mirror of
https://codeberg.org/openpgp/notes.git
synced 2024-11-30 03:22:06 +01:00
ch3: remove hard line breaks, some edits
This commit is contained in:
parent
be11d61d35
commit
10c7bfe182
1 changed files with 23 additions and 45 deletions
|
@ -2,85 +2,59 @@
|
||||||
|
|
||||||
## A very brief history
|
## A very brief history
|
||||||
|
|
||||||
The OpenPGP standard has evolved over time.
|
The OpenPGP standard has evolved over time, and remains under active development.
|
||||||
|
|
||||||
(Also see https://www.openpgp.org/about/history/)
|
(Also see https://www.openpgp.org/about/history/)
|
||||||
|
|
||||||
### "Pretty Good Privacy (PGP)"
|
### "Pretty Good Privacy (PGP)"
|
||||||
|
|
||||||
The earliest roots of OpenPGP trace back to *"Pretty Good Privacy (PGP)"*,
|
The earliest roots of OpenPGP trace back to *"Pretty Good Privacy (PGP)"*, a software program written by [Phil Zimmermann](https://en.wikipedia.org/wiki/Phil_Zimmermann) and first released in 1991.
|
||||||
a software program, written by Phil Zimmermann and first released in 1991.
|
|
||||||
|
|
||||||
The original PGP software has played a role in the political struggles sometimes
|
The original PGP software has played a role in the political struggles sometimes referred to as the ["Crypto Wars"](https://en.wikipedia.org/wiki/Crypto_Wars) (also see https://en.wikipedia.org/wiki/Crypto_(book) for some of that history, including about the history of PGP).
|
||||||
referred to as the ["Crypto Wars"](https://en.wikipedia.org/wiki/Crypto_Wars)
|
|
||||||
(also see https://en.wikipedia.org/wiki/Crypto_(book) for some of that history,
|
|
||||||
including about the history of PGP).
|
|
||||||
|
|
||||||
The "PGP" software was never under a Free Software license,
|
The original "PGP" software was never under a Free Software license, even though its source code has at one point been widely published.
|
||||||
even though its source code has at one point been widely published.
|
|
||||||
|
|
||||||
The ownership and branding of the product has
|
The ownership and branding of the product has [changed over the years](https://en.wikipedia.org/wiki/Pretty_Good_Privacy#PGP_Corporation_and_Symantec). The software enjoys a continued existence, albeit with [changing name and scope](https://en.wikipedia.org/wiki/Pretty_Good_Privacy#PGP_Corporation_encryption_applications).
|
||||||
[changed over the years](https://en.wikipedia.org/wiki/Pretty_Good_Privacy#PGP_Corporation_and_Symantec),
|
|
||||||
The software enjoys a continued existence, albeit with
|
|
||||||
[changing name and scope](https://en.wikipedia.org/wiki/Pretty_Good_Privacy#PGP_Corporation_encryption_applications).
|
|
||||||
|
|
||||||
|
|
||||||
### Standardizing OpenPGP
|
### Standardizing OpenPGP
|
||||||
|
|
||||||
While the PGP software was developed as a commercial product, the owner at the time,
|
While the original PGP software was developed as a commercial product, the owner at the time, "PGP Inc." started a standardization effort with the IETF in July 1997.
|
||||||
"PGP Inc." started a standardization effort with the IETF in July 1997.
|
The resulting open standard was named [OpenPGP](https://en.wikipedia.org/wiki/Pretty_Good_Privacy#OpenPGP).
|
||||||
The resulting open standard was named
|
|
||||||
[OpenPGP](https://en.wikipedia.org/wiki/Pretty_Good_Privacy#OpenPGP).
|
|
||||||
|
|
||||||
The result of this early standardization work is
|
The result of this early standardization work is [RFC 2440 "OpenPGP Message Format"](https://datatracker.ietf.org/doc/html/rfc2440), published November 1998. RFC 2440 describes OpenPGP version 3.
|
||||||
[RFC 2440 "OpenPGP Message Format"](https://datatracker.ietf.org/doc/html/rfc2440),
|
|
||||||
published November 1998.
|
|
||||||
|
|
||||||
The name "OpenPGP" can be used freely by implementations (unlike the name
|
The name "OpenPGP" can be used freely by implementations (unlike the name "PGP", which is a [registered trademark](https://uspto.report/TM/74685229)).
|
||||||
"PGP", which is a [registered trademark](https://uspto.report/TM/74685229)).
|
|
||||||
|
|
||||||
### GnuPG, a free software implementation
|
### GnuPG, a free software implementation
|
||||||
|
|
||||||
[First released 1997-12-20](https://gnupg.org/download/release_notes.html#sec-2-70),
|
[First released 1997-12-20](https://gnupg.org/download/release_notes.html#sec-2-70), GnuPG is an implementation of the OpenPGP standard.
|
||||||
GnuPG is an implementation of the OpenPGP standard.
|
|
||||||
|
|
||||||
GnuPG has been the major Free Software implementation of OpenPGP for a period
|
GnuPG has been the major Free Software implementation of OpenPGP for a period of time. It has played an important (and successful) role in the release of NSA documents by [Edward Snowden](https://theintercept.com/2014/10/28/smuggling-snowden-secrets/).
|
||||||
of time. It has played an important and successful role in the release of NSA
|
|
||||||
documents by [Edward Snowden](https://theintercept.com/2014/10/28/smuggling-snowden-secrets/).
|
|
||||||
|
|
||||||
## The present
|
## The present
|
||||||
|
|
||||||
### Multiple major implementations
|
### Multiple major implementations
|
||||||
|
|
||||||
Today, multiple implementations of OpenPGP play an important role:
|
Today multiple new Free Software implementations of OpenPGP play important roles:
|
||||||
|
|
||||||
- Protonmail, who provide email encryption services for a large number of users,
|
- Protonmail, who provide email encryption services for a large number of users, use (and maintain) [OpenPGP.js](https://openpgpjs.org/)as well as [GopenPGP](https://gopenpgp.org/).
|
||||||
use (and maintain) [OpenPGP.js](https://openpgpjs.org/).
|
- The Thunderbird email software is using the [RNP](https://www.rnpgp.org/) implementation for their built-in OpenPGP support since version 78 (released in mid-2020).
|
||||||
- The Thunderbird email software is using the [RNP](https://www.rnpgp.org/)
|
- The RPM Package Manager software includes an OpenPGP backend based on [Sequoia PGP](https://sequoia-pgp.org/), a modern OpenPGP implementation in Rust. Fedora [uses Sequoia PGP in rpm](https://sequoia-pgp.org/blog/2023/04/27/rpm-sequoia/) since version 38.
|
||||||
implementation for their built-in OpenPGP support since version 78 (released in mid-2020).
|
|
||||||
- The RPM Package Manager software includes an OpenPGP backend based on
|
|
||||||
[Sequoia PGP](https://sequoia-pgp.org/), a modern OpenPGP implementation in Rust.
|
|
||||||
Fedora [uses Sequoia PGP in rpm](https://sequoia-pgp.org/blog/2023/04/27/rpm-sequoia/)
|
|
||||||
since version 38.
|
|
||||||
|
|
||||||
### OpenPGP version 6
|
### OpenPGP version 6
|
||||||
|
|
||||||
This document mainly describes OpenPGP version 6, which brings many updates of the core cryptographic mechanisms,
|
This document mainly describes OpenPGP version 6, which brings many updates of the core cryptographic mechanisms, compared to the previous version 4.
|
||||||
compared to the previous version 4.
|
|
||||||
|
|
||||||
As of this writing (in 2023), version 4 of OpenPGP is still most commonly used.
|
As of this writing (in 2023), version 4 of OpenPGP is still most commonly used. OpenPGP version 4 is described in [RFC 4880](https://datatracker.ietf.org/doc/html/rfc4880).
|
||||||
OpenPGP version 4 is described in [RFC 4880](https://datatracker.ietf.org/doc/html/rfc4880).
|
|
||||||
|
|
||||||
## Concepts
|
## Concepts
|
||||||
|
|
||||||
### Certificates/Keys
|
### Certificates/Keys
|
||||||
|
|
||||||
All uses of OpenPGP are centered around (asymmetric) cryptographic key material.
|
All uses of OpenPGP are centered around (asymmetric) cryptographic key material. In OpenPGP, cryptographic keys are combined with additional metadata into "OpenPGP Keys", or "OpenPGP Certificates".
|
||||||
In OpenPGP, cryptographic keys are combined with additional metadata into
|
|
||||||
"OpenPGP Keys", or "OpenPGP Certificates".
|
|
||||||
|
|
||||||
See chapter "certs" (link) for more on OpenPGP Certificates, and "private" for handling of
|
See chapter "certs" (link) for more on OpenPGP Certificates, and "private" for handling of private key material in OpenPGP.
|
||||||
private key material in OpenPGP.
|
|
||||||
|
|
||||||
### Cryptographic operations
|
### Cryptographic operations
|
||||||
|
|
||||||
|
@ -90,3 +64,7 @@ private key material in OpenPGP.
|
||||||
### Internal structure of OpenPGP data
|
### Internal structure of OpenPGP data
|
||||||
|
|
||||||
OpenPGP data is structured as "packets" (and sometimes "subpackets"), internally.
|
OpenPGP data is structured as "packets" (and sometimes "subpackets"), internally.
|
||||||
|
|
||||||
|
## Interoperability
|
||||||
|
|
||||||
|
```describe, and link to interop test suite```
|
Loading…
Reference in a new issue