Sorted out rough flow of ch1

This commit is contained in:
Heiko Schaefer 2023-09-15 11:14:06 +02:00
parent c8054b9120
commit 913612b0ee
No known key found for this signature in database
GPG key ID: 4A849A1904CCBD7D

View file

@ -1,37 +1,36 @@
# OpenPGP: what is it, history
# Notes on OpenPGP
This document is intended as an introduction to the inner workings of OpenPGP,
aimed mainly at technical readers.
An introduction to the concepts of OpenPGP, aimed mainly at software
developers who are looking to use OpenPGP functionality in their projects.
It is *not* a guide for *use* of OpenPGP by end-users.
This document describes
[OpenPGP version 6](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/),
with occasional remarks about differences to earlier versions.
This text is *not* intended as a guide for end-users who use OpenPGP-related software.
## What is OpenPGP?
OpenPGP is an open standard that was developed based on the
OpenPGP is an open standard for cryptographic operations.
It has grown out of the
["Pretty Good Privacy (PGP)"](https://en.wikipedia.org/wiki/Pretty_Good_Privacy)
software.
The standard has evolved over time, and there is ongoing work to improve it.
[RFC 4880](https://datatracker.ietf.org/doc/html/rfc4880) is the most recent
published version of the standard (describing OpenPGP version 4).
OpenPGP is an open standard, there are many widely used
(and [interoperable](https://tests.sequoia-pgp.org/)) implementations.
An IETF working group is currently finalizing a
[new revision](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/),
of the OpenPGP standard (which will describe OpenPGP version 6).
The current standardization work focuses on updating the cryptographic
mechanisms in OpenPGP.
## A very brief history
There are multiple [interoperable](https://tests.sequoia-pgp.org/)
implementations with significant use.
The OpenPGP standard has evolved over time.
## A very brief history (dramatis personae)
(Also see https://www.openpgp.org/about/history/)
### PGP
### "Pretty Good Privacy (PGP)"
*"Pretty Good Privacy (PGP)"* is a software program, initially by Phil
Zimmermann, first released in 1991.
The earliest roots of OpenPGP trace back to *"Pretty Good Privacy (PGP)"*,
a software program, written by Phil Zimmermann and first released in 1991.
The PGP software has played a role in the political struggles sometimes
The original PGP software has played a role in the political struggles sometimes
referred to as the ["Crypto Wars"](https://en.wikipedia.org/wiki/Crypto_Wars)
(also see https://en.wikipedia.org/wiki/Crypto_(book) for some of that history,
including about the history of PGP).
@ -45,38 +44,48 @@ The software enjoys a continued existence, albeit with
[changing name and scope](https://en.wikipedia.org/wiki/Pretty_Good_Privacy#PGP_Corporation_encryption_applications).
### OpenPGP
### Standardizing OpenPGP
While the PGP software was developed as a commercial product, the owner at the time,
"PGP Inc." started a standardization effort with the IETF in July 1997.
The resulting open standard was named
[OpenPGP](https://en.wikipedia.org/wiki/Pretty_Good_Privacy#OpenPGP).
The result of this first round of standardization work under the "OpenPGP"
name is [RFC 2440](https://datatracker.ietf.org/doc/html/rfc2440),
The result of this early standardization work is
[RFC 2440 "OpenPGP Message Format"](https://datatracker.ietf.org/doc/html/rfc2440),
published November 1998.
The name "OpenPGP" can be used freely by implementations (unlike the name
"PGP", which is a [registered trademark](https://uspto.report/TM/74685229)).
### GnuPG
### GnuPG, a free software implementation
[First released 1997-12-20](https://gnupg.org/download/release_notes.html#sec-2-70),
GnuPG is an implementation of the OpenPGP standard.
GnuPG has been the major Free Software implementation of OpenPGP for a period
of time. It has played a role in the release of NSA documents by
[Edward Snowden](https://theintercept.com/2014/10/28/smuggling-snowden-secrets/)
of time. It has played an important and successful role in the release of NSA
documents by [Edward Snowden](https://theintercept.com/2014/10/28/smuggling-snowden-secrets/).
## Multiple major implementations
## The present
### Multiple major implementations
Today, multiple implementations of OpenPGP play an important role:
- Protonmail, who serve a large number of users, use (and maintain)
[OpenPGP.js](https://openpgpjs.org/).
- Protonmail, who provide email encryption services for a large number of users,
use (and maintain) [OpenPGP.js](https://openpgpjs.org/).
- The Thunderbird email software is using the [RNP](https://www.rnpgp.org/)
implementation for their built-in OpenPGP support since version 78 (released in mid-2020).
- The RPM Package Manager software includes an OpenPGP backend based on
[Sequoia PGP](https://sequoia-pgp.org/), a modern OpenPGP implementation in Rust.
Fedora [uses Sequoia PGP in rpm](https://sequoia-pgp.org/blog/2023/04/27/rpm-sequoia/)
since version 38.
### OpenPGP version 6
This document mainly describes OpenPGP version 6, which brings many updates of the core cryptographic mechanisms,
compared to the previous version 4.
As of this writing (in 2023), version 4 of OpenPGP is still most commonly used.
OpenPGP version 4 is described in [RFC 4880](https://datatracker.ietf.org/doc/html/rfc4880).