vanitasvitae/openpgp-notes
1
0
Fork 0
mirror of https://codeberg.org/openpgp/notes.git synced 2025-02-17 09:36:25 +01:00
Code Issues Projects Releases Packages Wiki Activity
openpgp-notes/book/source/01-intro.md
Heiko Schaefer c8054b9120
Initial outline and old notes 
(Rough merge of two precursor projects by Heiko, and outline notes by Paul)
2023-09-14 21:30:43 +02:00

3.4 KiB
Raw Blame History

OpenPGP: what is it, history

This document is intended as an introduction to the inner workings of OpenPGP, aimed mainly at technical readers.

It is not a guide for use of OpenPGP by end-users.

What is OpenPGP?

OpenPGP is an open standard that was developed based on the "Pretty Good Privacy (PGP)" software.

The standard has evolved over time, and there is ongoing work to improve it. RFC 4880 is the most recent published version of the standard (describing OpenPGP version 4).

An IETF working group is currently finalizing a new revision, of the OpenPGP standard (which will describe OpenPGP version 6). The current standardization work focuses on updating the cryptographic mechanisms in OpenPGP.

There are multiple interoperable implementations with significant use.

A very brief history (dramatis personae)

PGP

"Pretty Good Privacy (PGP)" is a software program, initially by Phil Zimmermann, first released in 1991.

The PGP software has played a role in the political struggles sometimes referred to as the "Crypto Wars" (also see https://en.wikipedia.org/wiki/Crypto_(book) for some of that history, including about the history of PGP).

The "PGP" software was never under a Free Software license, even though its source code has at one point been widely published.

The ownership and branding of the product has changed over the years, The software enjoys a continued existence, albeit with changing name and scope.

OpenPGP

While the PGP software was developed as a commercial product, the owner at the time, "PGP Inc." started a standardization effort with the IETF in July 1997. The resulting open standard was named OpenPGP.

The result of this first round of standardization work under the "OpenPGP" name is RFC 2440, published November 1998.

The name "OpenPGP" can be used freely by implementations (unlike the name "PGP", which is a registered trademark).

GnuPG

First released 1997-12-20, GnuPG is an implementation of the OpenPGP standard.

GnuPG has been the major Free Software implementation of OpenPGP for a period of time. It has played a role in the release of NSA documents by Edward Snowden

Multiple major implementations

Today, multiple implementations of OpenPGP play an important role:

  • Protonmail, who serve a large number of users, use (and maintain) OpenPGP.js.
  • The Thunderbird email software is using the RNP implementation for their built-in OpenPGP support since version 78 (released in mid-2020).
  • The RPM Package Manager software includes an OpenPGP backend based on Sequoia PGP, a modern OpenPGP implementation in Rust. Fedora uses Sequoia PGP in rpm since version 38.