web.archive.org/web/20150206005618/http://www.propublica.org/article/the-worlds-email-encryption-software-relies-on-one-guy-who-is-going-broke . 6 February 2015 . live .
  7. News: Germany Awards Grant for Encryption . 19 November 1999 . 2014-08-08 . Peter . Wayner . . https://web.archive.org/web/20140825204940/http://partners.nytimes.com/library/tech/99/11/cyber/articles/19encrypt.html . 25 August 2014 . live .
  8. Web site: Release Notes . GnuPG . 2014-01-30 . https://web.archive.org/web/20140209040746/http://gnupg.org/download/release_notes.html#sec-2-41 . 2014-02-09 . live .
  9. Web site: Gnu Privacy Guard . OpenPGP.org . 2014-02-26 . dead . https://web.archive.org/web/20140227185009/http://openpgp.org/members/gnupg.shtml . 2014-02-27 .
  10. Web site: Where to Get PGP . Philzimmermann.com . 2014-02-26 . https://web.archive.org/web/20140226011248/http://philzimmermann.com/EN/findpgp/ . 2014-02-26 . live .
  11. Web site: GnuPG: New web site and infrastructure . 2014-03-09 . goteo.org . https://web.archive.org/web/20140330103240/http://goteo.org/project/gnupg-new-website-and-infrastructure/home . 2014-03-30 . live .
  12. Web site: GnuPG 2.3.3 released.
  13. [Announce] GnuPG 2.2.0 released ]. 2017-08-28 . 2017-09-21 . gnupg-announce . Koch . Werner . Werner Koch . https://web.archive.org/web/20170829040530/https://lists.gnupg.org/pipermail/gnupg-announce/2017q3/000413.html . 2017-08-29 . live .
  14. Web site: 2014-11-06 . [Announce] GnuPG 2.1.0 "modern" released ]. Koch . Werner . Werner Koch . gnupg.org . 2014-11-06 . https://web.archive.org/web/20141106154709/http://lists.gnupg.org/pipermail/gnupg-announce/2014q4/000358.html . 2014-11-06 . live .
  15. Web site: 2004-12-16 . [Announce] GnuPG stable 1.4 released ]. Koch . Werner . Werner Koch . gnupg.org . 2004-12-16 . https://web.archive.org/web/20050103172907/http://lists.gnupg.org/pipermail/gnupg-announce/2004q4/000186.html . 2005-01-03 . live .
  16. Web site: 2006-11-13 . [Announce] GnuPG 2.0 released ]. Koch . Werner . Werner Koch . gnupg.org . 2014-01-30 . https://web.archive.org/web/20140214124626/http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000239.html . 2014-02-14 . live ].
  17. Web site: [Announce] The maybe final Beta for GnuPG 2.1 |access-date=2019-03-28 |archive-url=https://web.archive.org/web/20190502211129/https://lists.gnupg.org/pipermail/gnupg-announce/2014q4/000357.html |archive-date=2019-05-02 |url-status=live }} CAST5 was used in earlier versions. GnuPG does not use patented or otherwise restricted software or algorithms. Instead, GnuPG uses a variety of other, non-patented algorithms.[4]

    For a long time, it did not support the IDEA encryption algorithm used in PGP. It was in fact possible to use IDEA in GnuPG by downloading a plugin for it, however, this might require a license for some uses in countries in which IDEA was patented. Starting with versions 1.4.13 and 2.0.20, GnuPG supports IDEA because the last patent of IDEA expired in 2012. Support of IDEA is intended "to get rid of all the questions from folks either trying to decrypt old data or migrating keys from PGP to GnuPG",[5] and hence is not recommended for regular use.

    More recent releases of GnuPG 2.x ("modern" and the now deprecated "stable" series) expose most cryptographic functions and algorithms Libgcrypt (its cryptography library) provides, including support for elliptic-curve cryptography (ECDH, ECDSA and EdDSA) in the "modern" series (i.e. since GnuPG 2.1).

    Algorithms

    As of 2.3 or 2.2 versions, GnuPG supports the following algorithms:

    Public key: RSA, ElGamal, DSA, ECDH (cv25519, cv448, nistp256, nistp384, nistp521, brainpoolP256r1, brainpoolP384r1, brainpoolP512r1, secp256k1), ECDSA (nistp256, nistp384, nistp521, brainpoolP256r1, brainpoolP384r1, brainpoolP512r1, secp256k1), EdDSA (ed25519, ed448)
  18. Cipher: 3DES, IDEA (for backward compatibility), CAST5, Blowfish, Twofish, AES-128, AES-192, AES-256, Camellia-128, -192 and -256
  19. Hash: MD5, SHA-1, RIPEMD-160, SHA-256, SHA-384, SHA-512, SHA-224
  20. Compression: Uncompressed, ZIP, ZLIB, BZIP2
  21. History

    GnuPG was initially developed by Werner Koch.[6] [7] The first production version, version 1.0.0, was released on September 7, 1999, almost two years after the first GnuPG release (version 0.0.0).[8] The German Federal Ministry of Economics and Technology funded the documentation and the port to Microsoft Windows in 2000.

    GnuPG is a system compliant to the OpenPGP standard, thus the history of OpenPGP is of importance; it was designed to interoperate with PGP, an email encryption program initially designed and developed by Phil Zimmermann.[9] [10]

    On February 7, 2014, a GnuPG crowdfunding effort closed, raising 36,732 for a new website and infrastructure improvements.[11]

    Branches

    Since the release of a stable GnuPG 2.3, starting with version 2.3.3 in October 2021, three stable branches of GnuPG are actively maintained:[12]

    • A "stable branch", which currently is (as of 2021) the 2.3 branch.
    • A "LTS (long-term support) branch", which currently is (as of 2021) the 2.2 branch (which was formerly called "modern branch", in comparison to the 2.0 branch).
    • The old "legacy branch" (formerly called "classic branch"), which is and will stay the 1.4 branch.

    Before GnuPG 2.3, two stable branches of GnuPG were actively maintained:

    • "Modern" (2.2), with numerous new features, such as elliptic curve cryptography, compared to the former "stable" (2.0) branch, which it replaced with the release of GnuPG 2.2.0 on August 28, 2017.[13] It was initially released on November 6, 2014.[14]
    • "Classic" (1.4), the very old, but still maintained stand-alone version, most suitable for outdated or embedded platforms. Initially released on December 16, 2004.[15]

    Different GnuPG 2.x versions (e.g. from the 2.2 and 2.0 branches) cannot be installed at the same time. However, it is possible to install a "classic" GnuPG version (i.e. from the 1.4 branch) along with any GnuPG 2.x version.

    Before the release of GnuPG 2.2 ("modern"), the now deprecated "stable" branch (2.0) was recommended for general use, initially released on November 13, 2006.[16]

    .
  22. Web site: [Announce] GnuPG 2.1.18 released|last=Koch|first=Werner|author-link=Werner Koch|date=2017-01-23|publisher=gnupg.org|language=en|access-date=2017-02-04|archive-url=https://web.archive.org/web/20170211080210/https://lists.gnupg.org/pipermail/gnupg-announce/2017q1/000401.html|archive-date=2017-02-11|url-status=live].
  23. Web site: GnuPG 2.0.31. 2017-12-29. 2017-12-30.
  24. Web site: 2002-09-06 . [Announce]GnuPG 1.2 released |last=Koch |first=Werner |author-link=Werner Koch |publisher=gnupg.org |access-date=2014-11-06 |archive-url=https://web.archive.org/web/20140617075459/http://lists.gnupg.org/pipermail/gnupg-announce/2002q3/000136.html |archive-date=2014-06-17 |url-status=live ].
  25. Web site: 2002-04-30 . [Announce] GnuPG 1.0.7 released ]. Koch . Werner . Werner Koch . gnupg.org . 2014-11-06 . https://web.archive.org/web/20140617075617/http://lists.gnupg.org/pipermail/gnupg-announce/2002q2/000135.html . 2014-06-17 . live .
  26. Web site: GPG Suite. GPGTools. 2017-12-24.
  27. Web site: FireGPG's developers blog. 7 June 2010 . July 24, 2013. https://web.archive.org/web/20130727112311/http://blog.getfiregpg.org/2010/06/07/firegpg-discontinued/. July 27, 2013. live.
  28. Web site: Gpg4win – About Gpg4win. 2021-03-23. gpg4win.org.
  29. Web site: Can We Trust Cryptographic Software? Cryptographic Flaws in GNU Privacy Guard v1.2.3.. Nguyen. Phong Q.. EUROCRYPT 2004: 555 - 570. 2019-08-23. https://web.archive.org/web/20171204133110/http://www.di.ens.fr/~pnguyen/pub_Ng04.htm. 2017-12-04. live.
  30. Web site: GnuPG's ElGamal signing keys compromised. Koch. Werner. Werner Koch. November 27, 2003. May 14, 2004. https://web.archive.org/web/20040318174334/http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000160.html. March 18, 2004. live.
  31. Web site: False positive signature verification in GnuPG. Koch. Werner. Werner Koch. February 15, 2006. May 23, 2006. https://web.archive.org/web/20060617192634/http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000211.html. June 17, 2006. live.
  32. Web site: GnuPG does not detect injection of unsigned data. Koch. Werner. Werner Koch. March 9, 2006. May 23, 2006. https://web.archive.org/web/20060505205727/http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000218.html. May 5, 2006. live.
  33. Web site: Breaking Libgcrypt RSA via a side channel. Edge. Jake. 5 July 2017. LWN.net. 28 July 2017. https://web.archive.org/web/20170728155905/https://lwn.net/Articles/727179/. 28 July 2017. live.
  34. Web site: Sliding right into disaster: Left-to-right sliding windows leak. 2017-06-30. https://web.archive.org/web/20170630170347/https://eprint.iacr.org/2017/627.pdf. 2017-06-30. live.
  35. https://crocs.fi.muni.cz/_media/public/papers/nemec_roca_ccs17_preprint.pdf The Return of Coppersmith's Attack: Practical Factorization of Widely Used RSA Moduli
  36. Web site: Decades-old PGP bug allowed hackers to spoof just about anyone's signature . 14 June 2018 . 2018-09-07 . https://web.archive.org/web/20180907110403/https://arstechnica.com/information-technology/2018/06/decades-old-pgp-bug-allowed-hackers-to-spoof-just-about-anyones-signature/ . 2018-09-07 . live .
  37. Web site: Pass gets a fail: Simple Password Store suffers GnuPG spoofing bug . . 2018-09-07 . https://web.archive.org/web/20180630114100/https://www.theregister.co.uk/2018/06/19/gnupg_popped_again_in_pass/ . 2018-06-30 . live .
  38. Web site: Severe bug in Libgcrypt – used by GPG and others – is a whole heap of trouble, prompts patch scramble. https://web.archive.org/web/20210221012505/https://www.theregister.com/2021/01/29/severe_libgcrypt_bug/. 2021-02-21.
  39. Web site: 2004-08-26 . [Announce] GnuPG 1.2.6 released |last=Koch |first=Werner |author-link=Werner Koch |publisher=gnupg.org |access-date=2014-11-06 |archive-url=https://web.archive.org/web/20140617075605/http://lists.gnupg.org/pipermail/gnupg-announce/2004q3/000176.html |archive-date=2014-06-17 |url-status=live }}
    • 1.0 branch, initially released on September 7, 1999, with 1.0.7 as the last version, released on April 30, 2002.[21]

    (Note that before the release of GnuPG 2.3.0, branches with an odd minor release number (e.g. 2.1, 1.9, 1.3) were development branches leading to a stable release branch with a "+ 0.1" higher version number (e.g. 2.2, 2.0, 1.4); hence branches 2.2 and 2.1 both belong to the "modern" series, 2.0 and 1.9 both to the "stable" series, while the branches 1.4 and 1.3 both belong to the "classic" series.

    With the release of GnuPG 2.3.0, this nomenclature was altered to be composed of a "stable" and "LTS" branch from the "modern" series, plus 1.4 as the last maintained "classic" branch. Also note that even or odd minor release numbers do not indicate a stable or development release branch, anymore.)

    Platforms

    Although the basic GnuPG program has a command-line interface, there exists various front-ends that provide it with a graphical user interface. For example, GnuPG encryption support has been integrated into KMail and Evolution, the graphical email clients found in KDE and GNOME, the most popular Linux desktops. There are also graphical GnuPG front-ends, for example Seahorse for GNOME and KGPG and Kleopatra for KDE.

    GPGTools provides a number of front-ends for OS integration of encryption and key management as well as GnuPG installations via Installer packages[22] for macOS. GPG Suite installs all related OpenPGP applications (GPG Keychain), plugins (GPG Mail) and dependencies (MacGPG), along with GPG Services (integration into macOS Services menu) to use GnuPG based encryption.

    Instant messaging applications such as Psi and Fire can automatically secure messages when GnuPG is installed and configured. Web-based software such as Horde also makes use of it. The cross-platform extension Enigmail provides GnuPG support for Mozilla Thunderbird and SeaMonkey. Similarly, Enigform provides GnuPG support for Mozilla Firefox. FireGPG was discontinued June 7, 2010.[23]

    In 2005, g10 Code GmbH and Intevation GmbH released Gpg4win, a software suite that includes GnuPG for Windows, GNU Privacy Assistant, and GnuPG plug-ins for Windows Explorer and Outlook. These tools are wrapped in a standard Windows installer, making it easier for GnuPG to be installed and used on Windows systems.[24]

    Vulnerabilities

    The OpenPGP standard specifies several methods of digitally signing messages. In 2003, due to an error in a change to GnuPG intended to make one of those methods more efficient, a security vulnerability was introduced.[25] It affected only one method of digitally signing messages, only for some releases of GnuPG (1.0.2 through 1.2.3), and there were fewer than 1000 such keys listed on the key servers.[26] Most people did not use this method, and were in any case discouraged from doing so, so the damage caused (if any, since none has been publicly reported) would appear to have been minimal. Support for this method has been removed from GnuPG versions released after this discovery (1.2.4 and later).

    Two further vulnerabilities were discovered in early 2006; the first being that scripted uses of GnuPG for signature verification may result in false positives,[27] the second that non-MIME messages were vulnerable to the injection of data which while not covered by the digital signature, would be reported as being part of the signed message.[28] In both cases updated versions of GnuPG were made available at the time of the announcement.

    In June 2017, a vulnerability (CVE-2017-7526) was discovered within Libgcrypt by Bernstein, Breitner and others: a library used by GnuPG, which enabled a full key recovery for RSA-1024 and about more than 1/8th of RSA-2048 keys. This side-channel attack exploits the fact that Libgcrypt used a sliding windows method for exponentiation which leads to the leakage of exponent bits and to full key recovery.[29] [30] Again, an updated version of GnuPG was made available at the time of the announcement.

    In October 2017, the ROCA vulnerability was announced that affects RSA keys generated by YubiKey 4 tokens, which often are used with PGP/GPG. Many published PGP keys were found to be susceptible.[31]

    Around June 2018, the SigSpoof attacks were announced. These allowed an attacker to convincingly spoof digital signatures.[32] [33]

    In January 2021, Libgcrypt 1.9.0 was released, which was found to contain a severe bug that was simple to exploit. A fix was released 10 days later in Libgcrypt 1.9.1.[34]

    See also

    External links

    ]

    .