vanitasvitae/openpgp-notes
1
0
Fork 0
mirror of https://codeberg.org/openpgp/notes.git synced 2024-11-23 16:12:05 +01:00
Code Issues Projects Releases Packages Wiki Activity

edit history to of PGP, standardizing, and GnuPG

Browse source
This commit is contained in:
Tammi L. Coles 2023-10-06 13:43:29 +02:00 committed by Heiko Schaefer
parent 6679f2fdf9
commit 7a0b4832ec
No known key found for this signature in database
GPG key ID: 4A849A1904CCBD7D
1 changed files with 14 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
book/source/02-highlevel.md
View file

@ -2,7 +2,7 @@
## Why OpenPGP? ## Why OpenPGP?
OpenPGP is a widely recognized IETF-standardized set of cryptographic operations. It is broadly used in securing communications, for example, in encrypted text messages and email, and enjoys a vast ecosystem of libraries, tools, and community support forums. Moreover, its robustness and versatility has made OpenPGP a security choice for other use cases in which encryption is important. These include file transfer applications, password managers, and data storage. OpenPGP is a widely recognized IETF-standardized set of cryptographic operations. It is broadly used in securing communications, for example, in encrypted text messages and email, and enjoys a vast ecosystem of libraries, tools, and community support forums. Moreover, its robustness and versatility has made OpenPGP a security choice for other use cases in which encryption is important. These include file transfer applications, password managers, and secure data storage.
There are other compelling reasons for why you might consider using OpenPGP in your project: There are other compelling reasons for why you might consider using OpenPGP in your project:
@ -20,34 +20,37 @@ The OpenPGP standard has evolved over time, and remains under active development
(Also see [https://www.openpgp.org/about/history/](https://www.openpgp.org/about/history/)) (Also see [https://www.openpgp.org/about/history/](https://www.openpgp.org/about/history/))
### "Pretty Good Privacy (PGP)" ### Pretty Good Privacy (PGP)
The origins of OpenPGP can be traced back to *Pretty Good Privacy (PGP)*, a software program written by [Phil Zimmermann](https://en.wikipedia.org/wiki/Phil_Zimmermann) and first released in 1991. The origins of OpenPGP can be traced back to *Pretty Good Privacy (PGP)*, a software program written by [Phil Zimmermann](https://en.wikipedia.org/wiki/Phil_Zimmermann) and first released in 1991.
The original PGP software has played a role in the political struggles sometimes referred to as the ["Crypto Wars"](https://en.wikipedia.org/wiki/Crypto_Wars) (also see ["Crypto: How the Code Rebels Beat the Government Saving Privacy in the Digital" (2002)](https://en.wikipedia.org/wiki/Crypto_(book)) for some of that history, including part of the history of PGP). The original PGP software played a role in the political struggles sometimes referred to as the ["Crypto Wars"](https://en.wikipedia.org/wiki/Crypto_Wars) (also see ["Crypto: How the Code Rebels Beat the Government Saving Privacy in the Digital" (2002)](https://en.wikipedia.org/wiki/Crypto_(book)), which includes some of PGP's history).
The original "PGP" software was never under a Free Software license, even though its source code has at one point been widely published. The original PGP software was never under a Free Software license, despite being widely published. [PGP's ownership has changed over the years](https://en.wikipedia.org/wiki/Pretty_Good_Privacy#PGP_Corporation_and_Symantec), and [PGP's scope and suite of products have expanded] (https://en.wikipedia.org/wiki/Pretty_Good_Privacy#PGP_Corporation_encryption_applications).
The ownership and branding of the product has [changed over the years](https://en.wikipedia.org/wiki/Pretty_Good_Privacy#PGP_Corporation_and_Symantec). The software enjoys a continued existence, albeit with [changing name and scope](https://en.wikipedia.org/wiki/Pretty_Good_Privacy#PGP_Corporation_encryption_applications).
### Standardizing OpenPGP ### Standardizing OpenPGP
While the original PGP software was developed as a commercial product, the owner at the time, "PGP Inc." started a standardization effort with the IETF, first publishing [RFC 1991 "PGP Message Exchange Formats"](https://datatracker.ietf.org/doc/html/rfc1991) in August 1996. While PGP was first developed as commercial software, the owner at the time, PGP Inc., started a standardization effort with the IETF, first publishing [RFC 1991 "PGP Message Exchange Formats"](https://datatracker.ietf.org/doc/html/rfc1991) in August 1996.
In July 1997, a process to produce an open standard under the then new name [OpenPGP](https://en.wikipedia.org/wiki/Pretty_Good_Privacy#OpenPGP) was started, resulting in [RFC 2440 "OpenPGP Message Format"](https://datatracker.ietf.org/doc/html/rfc2440), published November 1998. RFC 2440 describes OpenPGP version 3. In July 1997, a process to produce an open standard under the then new name [OpenPGP](https://en.wikipedia.org/wiki/Pretty_Good_Privacy#OpenPGP) was started, resulting in [RFC 2440 "OpenPGP Message Format"](https://datatracker.ietf.org/doc/html/rfc2440), published November 1998. RFC 2440 describes OpenPGP version 3.
The name "OpenPGP" can be used freely by implementations (unlike the name "PGP", which is a [registered trademark](https://uspto.report/TM/74685229)). The name OpenPGP can be used freely by implementations, unlike the name PGP, which is a [registered trademark](https://uspto.report/TM/74685229)).
### GnuPG, an early Free Software implementation ### GnuPG, an early Free Software implementation
[First released 1997-12-20](https://gnupg.org/download/release_notes.html#sec-2-70), GnuPG (the "GNU Privacy Guard") is an implementation of the OpenPGP standard. [First released 1997-12-20](https://gnupg.org/download/release_notes.html#sec-2-70) by Werner Koch, a German computer programmer, GNU Privacy Guard (GnuPG) is a free and open-source implementation of the OpenPGP standard.
GnuPG has been a major early Free Software implementation of OpenPGP. It has played an important (and successful) role in the [release of NSA documents](https://theintercept.com/2014/10/28/smuggling-snowden-secrets/) by [Edward Snowden](https://en.wikipedia.org/wiki/Edward_Snowden). GnuPG was a major early implementation of OpenPGP. Over the years, the importance of GnuPG has grown significantly as it became a foundational tool for email security, software signing, and more. It played an important (and successful) role in the [release of NSA documents](https://theintercept.com/2014/10/28/smuggling-snowden-secrets/) by [Edward Snowden](https://en.wikipedia.org/wiki/Edward_Snowden).
The GnuPG program binary is called `gpg`, thus the names "GnuPG" and "gpg" are often used interchangeably. The GnuPG program binary is called "gpg," thus the names "GnuPG" and "gpg" are often used interchangeably.
Note: The terms "pgp key" and "gpg key" are sometimes used. Since PGP and GnuPG are just two of many existing OpenPGP implementations, the proper term is "OpenPGP key" (or "OpenPGP certificate", more on that [later](certificates_chapter)). Note: The terms "pgp key" and "gpg key" are sometimes used. Since PGP and GnuPG are just two of many existing OpenPGP implementations, the proper term is "OpenPGP key" (or "OpenPGP certificate", more on that [later](certificates_chapter)).
```{admonition} TODO
:class: warning
Heiko, I do not believe the above section on the binary needs to be in this history section. Also, I have added Werner Koch by name to this history, bringing his contribution to the level afforded Zimmerman and Snowden.
```
## The OpenPGP version 4 era ## The OpenPGP version 4 era
### OpenPGP version 4 ### OpenPGP version 4