openpgp-notes/book/source/02-highlevel.md

# A high-level view

## A very brief history

The OpenPGP standard has evolved over time, and remains under active development.

(Also see https://www.openpgp.org/about/history/)

### "Pretty Good Privacy (PGP)"

The earliest roots of OpenPGP trace back to *"Pretty Good Privacy (PGP)"*, a software program written by [Phil Zimmermann](https://en.wikipedia.org/wiki/Phil_Zimmermann) and first released in 1991.

The original PGP software has played a role in the political struggles sometimes referred to as the ["Crypto Wars"](https://en.wikipedia.org/wiki/Crypto_Wars) (also see https://en.wikipedia.org/wiki/Crypto_(book) for some of that history, including about the history of PGP).

The original "PGP" software was never under a Free Software license, even though its source code has at one point been widely published.

The ownership and branding of the product has [changed over the years](https://en.wikipedia.org/wiki/Pretty_Good_Privacy#PGP_Corporation_and_Symantec). The software enjoys a continued existence, albeit with [changing name and scope](https://en.wikipedia.org/wiki/Pretty_Good_Privacy#PGP_Corporation_encryption_applications).


### Standardizing OpenPGP

While the original PGP software was developed as a commercial product, the owner at the time, "PGP Inc." started a standardization effort with the IETF in July 1997.
The resulting open standard was named [OpenPGP](https://en.wikipedia.org/wiki/Pretty_Good_Privacy#OpenPGP).

The result of this early standardization work is [RFC 2440 "OpenPGP Message Format"](https://datatracker.ietf.org/doc/html/rfc2440), published November 1998. RFC 2440 describes OpenPGP version 3.

The name "OpenPGP" can be used freely by implementations (unlike the name "PGP", which is a [registered trademark](https://uspto.report/TM/74685229)).

### GnuPG, a free software implementation

[First released 1997-12-20](https://gnupg.org/download/release_notes.html#sec-2-70), GnuPG is an implementation of the OpenPGP standard.

GnuPG has been the major Free Software implementation of OpenPGP for a period of time. It has played an important (and successful) role in the release of NSA documents by [Edward Snowden](https://theintercept.com/2014/10/28/smuggling-snowden-secrets/).

Note: The terms "pgp key" and "gpg key" are often used interchangably. Since both PGP and GnuPG are just some out of many existing OpenPGP implementations, the proper term to use is "OpenPGP key".

## The present

### Multiple major implementations

Today multiple new Free Software implementations of OpenPGP play important roles:

- Protonmail, who provide email encryption services for a large number of users, use (and maintain) [OpenPGP.js](https://openpgpjs.org/)as well as [GopenPGP](https://gopenpgp.org/).
- The Thunderbird email software is using the [RNP](https://www.rnpgp.org/) implementation for their built-in OpenPGP support since version 78 (released in mid-2020).
- The RPM Package Manager software includes an OpenPGP backend based on [Sequoia PGP](https://sequoia-pgp.org/), a modern OpenPGP implementation in Rust. Fedora [uses Sequoia PGP in rpm](https://sequoia-pgp.org/blog/2023/04/27/rpm-sequoia/) since version 38.

### OpenPGP version 6

This document mainly describes OpenPGP version 6, which brings many updates of the core cryptographic mechanisms, compared to the previous version 4.

As of this writing (in 2023), version 4 of OpenPGP is still most commonly used. OpenPGP version 4 is described in [RFC 4880](https://datatracker.ietf.org/doc/html/rfc4880).

## Concepts

### Certificates/Keys

All uses of OpenPGP are centered around (asymmetric) cryptographic key material. In OpenPGP, cryptographic keys are combined with additional metadata into "OpenPGP Keys", or "OpenPGP Certificates".

See chapter "certs" (link) for more on OpenPGP Certificates, and "private" for handling of private key material in OpenPGP.

### Cryptographic operations

- Signatures
- Encryption

### Internal structure of OpenPGP data

OpenPGP data is structured as "packets" (and sometimes "subpackets"), internally.

## Interoperability

```describe, and link to interop test suite```
Initial outline and old notes (Rough merge of two precursor projects by Heiko, and outline notes by Paul) 2023-09-14 21:30:43 +02:00			`# A high-level view`

move history and present to ch3 2023-09-15 13:03:59 +02:00			`## A very brief history`

ch3: remove hard line breaks, some edits 2023-09-15 18:00:09 +02:00			`The OpenPGP standard has evolved over time, and remains under active development.`
move history and present to ch3 2023-09-15 13:03:59 +02:00
			`(Also see https://www.openpgp.org/about/history/)`

			`### "Pretty Good Privacy (PGP)"`

ch3: remove hard line breaks, some edits 2023-09-15 18:00:09 +02:00			`The earliest roots of OpenPGP trace back to "Pretty Good Privacy (PGP)", a software program written by [Phil Zimmermann](https://en.wikipedia.org/wiki/Phil_Zimmermann) and first released in 1991.`
move history and present to ch3 2023-09-15 13:03:59 +02:00
ch3: remove hard line breaks, some edits 2023-09-15 18:00:09 +02:00			`The original PGP software has played a role in the political struggles sometimes referred to as the ["Crypto Wars"](https://en.wikipedia.org/wiki/Crypto_Wars) (also see https://en.wikipedia.org/wiki/Crypto_(book) for some of that history, including about the history of PGP).`
move history and present to ch3 2023-09-15 13:03:59 +02:00
ch3: remove hard line breaks, some edits 2023-09-15 18:00:09 +02:00			`The original "PGP" software was never under a Free Software license, even though its source code has at one point been widely published.`
move history and present to ch3 2023-09-15 13:03:59 +02:00
ch3: remove hard line breaks, some edits 2023-09-15 18:00:09 +02:00			`The ownership and branding of the product has [changed over the years](https://en.wikipedia.org/wiki/Pretty_Good_Privacy#PGP_Corporation_and_Symantec). The software enjoys a continued existence, albeit with [changing name and scope](https://en.wikipedia.org/wiki/Pretty_Good_Privacy#PGP_Corporation_encryption_applications).`
move history and present to ch3 2023-09-15 13:03:59 +02:00

			`### Standardizing OpenPGP`

ch3: remove hard line breaks, some edits 2023-09-15 18:00:09 +02:00			`While the original PGP software was developed as a commercial product, the owner at the time, "PGP Inc." started a standardization effort with the IETF in July 1997.`
			`The resulting open standard was named [OpenPGP](https://en.wikipedia.org/wiki/Pretty_Good_Privacy#OpenPGP).`
move history and present to ch3 2023-09-15 13:03:59 +02:00
ch3: remove hard line breaks, some edits 2023-09-15 18:00:09 +02:00			`The result of this early standardization work is [RFC 2440 "OpenPGP Message Format"](https://datatracker.ietf.org/doc/html/rfc2440), published November 1998. RFC 2440 describes OpenPGP version 3.`
move history and present to ch3 2023-09-15 13:03:59 +02:00
ch3: remove hard line breaks, some edits 2023-09-15 18:00:09 +02:00			`The name "OpenPGP" can be used freely by implementations (unlike the name "PGP", which is a [registered trademark](https://uspto.report/TM/74685229)).`
move history and present to ch3 2023-09-15 13:03:59 +02:00
			`### GnuPG, a free software implementation`

ch3: remove hard line breaks, some edits 2023-09-15 18:00:09 +02:00			`[First released 1997-12-20](https://gnupg.org/download/release_notes.html#sec-2-70), GnuPG is an implementation of the OpenPGP standard.`
move history and present to ch3 2023-09-15 13:03:59 +02:00
ch3: remove hard line breaks, some edits 2023-09-15 18:00:09 +02:00			`GnuPG has been the major Free Software implementation of OpenPGP for a period of time. It has played an important (and successful) role in the release of NSA documents by [Edward Snowden](https://theintercept.com/2014/10/28/smuggling-snowden-secrets/).`
move history and present to ch3 2023-09-15 13:03:59 +02:00
Add note about 'pgp key' vs. 'gpg key' 2023-09-18 11:26:21 +02:00			`Note: The terms "pgp key" and "gpg key" are often used interchangably. Since both PGP and GnuPG are just some out of many existing OpenPGP implementations, the proper term to use is "OpenPGP key".`

move history and present to ch3 2023-09-15 13:03:59 +02:00			`## The present`

			`### Multiple major implementations`

ch3: remove hard line breaks, some edits 2023-09-15 18:00:09 +02:00			`Today multiple new Free Software implementations of OpenPGP play important roles:`
move history and present to ch3 2023-09-15 13:03:59 +02:00
ch3: remove hard line breaks, some edits 2023-09-15 18:00:09 +02:00			`- Protonmail, who provide email encryption services for a large number of users, use (and maintain) [OpenPGP.js](https://openpgpjs.org/)as well as [GopenPGP](https://gopenpgp.org/).`
			`- The Thunderbird email software is using the [RNP](https://www.rnpgp.org/) implementation for their built-in OpenPGP support since version 78 (released in mid-2020).`
			`- The RPM Package Manager software includes an OpenPGP backend based on [Sequoia PGP](https://sequoia-pgp.org/), a modern OpenPGP implementation in Rust. Fedora [uses Sequoia PGP in rpm](https://sequoia-pgp.org/blog/2023/04/27/rpm-sequoia/) since version 38.`
move history and present to ch3 2023-09-15 13:03:59 +02:00
			`### OpenPGP version 6`

ch3: remove hard line breaks, some edits 2023-09-15 18:00:09 +02:00			`This document mainly describes OpenPGP version 6, which brings many updates of the core cryptographic mechanisms, compared to the previous version 4.`
move history and present to ch3 2023-09-15 13:03:59 +02:00
ch3: remove hard line breaks, some edits 2023-09-15 18:00:09 +02:00			`As of this writing (in 2023), version 4 of OpenPGP is still most commonly used. OpenPGP version 4 is described in [RFC 4880](https://datatracker.ietf.org/doc/html/rfc4880).`
Slightly more structure for "highlevel" 2023-09-15 14:11:57 +02:00
			`## Concepts`

			`### Certificates/Keys`

ch3: remove hard line breaks, some edits 2023-09-15 18:00:09 +02:00			`All uses of OpenPGP are centered around (asymmetric) cryptographic key material. In OpenPGP, cryptographic keys are combined with additional metadata into "OpenPGP Keys", or "OpenPGP Certificates".`
Slightly more structure for "highlevel" 2023-09-15 14:11:57 +02:00
ch3: remove hard line breaks, some edits 2023-09-15 18:00:09 +02:00			`See chapter "certs" (link) for more on OpenPGP Certificates, and "private" for handling of private key material in OpenPGP.`
Slightly more structure for "highlevel" 2023-09-15 14:11:57 +02:00
			`### Cryptographic operations`

			`- Signatures`
			`- Encryption`

			`### Internal structure of OpenPGP data`

			`OpenPGP data is structured as "packets" (and sometimes "subpackets"), internally.`
ch3: remove hard line breaks, some edits 2023-09-15 18:00:09 +02:00
			`## Interoperability`

			```describe, and link to interop test suite```