mirror of
https://codeberg.org/openpgp/notes.git
synced 2024-11-23 16:12:05 +01:00
125 lines
8.4 KiB
Markdown
125 lines
8.4 KiB
Markdown
# A high-level view
|
|
|
|
## Why OpenPGP?
|
|
|
|
OpenPGP is an IETF-standardized set of cryptographic operations. OpenPGP defines mechanisms for authentication of cryptographic identities with a decentralized trust model.
|
|
|
|
```{admonition} TODO
|
|
:class: warning
|
|
|
|
David points out: this section does not yet constitute a compelling endorsement.
|
|
(-> more/better text needed)
|
|
```
|
|
|
|
## A very brief history
|
|
|
|
The OpenPGP standard has evolved over time, and remains under active development.
|
|
|
|
(Also see [https://www.openpgp.org/about/history/](https://www.openpgp.org/about/history/))
|
|
|
|
### "Pretty Good Privacy (PGP)"
|
|
|
|
The earliest roots of OpenPGP trace back to *"Pretty Good Privacy (PGP)"*, a software program written by [Phil Zimmermann](https://en.wikipedia.org/wiki/Phil_Zimmermann) and first released in 1991.
|
|
|
|
The original PGP software has played a role in the political struggles sometimes referred to as the ["Crypto Wars"](https://en.wikipedia.org/wiki/Crypto_Wars) (also see ["Crypto: How the Code Rebels Beat the Government Saving Privacy in the Digital" (2002)](https://en.wikipedia.org/wiki/Crypto_(book)) for some of that history, including part of the history of PGP).
|
|
|
|
The original "PGP" software was never under a Free Software license, even though its source code has at one point been widely published.
|
|
|
|
The ownership and branding of the product has [changed over the years](https://en.wikipedia.org/wiki/Pretty_Good_Privacy#PGP_Corporation_and_Symantec). The software enjoys a continued existence, albeit with [changing name and scope](https://en.wikipedia.org/wiki/Pretty_Good_Privacy#PGP_Corporation_encryption_applications).
|
|
|
|
### Standardizing OpenPGP
|
|
|
|
While the original PGP software was developed as a commercial product, the owner at the time, "PGP Inc." started a standardization effort with the IETF, first publishing [RFC 1991 "PGP Message Exchange Formats"](https://datatracker.ietf.org/doc/html/rfc1991) in August 1996.
|
|
|
|
In July 1997, a process to produce an open standard under the then new name [OpenPGP](https://en.wikipedia.org/wiki/Pretty_Good_Privacy#OpenPGP) was started, resulting in [RFC 2440 "OpenPGP Message Format"](https://datatracker.ietf.org/doc/html/rfc2440), published November 1998. RFC 2440 describes OpenPGP version 3.
|
|
|
|
The name "OpenPGP" can be used freely by implementations (unlike the name "PGP", which is a [registered trademark](https://uspto.report/TM/74685229)).
|
|
|
|
### GnuPG, an early Free Software implementation
|
|
|
|
[First released 1997-12-20](https://gnupg.org/download/release_notes.html#sec-2-70), GnuPG (the "GNU Privacy Guard") is an implementation of the OpenPGP standard.
|
|
|
|
GnuPG has been a major early Free Software implementation of OpenPGP. It has played an important (and successful) role in the [release of NSA documents](https://theintercept.com/2014/10/28/smuggling-snowden-secrets/) by [Edward Snowden](https://en.wikipedia.org/wiki/Edward_Snowden).
|
|
|
|
The GnuPG program binary is called `gpg`, thus the names "GnuPG" and "gpg" are often used interchangeably.
|
|
|
|
Note: The terms "pgp key" and "gpg key" are sometimes used. Since PGP and GnuPG are just two of many existing OpenPGP implementations, the proper term is "OpenPGP key" (or "OpenPGP certificate", more on that [later](certificates_chapter)).
|
|
|
|
## The OpenPGP version 4 era
|
|
|
|
### OpenPGP version 4
|
|
|
|
In 2007, [RFC 4880](https://datatracker.ietf.org/doc/html/rfc4880), defining version 4 of OpenPGP, was published. This version is currently most commonly used in the wild.
|
|
|
|
(major_implementations)=
|
|
### Multiple major implementations
|
|
|
|
Today multiple new Free Software implementations of OpenPGP play important roles:
|
|
|
|
- Proton Mail, who provide email encryption services for a large number of users, use (and maintain) [OpenPGP.js](https://openpgpjs.org/) as well as [GopenPGP](https://gopenpgp.org/).
|
|
- The Thunderbird email software is using the [RNP](https://www.rnpgp.org/) implementation for their built-in OpenPGP support since version 78 (released in mid-2020).
|
|
- The RPM Package Manager software includes an OpenPGP backend based on [Sequoia PGP](https://sequoia-pgp.org/), a modern OpenPGP implementation in Rust. Fedora [uses Sequoia PGP in rpm](https://sequoia-pgp.org/blog/2023/04/27/rpm-sequoia/) since version 38.
|
|
|
|
## The road ahead
|
|
|
|
### OpenPGP version 6
|
|
|
|
As of this writing (in 2023), [version 6 of OpenPGP](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) is approaching publication as an RFC.
|
|
The IETF working group's [charter](https://datatracker.ietf.org/wg/openpgp/about/#autoid-1) centers around updating the cryptographic mechanisms, adding new algorithms, and deprecation of obsolete algorithms.
|
|
|
|
This document describes OpenPGP version 6, while pointing out differences to previous versions that are relevant to application developers.
|
|
|
|
Significant work on support for OpenPGP version 6 has already been done for multiple implementations, including:
|
|
|
|
- [GOpenPGP](https://github.com/ProtonMail/gopenpgp/tree/v3),
|
|
- [OpenPGP.js](https://github.com/openpgpjs/openpgpjs/tree/v6),
|
|
- [PGPainless](https://github.com/pgpainless/pgpainless/milestone/6),
|
|
- [PGPy](https://github.com/dkg/PGPy/tree/dkg/crypto-refresh),
|
|
- [Sequoia-PGP](https://gitlab.com/sequoia-pgp/sequoia/-/tree/crypto-refresh).
|
|
|
|
### Post-Quantum Cryptography in OpenPGP
|
|
|
|
There is [ongoing work](https://datatracker.ietf.org/doc/draft-wussler-openpgp-pqc/) to standardize and add support for post-quantum public-key algorithms in OpenPGP. This project is funded by the [german "BSI"](https://en.wikipedia.org/wiki/Federal_Office_for_Information_Security). Goals include adding support for post-quantum cryptography to Thunderbird and GnuPG. A [presentation](https://datatracker.ietf.org/meeting/113/materials/slides-113-openpgp-a-post-quantum-approach-for-openpgp-00) was given at [IETF 113](https://datatracker.ietf.org/meeting/113/session/openpgp/).
|
|
|
|
## Concepts
|
|
|
|
### Certificates/Keys
|
|
|
|
Use of OpenPGP is centered around cryptographic keys.
|
|
|
|
In OpenPGP, bare cryptographic keys are combined with additional metadata into "OpenPGP certificates," which are a relatively complex data structure (OpenPGP certificates are also often called "OpenPGP keys").
|
|
|
|
An OpenPGP certificate can evolve over time, with components being added, expiring, or being marked as invalid.
|
|
|
|
See the chapter about [OpenPGP certificates](certificates_chapter) for details, and internal structure, and the chapter about [private keys](private_key_chapter) for handling of private key material in OpenPGP.
|
|
|
|
Other important topics around certificates are their management, authentication, and trust models. We will only touch on those, in this document.
|
|
|
|
### High-Level operations
|
|
|
|
With OpenPGP it's possible to:
|
|
|
|
- [Encrypt](encryption_chapter) and [Decrypt](decryption_chapter) Messages
|
|
- [Sign](signing_data) and [Verify](verification_chapter) Data
|
|
- [Issue and examine Statements](certifications_chapter) about Keys and Identities (to perform CA-like functionality)
|
|
|
|
### Building blocks
|
|
|
|
To perform these high-level operations, a set of [established cryptographic mechanisms](cyrptography_chapter) are used as building blocks, and combined into OpenPGP's format, which additionally deals with identities and their verification.
|
|
|
|
(interop_section)=
|
|
## Interoperability
|
|
|
|
OpenPGP was standardized in 1997 to encourage development of interoperable implementations. This has already been a success early on, but in recent years, there has been [much development of new implementations](major_implementations).
|
|
|
|
Historically, interoperability has only been tested in an adhoc manner. Since 2019, the Sequoia project is maintaining and operating the ["OpenPGP interoperability test suite"](https://tests.sequoia-pgp.org/), for more rigorous and systematic testing. The test suite has identified numerous [issues](https://gitlab.com/sequoia-pgp/openpgp-interoperability-test-suite#hall-of-fame).
|
|
|
|
## Zooming in: Internal structure of OpenPGP data
|
|
|
|
OpenPGP data is internally structured as "packets." We'll look into examples of this internal structure throughout the following chapters.
|
|
|
|
Getting familiar with the internal format of OpenPGP data is a good way to get familiar with the [RFC](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/), and it may also come in handy for debugging issues.
|
|
|
|
Gaining some familiarity with the internal structure of OpenPGP data will also help us to read the OpenPGP RFC, which describes the internal structure of OpenPGP packets in full detail.
|
|
|
|
(Most of the time, however, we will look at OpenPGP artifacts at a higher level of abstraction.)
|