GNU Privacy Guard

Last updated
Original author(s) Werner Koch
Developer(s) GNU Project
Initial release7 September 1999;24 years ago (1999-09-07)
Stable release(s)
Stable2.4.5 [1]   OOjs UI icon edit-ltr-progressive.svg / 12 March 2024
LTS2.2.42 [2]   OOjs UI icon edit-ltr-progressive.svg / 28 November 2023
Repository dev.gnupg.org/source/gnupg/
Written in C
Operating system Microsoft Windows, macOS, RISC OS, Android, Linux
Type OpenPGP
License 2007: GPL-3.0-or-later [lower-alpha 1]
1997: GPL-2.0-or-later [lower-alpha 2]
Website gnupg.org

GNU Privacy Guard (GnuPG or GPG) is a free-software replacement for Symantec's PGP cryptographic software suite. The software is compliant with RFC 4880, the IETF standards-track specification of OpenPGP. Modern versions of PGP are interoperable with GnuPG and other OpenPGP-compliant systems. [3] GnuPG is however expected to break compliance with the upcoming revision of OpenPGP and thus with other implementations that will continue to comply. [4]

Contents

GnuPG is part of the GNU Project and received major funding from the German government in 1999. [5]

Overview

GnuPG is a hybrid-encryption software program because it uses a combination of conventional symmetric-key cryptography for speed, and public-key cryptography for ease of secure key exchange, typically by using the recipient's public key to encrypt a session key which is used only once. This mode of operation is part of the OpenPGP standard and has been part of PGP from its first version.

The GnuPG 1.x series uses an integrated cryptographic library, while the GnuPG 2.x series replaces this with Libgcrypt.

GnuPG encrypts messages using asymmetric key pairs individually generated by GnuPG users. The resulting public keys may be exchanged with other users in a variety of ways, such as Internet key servers. They must always be exchanged carefully to prevent identity spoofing by corrupting public key ↔ "owner" identity correspondences. It is also possible to add a cryptographic digital signature to a message, so the message integrity and sender can be verified, if a particular correspondence relied upon has not been corrupted.

GnuPG also supports symmetric encryption algorithms. By default, GnuPG uses the AES symmetrical algorithm since version 2.1, [6] CAST5 was used in earlier versions. GnuPG does not use patented or otherwise restricted software or algorithms. Instead, GnuPG uses a variety of other, non-patented algorithms. [7]

For a long time, it did not support the IDEA encryption algorithm used in PGP. It was in fact possible to use IDEA in GnuPG by downloading a plugin for it, however, this might require a license for some uses in countries in which IDEA was patented. Starting with versions 1.4.13 and 2.0.20, GnuPG supports IDEA because the last patent of IDEA expired in 2012. Support of IDEA is intended "to get rid of all the questions from folks either trying to decrypt old data or migrating keys from PGP to GnuPG", [8] and hence is not recommended for regular use.

More recent releases of GnuPG 2.x ("modern" and the now deprecated "stable" series) expose most cryptographic functions and algorithms Libgcrypt (its cryptography library) provides, including support for elliptic curve cryptography (ECDH, ECDSA and EdDSA) [9] in the "modern" series (i.e. since GnuPG 2.1).

Algorithms

As of 2.3 or 2.2 versions, GnuPG supports the following algorithms:

Public key
RSA, ElGamal, DSA, ECDH (cv25519, cv448, [lower-alpha 3] nistp256, nistp384, nistp521, brainpoolP256r1, brainpoolP384r1, brainpoolP512r1, secp256k1), ECDSA (nistp256, nistp384, nistp521, brainpoolP256r1, brainpoolP384r1, brainpoolP512r1, secp256k1), EdDSA (ed25519, ed448 [lower-alpha 3] )
Cipher
3DES, IDEA (for backward compatibility), CAST5, Blowfish, Twofish, AES-128, AES-192, AES-256, Camellia-128, -192 and -256
Hash
MD5, SHA-1, RIPEMD-160, SHA-256, SHA-384, SHA-512, SHA-224
Compression
Uncompressed, ZIP, ZLIB, BZIP2

History

GnuPG was initially developed by Werner Koch. [10] [11] The first production version, version 1.0.0, was released on September 7, 1999, almost two years after the first GnuPG release (version 0.0.0). [12] [10] The German Federal Ministry of Economics and Technology funded the documentation and the port to Microsoft Windows in 2000. [11]

GnuPG is a system compliant to the OpenPGP standard, thus the history of OpenPGP is of importance; it was designed to interoperate with PGP, an email encryption program initially designed and developed by Phil Zimmermann. [13] [14]

On February 7, 2014, a GnuPG crowdfunding effort closed, raising 36,732 for a new website and infrastructure improvements. [15]

Branches

Since the release of a stable GnuPG 2.3, starting with version 2.3.3 in October 2021, three stable branches of GnuPG are actively maintained: [16]

Before GnuPG 2.3, two stable branches of GnuPG were actively maintained:

Different GnuPG 2.x versions (e.g. from the 2.2 and 2.0 branches) cannot be installed at the same time. However, it is possible to install a "classic" GnuPG version (i.e. from the 1.4 branch) along with any GnuPG 2.x version. [9]

Before the release of GnuPG 2.2 ("modern"), the now deprecated "stable" branch (2.0) was recommended for general use, initially released on November 13, 2006. [19] This branch reached its end-of-life on December 31, 2017; [20] Its last version is 2.0.31, released on December 29, 2017. [21]

Before the release of GnuPG 2.0, all stable releases originated from a single branch; i.e., before November 13, 2006, no multiple release branches were maintained in parallel. These former, sequentially succeeding (up to 1.4) release branches were:

(Note that before the release of GnuPG 2.3.0, branches with an odd minor release number (e.g. 2.1, 1.9, 1.3) were development branches leading to a stable release branch with a "+ 0.1" higher version number (e.g. 2.2, 2.0, 1.4); hence branches 2.2 and 2.1 both belong to the "modern" series, 2.0 and 1.9 both to the "stable" series, while the branches 1.4 and 1.3 both belong to the "classic" series.

With the release of GnuPG 2.3.0, this nomenclature was altered to be composed of a "stable" and "LTS" branch from the "modern" series, plus 1.4 as the last maintained "classic" branch. Also note that even or odd minor release numbers do not indicate a stable or development release branch, anymore.)

Platforms

Example of usage of GnuPG: As software repository signing key for openSUSE (with ZYpp) Zypper new repository package signing key screenshot.png
Example of usage of GnuPG: As software repository signing key for openSUSE (with ZYpp)

Although the basic GnuPG program has a command-line interface, there exists various front-ends that provide it with a graphical user interface. For example, GnuPG encryption support has been integrated into KMail and Evolution, the graphical email clients found in KDE and GNOME, the most popular Linux desktops. There are also graphical GnuPG front-ends, for example Seahorse for GNOME and KGPG and Kleopatra for KDE.

GPGTools provides a number of front-ends for OS integration of encryption and key management as well as GnuPG installations via Installer packages [25] for macOS. GPG Suite [26] installs all related OpenPGP applications (GPG Keychain), plugins (GPG Mail) and dependencies (MacGPG), along with GPG Services (integration into macOS Services menu) to use GnuPG based encryption.

Instant messaging applications such as Psi and Fire can automatically secure messages when GnuPG is installed and configured. Web-based software such as Horde also makes use of it. The cross-platform extension Enigmail provides GnuPG support for Mozilla Thunderbird and SeaMonkey. Similarly, Enigform provides GnuPG support for Mozilla Firefox. FireGPG was discontinued June 7, 2010. [27]

In 2005, g10 Code GmbH and Intevation GmbH released Gpg4win, a software suite that includes GnuPG for Windows, GNU Privacy Assistant, and GnuPG plug-ins for Windows Explorer and Outlook. These tools are wrapped in a standard Windows installer, making it easier for GnuPG to be installed and used on Windows systems. [28]

Vulnerabilities

The OpenPGP standard specifies several methods of digitally signing messages. In 2003, due to an error in a change to GnuPG intended to make one of those methods more efficient, a security vulnerability was introduced. [29] It affected only one method of digitally signing messages, only for some releases of GnuPG (1.0.2 through 1.2.3), and there were fewer than 1000 such keys listed on the key servers. [30] Most people did not use this method, and were in any case discouraged from doing so, so the damage caused (if any, since none has been publicly reported) would appear to have been minimal. Support for this method has been removed from GnuPG versions released after this discovery (1.2.4 and later).

Two further vulnerabilities were discovered in early 2006; the first being that scripted uses of GnuPG for signature verification may result in false positives, [31] the second that non-MIME messages were vulnerable to the injection of data which while not covered by the digital signature, would be reported as being part of the signed message. [32] In both cases updated versions of GnuPG were made available at the time of the announcement.

In June 2017, a vulnerability (CVE-2017-7526) was discovered within Libgcrypt by Bernstein, Breitner and others: a library used by GnuPG, which enabled a full key recovery for RSA-1024 and about more than 1/8th of RSA-2048 keys. This side-channel attack exploits the fact that Libgcrypt used a sliding windows method for exponentiation which leads to the leakage of exponent bits and to full key recovery. [33] [34] Again, an updated version of GnuPG was made available at the time of the announcement.

In October 2017, the ROCA vulnerability was announced that affects RSA keys generated by YubiKey 4 tokens, which often are used with PGP/GPG. Many published PGP keys were found to be susceptible. [35]

Around June 2018, the SigSpoof attacks were announced. These allowed an attacker to convincingly spoof digital signatures. [36] [37]

In January 2021, Libgcrypt 1.9.0 was released, which was found to contain a severe bug that was simple to exploit. A fix was released 10 days later in Libgcrypt 1.9.1. [38]

See also

Notes

  1. GPL-3.0-or-later since 2007-07-04 for 2.x and 2007-10-23 for 1.x.
  2. GPL-2.0-or-later from 1997-11-18 until 2007-07-04 for 2.x and 2007-10-23 for 1.x.
  3. 1 2 only available in 2.3

Related Research Articles

Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. Phil Zimmermann developed PGP in 1991.

<span class="mw-page-title-main">CAST-128</span> Block cipher

In cryptography, CAST-128 is a symmetric-key block cipher used in a number of products, notably as the default cipher in some versions of GPG and PGP. It has also been approved for Government of Canada use by the Communications Security Establishment. The algorithm was created in 1996 by Carlisle Adams and Stafford Tavares using the CAST design procedure.

<span class="mw-page-title-main">Web of trust</span> Mechanism for authenticating cryptographic keys

In cryptography, a web of trust is a concept used in PGP, GnuPG, and other OpenPGP-compatible systems to establish the authenticity of the binding between a public key and its owner. Its decentralized trust model is an alternative to the centralized trust model of a public key infrastructure (PKI), which relies exclusively on a certificate authority. As with computer networks, there are many independent webs of trust, and any user can be a part of, and a link between, multiple webs.

<span class="mw-page-title-main">Werner Koch</span> German free software developer (born 1961)

Werner Koch is a German free software developer. He is best known as the principal author of the GNU Privacy Guard. He was also Head of Office and German Vice-Chancellor of the Free Software Foundation Europe. He is the winner of Award for the Advancement of Free Software in 2015 for founding GnuPG.

<span class="mw-page-title-main">Enigmail</span> Extension for Mozilla Thunderbird and SeaMonkey

Enigmail is a data encryption and decryption extension for Mozilla Thunderbird and the Postbox that provides OpenPGP public key e-mail encryption and signing. Enigmail works under Microsoft Windows, Unix-like, and Mac OS X operating systems. Enigmail can operate with other mail clients compatible with PGP/MIME and inline PGP such as: Microsoft Outlook with Gpg4win package installed, Gnome Evolution, KMail, Claws Mail, Gnus, Mutt. Its cryptographic functionality is handled by GNU Privacy Guard.

In cryptography, Camellia is a symmetric key block cipher with a block size of 128 bits and key sizes of 128, 192 and 256 bits. It was jointly developed by Mitsubishi Electric and NTT of Japan. The cipher has been approved for use by the ISO/IEC, the European Union's NESSIE project and the Japanese CRYPTREC project. The cipher has security levels and processing abilities comparable to the Advanced Encryption Standard.

S/MIME is a standard for public-key encryption and signing of MIME data. S/MIME is on an IETF standards track and defined in a number of documents, most importantly RFC 8551. It was originally developed by RSA Data Security, and the original specification used the IETF MIME specification with the de facto industry standard PKCS #7 secure message format. Change control to S/MIME has since been vested in the IETF, and the specification is now layered on Cryptographic Message Syntax (CMS), an IETF specification that is identical in most respects with PKCS #7. S/MIME functionality is built into the majority of modern email software and interoperates between them. Since it is built on CMS, MIME can also hold an advanced digital signature.

In computer security, a key server is a computer that receives and then serves existing cryptographic keys to users or other programs. The users' programs can be running on the same network as the key server or on another networked computer.

<span class="mw-page-title-main">Seahorse (software)</span> GNOME software for managing passwords and keys

Seahorse is a GNOME front-end application for managing passwords, PGP and SSH keys. Seahorse integrates with a number of apps including Nautilus file manager, Epiphany browser and Evolution e-mail suite. It has HKP and LDAP key server support.

<span class="mw-page-title-main">WinPT</span>

WinPT or Windows Privacy Tray is frontend to the Gnu Privacy Guard (GnuPG) for the Windows platform. Released under GPL, it is compatible with OpenPGP compliant software.

<span class="mw-page-title-main">Tinfoil Hat Linux</span>

Tinfoil Hat Linux (THL) was a compact security-focused Linux distribution designed for high security developed by The Shmoo Group. The first version (1.000) was released in February 2002. By 2013, it had become a low-priority project. Its image files and source are available in gzip format. THL can be used on modern PCs using an Intel 80386 or better, with at least 8 MB of RAM. The distribution fits on a single HD floppy disk. The small footprint provides additional benefits beyond making the system easy to understand and verify. The computer need not even have a hard drive, making it easier to "sanitize" the computer after use.

<span class="mw-page-title-main">Gpg4win</span> Email and file encryption package

Gpg4win is an email and file encryption package for most versions of Microsoft Windows and Microsoft Outlook, which utilises the GnuPG framework for symmetric and public-key cryptography, such as data encryption, digital signatures, hash calculations etc.

<span class="mw-page-title-main">KWallet</span> Password manager

KDE Wallet Manager (KWallet) is free and open-source password management software written in C++ for UNIX-style operating systems. KDE Wallet Manager runs on a Linux-based OS and Its main feature is storing encrypted passwords in KDE Wallets. The main feature of KDE wallet manager (KWallet) is to collect user's credentials such as passwords or IDs and encrypt them through Blowfish symmetric block cipher algorithm or GNU Privacy Guard encryption.

<span class="mw-page-title-main">OpenPGP card</span> Type of cryptographic smart card

In cryptography, the OpenPGP card is an ISO/IEC 7816-4, -8 compatible smart card that is integrated with many OpenPGP functions. Using this smart card, various cryptographic tasks can be performed. It allows secure storage of secret key material; all versions of the protocol state, "Private keys and passwords cannot be read from the card with any command or function." However, new key pairs may be loaded onto the card at any time, overwriting the existing ones.

In cryptography, Curve25519 is an elliptic curve used in elliptic-curve cryptography (ECC) offering 128 bits of security and designed for use with the Elliptic-curve Diffie–Hellman (ECDH) key agreement scheme. It is one of the fastest curves in ECC, and is not covered by any known patents. The reference implementation is public domain software.

eCryptfs is a package of disk encryption software for Linux. Its implementation is a POSIX-compliant filesystem-level encryption layer, aiming to offer functionality similar to that of GnuPG at the operating system level, and has been part of the Linux kernel since version 2.6.19.

Libgcrypt is a cryptography library developed as a separated module of GnuPG. It can also be used independently of GnuPG, but depends on its error-reporting library Libgpg-error.

<span class="mw-page-title-main">GPG Mail</span>

GPG Mail is a commercial extension for Apple Mail which comes as part of GPG Suite, a software collection that provides easy access to a collection of tools designed to secure your communications and encrypt files. GPG Mail provides public key email encryption and signing. It integrates with the default email client Apple Mail under macOS and the actual cryptographic functionality is handled by GNU Privacy Guard.

The tables below compare cryptography libraries that deal with cryptography algorithms and have API function calls to each of the supported features.

SigSpoof is a family of security vulnerabilities that affected the software package GNU Privacy Guard ("GnuPG") since version 0.2.2, that was released in 1998. Several other software packages that make use of GnuPG were also affected, such as Pass and Enigmail.

References

  1. Werner Koch (12 March 2024). "[Announce] GnuPG 2.4.5 released". Archived from the original on 12 March 2024. Retrieved 12 March 2024.
  2. "Noteworthy changes in version 2.2.42". 28 November 2023. Retrieved 22 February 2024.
  3. "Gnu Privacy Guard". GnuPG.org. Archived from the original on 2015-04-29. Retrieved 2015-05-26.
  4. "A schism in the OpenPGP world". Linux Weekly News. Retrieved 2023-12-09.
  5. "Bundesregierung fördert Open Source" (in German). Heise Online. 1999-11-15. Archived from the original on October 12, 2013. Retrieved July 24, 2013.
  6. "[Announce] The maybe final Beta for GnuPG 2.1". Archived from the original on 2019-05-02. Retrieved 2019-03-28.
  7. "GnuPG Features". Archived from the original on October 4, 2009. Retrieved October 1, 2009.
  8. Koch, Werner (2012-12-21). "GnuPG 1.4.13 released" (Mailing list). gnupg-users. Archived from the original on 2013-02-12. Retrieved 2013-05-19.
  9. 1 2 3 Koch, Werner (2014-11-06). "[Announce] GnuPG 2.1.0 "modern" released". gnupg.org. Archived from the original on 2014-11-06. Retrieved 2014-11-06.
  10. 1 2 Angwin, Julia (5 February 2015). "The World's Email Encryption Software Relies on One Guy, Who is Going Broke". ProPublica. Archived from the original on 6 February 2015. Retrieved 6 February 2015.
  11. 1 2 Wayner, Peter (19 November 1999). "Germany Awards Grant for Encryption". The New York Times . Archived from the original on 25 August 2014. Retrieved 2014-08-08.
  12. 1 2 "Release Notes". GnuPG. Archived from the original on 2014-02-09. Retrieved 2014-01-30.
  13. "Gnu Privacy Guard". OpenPGP.org. Archived from the original on 2014-02-27. Retrieved 2014-02-26.
  14. "Where to Get PGP". Philzimmermann.com. Archived from the original on 2014-02-26. Retrieved 2014-02-26.
  15. "GnuPG: New web site and infrastructure". goteo.org. Archived from the original on 2014-03-30. Retrieved 2014-03-09.
  16. "GnuPG 2.3.3 released".
  17. Koch, Werner (2017-08-28). "[Announce] GnuPG 2.2.0 released". gnupg-announce (Mailing list). Archived from the original on 2017-08-29. Retrieved 2017-09-21.
  18. Koch, Werner (2004-12-16). "[Announce] GnuPG stable 1.4 released". gnupg.org. Archived from the original on 2005-01-03. Retrieved 2004-12-16.
  19. Koch, Werner (2006-11-13). "[Announce] GnuPG 2.0 released". gnupg.org. Archived from the original on 2014-02-14. Retrieved 2014-01-30.
  20. Koch, Werner (2017-01-23). "[Announce] GnuPG 2.1.18 released". gnupg.org. Archived from the original on 2017-02-11. Retrieved 2017-02-04.
  21. "GnuPG 2.0.31". 2017-12-29. Retrieved 2017-12-30.
  22. Koch, Werner (2002-09-06). "[Announce]GnuPG 1.2 released". gnupg.org. Archived from the original on 2014-06-17. Retrieved 2014-11-06.
  23. Koch, Werner (2004-08-26). "[Announce] GnuPG 1.2.6 released". gnupg.org. Archived from the original on 2014-06-17. Retrieved 2014-11-06.
  24. Koch, Werner (2002-04-30). "[Announce] GnuPG 1.0.7 released". gnupg.org. Archived from the original on 2014-06-17. Retrieved 2014-11-06.
  25. "GPG Suite". GPGTools. Retrieved 2017-12-24.
  26. "GPG Suite". GPGTools. Retrieved 2021-02-16.
  27. "FireGPG's developers blog". 7 June 2010. Archived from the original on July 27, 2013. Retrieved July 24, 2013.
  28. "Gpg4win – About Gpg4win". gpg4win.org. Retrieved 2021-03-23.
  29. Nguyen, Phong Q. "Can We Trust Cryptographic Software? Cryptographic Flaws in GNU Privacy Guard v1.2.3". EUROCRYPT 2004: 555570. Archived from the original on 2017-12-04. Retrieved 2019-08-23.
  30. Koch, Werner (November 27, 2003). "GnuPG's ElGamal signing keys compromised". Archived from the original on March 18, 2004. Retrieved May 14, 2004.
  31. Koch, Werner (February 15, 2006). "False positive signature verification in GnuPG". Archived from the original on June 17, 2006. Retrieved May 23, 2006.
  32. Koch, Werner (March 9, 2006). "GnuPG does not detect injection of unsigned data". Archived from the original on May 5, 2006. Retrieved May 23, 2006.
  33. Edge, Jake (5 July 2017). "Breaking Libgcrypt RSA via a side channel". LWN.net. Archived from the original on 28 July 2017. Retrieved 28 July 2017.
  34. "Sliding right into disaster: Left-to-right sliding windows leak" (PDF). Archived (PDF) from the original on 2017-06-30. Retrieved 2017-06-30.
  35. The Return of Coppersmith's Attack: Practical Factorization of Widely Used RSA Moduli Archived 2017-11-12 at the Wayback Machine , Matus Nemec, Marek Sys, Petr Svenda, Dusan Klinec, Vashek Matyas, November 2017
  36. "Decades-old PGP bug allowed hackers to spoof just about anyone's signature". 14 June 2018. Archived from the original on 2018-09-07. Retrieved 2018-09-07.
  37. "Pass gets a fail: Simple Password Store suffers GnuPG spoofing bug". The Register . Archived from the original on 2018-06-30. Retrieved 2018-09-07.
  38. "Severe bug in Libgcrypt – used by GPG and others – is a whole heap of trouble, prompts patch scramble". Archived from the original on 2021-02-21.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.