mirror of
https://codeberg.org/openpgp/notes.git
synced 2024-11-27 10:02:06 +01:00
75 lines
3.5 KiB
Markdown
75 lines
3.5 KiB
Markdown
# Introducing OpenPGP
|
|
|
|
This documentation project seeks to introduce OpenPGP concepts and functionalities to software developers who wish to use it in their projects.
|
|
|
|
This document describes [OpenPGP version 6](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/), with occasional remarks about differences to earlier versions.
|
|
|
|
This text is *not* intended as a guide for end-users of OpenPGP-related software.
|
|
|
|
## What is OpenPGP?
|
|
|
|
OpenPGP is an open standard for cryptographic operations. OpenPGP supports the secure delivery of files and messages between a sender and a recipient as well as verification of the sender. OpenPGP is an outgrowth of the ["Pretty Good Privacy (PGP)"](https://en.wikipedia.org/wiki/Pretty_Good_Privacy) encryption program and has many widely used and interoperable implementations.
|
|
{::comment}
|
|
Heiko, let's be sure to create our own page on interoperability instead of linking to this
|
|
{:/comment}
|
|
|
|
## Who is the audience for this document?
|
|
|
|
Three groups of people interact with OpenPGP:
|
|
|
|
1. End-users, who use software that contains OpenPGP functionality (e.g., the Thunderbird email software)
|
|
2. Software developers who build applications that contain OpenPGP functionality
|
|
3. Implementers of libraries or software that handles the processing of internal OpenPGP data structures
|
|
|
|
This document is focused on software developers who use OpenPGP functionality in their software projects. It is not intended for end-users.
|
|
{::comment}
|
|
Heiko, we should elaborate a bit on why here
|
|
{:/comment}
|
|
Thus, this text describes OpenPGP at the "library-level," teaching concepts that will help software developers get started as a user of any implementation
|
|
(e.g., OpenPGP JS, Sequoia PGP).
|
|
|
|
### Requirements
|
|
|
|
We presuppose solid knowledge of software development concepts and of general cryptographic concepts.
|
|
|
|
OpenPGP is a system based on well-understood cryptographic building blocks.
|
|
We describe the properties of the OpenPGP system and how to use it.
|
|
|
|
### A companion for the OpenPGP RFC
|
|
|
|
```
|
|
The RFC explains lots of details (which bit goes where) that are crucial
|
|
for implementers, but unimportant for software developers who use OpenPGP
|
|
through a library.
|
|
```
|
|
|
|
The [OpenPGP RFC](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/)
|
|
defines *"the message formats used in OpenPGP"* to *"provide encryption with
|
|
public-key or symmetric cryptographic algorithms, digital signatures,
|
|
compression and key management"*.
|
|
|
|
The RFC, as a standards document, is mainly aimed at the third group:
|
|
Implementers of software that handles internal OpenPGP data structures.
|
|
In that context, the nitty-gritty of which bit of data goes where is crucial.
|
|
|
|
For software developers using OpenPGP through a library, however, it is not.
|
|
This document describes OpenPGP concepts at the "library" level of abstraction,
|
|
and ignores most details about how OpenPGP artifacts are encoded at the lowest level.
|
|
|
|
The idea is to go over various common OpenPGP artifacts, as they are
|
|
currently used, to get an overview.
|
|
|
|
### Covering versions
|
|
|
|
We will mainly cover v6 of OpenPGP, but occasionally point out
|
|
differences to previous versions.
|
|
|
|
Version 4 of OpenPGP will remain relevant for a number of years,
|
|
and some OpenPGP version 3 artifacts are still in use as of this writing (in 2023).
|
|
|
|
For example, the RFC states that implementations MAY accept version 3 signatures.
|
|
Handling version 3 artifacts is relevant in some contexts, where dealing with
|
|
historical OpenPGP material is required.
|
|
|
|
Where differences between versions may be relevant to application developers,
|
|
we will point them out.
|