diff --git a/book/source/01-intro.md b/book/source/01-intro.md index 3b4a0d0..e5ce2c4 100644 --- a/book/source/01-intro.md +++ b/book/source/01-intro.md @@ -1,37 +1,36 @@ -# OpenPGP: what is it, history +# Notes on OpenPGP -This document is intended as an introduction to the inner workings of OpenPGP, -aimed mainly at technical readers. +An introduction to the concepts of OpenPGP, aimed mainly at software +developers who are looking to use OpenPGP functionality in their projects. -It is *not* a guide for *use* of OpenPGP by end-users. +This document describes +[OpenPGP version 6](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/), +with occasional remarks about differences to earlier versions. + +This text is *not* intended as a guide for end-users who use OpenPGP-related software. ## What is OpenPGP? -OpenPGP is an open standard that was developed based on the +OpenPGP is an open standard for cryptographic operations. +It has grown out of the ["Pretty Good Privacy (PGP)"](https://en.wikipedia.org/wiki/Pretty_Good_Privacy) software. -The standard has evolved over time, and there is ongoing work to improve it. -[RFC 4880](https://datatracker.ietf.org/doc/html/rfc4880) is the most recent -published version of the standard (describing OpenPGP version 4). +OpenPGP is an open standard, there are many widely used +(and [interoperable](https://tests.sequoia-pgp.org/)) implementations. -An IETF working group is currently finalizing a -[new revision](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/), -of the OpenPGP standard (which will describe OpenPGP version 6). -The current standardization work focuses on updating the cryptographic -mechanisms in OpenPGP. +## A very brief history -There are multiple [interoperable](https://tests.sequoia-pgp.org/) -implementations with significant use. +The OpenPGP standard has evolved over time. -## A very brief history (dramatis personae) +(Also see https://www.openpgp.org/about/history/) -### PGP +### "Pretty Good Privacy (PGP)" -*"Pretty Good Privacy (PGP)"* is a software program, initially by Phil -Zimmermann, first released in 1991. +The earliest roots of OpenPGP trace back to *"Pretty Good Privacy (PGP)"*, +a software program, written by Phil Zimmermann and first released in 1991. -The PGP software has played a role in the political struggles sometimes +The original PGP software has played a role in the political struggles sometimes referred to as the ["Crypto Wars"](https://en.wikipedia.org/wiki/Crypto_Wars) (also see https://en.wikipedia.org/wiki/Crypto_(book) for some of that history, including about the history of PGP). @@ -45,38 +44,48 @@ The software enjoys a continued existence, albeit with [changing name and scope](https://en.wikipedia.org/wiki/Pretty_Good_Privacy#PGP_Corporation_encryption_applications). -### OpenPGP +### Standardizing OpenPGP While the PGP software was developed as a commercial product, the owner at the time, "PGP Inc." started a standardization effort with the IETF in July 1997. The resulting open standard was named [OpenPGP](https://en.wikipedia.org/wiki/Pretty_Good_Privacy#OpenPGP). -The result of this first round of standardization work under the "OpenPGP" -name is [RFC 2440](https://datatracker.ietf.org/doc/html/rfc2440), +The result of this early standardization work is +[RFC 2440 "OpenPGP Message Format"](https://datatracker.ietf.org/doc/html/rfc2440), published November 1998. The name "OpenPGP" can be used freely by implementations (unlike the name "PGP", which is a [registered trademark](https://uspto.report/TM/74685229)). -### GnuPG +### GnuPG, a free software implementation [First released 1997-12-20](https://gnupg.org/download/release_notes.html#sec-2-70), GnuPG is an implementation of the OpenPGP standard. GnuPG has been the major Free Software implementation of OpenPGP for a period -of time. It has played a role in the release of NSA documents by -[Edward Snowden](https://theintercept.com/2014/10/28/smuggling-snowden-secrets/) +of time. It has played an important and successful role in the release of NSA +documents by [Edward Snowden](https://theintercept.com/2014/10/28/smuggling-snowden-secrets/). -## Multiple major implementations +## The present + +### Multiple major implementations Today, multiple implementations of OpenPGP play an important role: -- Protonmail, who serve a large number of users, use (and maintain) -[OpenPGP.js](https://openpgpjs.org/). +- Protonmail, who provide email encryption services for a large number of users, + use (and maintain) [OpenPGP.js](https://openpgpjs.org/). - The Thunderbird email software is using the [RNP](https://www.rnpgp.org/) -implementation for their built-in OpenPGP support since version 78 (released in mid-2020). + implementation for their built-in OpenPGP support since version 78 (released in mid-2020). - The RPM Package Manager software includes an OpenPGP backend based on -[Sequoia PGP](https://sequoia-pgp.org/), a modern OpenPGP implementation in Rust. -Fedora [uses Sequoia PGP in rpm](https://sequoia-pgp.org/blog/2023/04/27/rpm-sequoia/) -since version 38. + [Sequoia PGP](https://sequoia-pgp.org/), a modern OpenPGP implementation in Rust. + Fedora [uses Sequoia PGP in rpm](https://sequoia-pgp.org/blog/2023/04/27/rpm-sequoia/) + since version 38. + +### OpenPGP version 6 + +This document mainly describes OpenPGP version 6, which brings many updates of the core cryptographic mechanisms, +compared to the previous version 4. + +As of this writing (in 2023), version 4 of OpenPGP is still most commonly used. +OpenPGP version 4 is described in [RFC 4880](https://datatracker.ietf.org/doc/html/rfc4880).