2023-09-14 21:30:43 +02:00
|
|
|
# Goals of this document
|
|
|
|
|
2023-09-15 11:54:36 +02:00
|
|
|
There are three groups of people who interact with OpenPGP:
|
|
|
|
|
|
|
|
1. End-Users, who use software that contains OpenPGP functionality (e.g., the Thunderbird email software)
|
|
|
|
2. Software developers who build applications that contain OpenPGP functionality
|
|
|
|
3. Implementers of libraries or software that handles the processing of internal OpenPGP data structures
|
|
|
|
|
|
|
|
This document is focused at the second of these groups:
|
|
|
|
software developers who use OpenPGP functionality in their software projects.
|
|
|
|
|
|
|
|
It is not intended for end-users who use software that contains OpenPGP functionality.
|
2023-09-14 21:30:43 +02:00
|
|
|
|
2023-09-15 11:54:36 +02:00
|
|
|
This text aims to describe OpenPGP at the "library-level":
|
|
|
|
we teach the concepts that will help you get started as a user of any implementation
|
|
|
|
(such as OpenPGP JS, Sequoia PGP, ...)
|
2023-09-14 21:30:43 +02:00
|
|
|
|
2023-09-15 11:54:36 +02:00
|
|
|
## Requirements
|
2023-09-14 21:30:43 +02:00
|
|
|
|
2023-09-15 11:54:36 +02:00
|
|
|
We presuppose solid knowledge in both software development concepts,
|
|
|
|
and of general cryptographic concepts.
|
2023-09-14 21:30:43 +02:00
|
|
|
|
2023-09-15 11:54:36 +02:00
|
|
|
OpenPGP is a system based on well-understood cryptographic building blocks.
|
|
|
|
We describe the properties of the OpenPGP system, and how to use it.
|
|
|
|
|
|
|
|
## A companion for the OpenPGP RFC
|
|
|
|
|
|
|
|
```
|
2023-09-14 21:30:43 +02:00
|
|
|
The RFC explains lots of details (which bit goes where) that are crucial
|
|
|
|
for implementers, but unimportant for software developers who use OpenPGP
|
|
|
|
through a library.
|
|
|
|
```
|
|
|
|
|
2023-09-15 11:54:36 +02:00
|
|
|
The [OpenPGP RFC](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/)
|
|
|
|
defines *"the message formats used in OpenPGP"* to *"provide encryption with
|
|
|
|
public-key or symmetric cryptographic algorithms, digital signatures,
|
|
|
|
compression and key management"*.
|
2023-09-14 21:30:43 +02:00
|
|
|
|
2023-09-15 11:54:36 +02:00
|
|
|
The RFC, as a standards document, is mainly aimed at the third group:
|
|
|
|
Implementers of software that handles internal OpenPGP data structures.
|
|
|
|
In that context, the nitty-gritty of which bit of data goes where is crucial.
|
2023-09-14 21:30:43 +02:00
|
|
|
|
2023-09-15 11:54:36 +02:00
|
|
|
For software developers using OpenPGP through a library, however, it is not.
|
|
|
|
This document describes OpenPGP concepts at the "library" level of abstraction.
|
2023-09-14 21:30:43 +02:00
|
|
|
|
|
|
|
The idea is to go over various common OpenPGP artifacts, as they are
|
|
|
|
currently used, to get an overview.
|
2023-09-15 11:54:36 +02:00
|
|
|
We will also ignore most details about how OpenPGP artifacts are encoded at the lowest level.
|
2023-09-14 21:30:43 +02:00
|
|
|
|
2023-09-15 11:54:36 +02:00
|
|
|
## Covering versions
|
|
|
|
|
|
|
|
We will mainly cover v6 of OpenPGP, but occasionally point out
|
|
|
|
differences to previous versions.
|
|
|
|
|
|
|
|
Version 4 of OpenPGP will remain relevant for a number of years,
|
|
|
|
and some OpenPGP v3 artifacts are still in use as of this writing (in 2023).
|
2023-09-14 21:30:43 +02:00
|
|
|
|
2023-09-15 11:54:36 +02:00
|
|
|
```
|
|
|
|
FIXME: fact check the status of v3 and v4 in crytpo refresh:
|
|
|
|
|
|
|
|
the RFC requires implementations to accept them. v3 artifacts are still very
|
|
|
|
much relevant for real world OpenPGP usage and implementations)
|
|
|
|
```
|