 | |
| Developer(s) | The Gpg4win initiative |
|---|---|
| Initial release | April 6, 2006 |
| Stable release | 4.3.1 (with GnuPG 2.4.5) (March 11, 2024 [1] ) [±] |
| Repository | dev |
| Operating system | Windows |
| Type | Encryption software |
| License | GPLv2+ |
| Website | gpg4win |
Gpg4win is an email and file encryption package for most versions of Microsoft Windows and Microsoft Outlook, which utilises the GnuPG framework for symmetric and public-key cryptography, such as data encryption, digital signatures, hash calculations etc.
The original creation of Gpg4win was initiated and funded by Germany's Federal Office for Information Security (BSI) in 2005, [2] [3] resulting in the release of Gpg4win 1.0.0 on 6 April 2006; [4] however Gpg4win and all included tools are free and open source software, and it is typically the non-proprietary option for privacy recommended [5] [6] to Windows users.
As Gpg4win v1 was a much overhauled derivate of GnuPP, [7] both were using GnuPG v1 for cryptographic operations and thus only supported OpenPGP as cryptography standard.
Hence in 2007 the development of a fundamentally enhanced version was started, also with support from the German BSI (Federal Office for Information Security); this effort culminated in the release of Gpg4win 2.0.0 on 7 August 2009 after a protracted beta testing phase, [8] which was based on GnuPG 2.0, included S/MIME support, Kleopatra as a new certificate manager, the Explorer plug-in GpgEX for cryptography operations on files, basic support of smart cards, a full set of German dialogue texts in addition to the English ones, new manuals in English and German, plus many other enhancements. [9]
In contrast to Gpg4win v2, which focused on new features and software components, the development of Gpg4win v3 focused on usability, plus consolidation of code and features: [10] This resulted in the release of Gpg4win 3.0.0 on 19 September 2017 with proper support for Elliptic Curve Cryptography (ECC) by utilising GnuPG 2.2 (instead of 2.0), broadened, stabilised and enhanced smart card support, a fundamentally overhauled Outlook plug-in GpgOL for Outlook 2010 and newer, support of 64-bit versions of Outlook 2010 and newer, supporting dialogues in all languages which KDE supports etc. [11] It is also distributed as GnuPG VS-Desktop with commercial support and approval for handling NATO RESTRICTED, RESTREINT UE/EU RESTRICTED and German VS-NfD documents, which in turn has become the major source of revenue for maintaining and further developing the GnuPG framework and Gpg4win. [12]
Gpg4win 4.0.0, released on 21 December 2021, [13] switched to using GnuPG 2.3 (from 2.2) and continued to refine and enhance the feature set of Gpg4win v3. [14]
Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. Phil Zimmermann developed PGP in 1991.
GNU Privacy Guard is a free-software replacement for Symantec's PGP cryptographic software suite. The software is compliant with RFC 4880, the IETF standards-track specification of OpenPGP. Modern versions of PGP are interoperable with GnuPG and other OpenPGP-compliant systems. GnuPG is however expected, as of April 2024, to break compliance with the upcoming revision of OpenPGP and thus with other implementations that will continue to comply.
Sylpheed is an open-source e-mail client and news client licensed under GNU GPL-2.0-or-later with the library part LibSylph under GNU LGPL-2.1-or-later. It provides easy configuration and an abundance of features. It stores mail in the MH Message Handling System. Sylpheed runs on Unix-like systems such as Linux or BSD, and it is also usable on Windows. It uses GTK+.
In cryptography, a web of trust is a concept used in PGP, GnuPG, and other OpenPGP-compatible systems to establish the authenticity of the binding between a public key and its owner. Its decentralized trust model is an alternative to the centralized trust model of a public key infrastructure (PKI), which relies exclusively on a certificate authority. As with computer networks, there are many independent webs of trust, and any user can be a part of, and a link between, multiple webs.
Werner Koch is a German free software developer. He is best known as the principal author of the GNU Privacy Guard. He was also Head of Office and German Vice-Chancellor of the Free Software Foundation Europe. He is the winner of Award for the Advancement of Free Software in 2015 for founding GnuPG.
Enigmail is a data encryption and decryption extension for Mozilla Thunderbird and the Postbox that provides OpenPGP public key e-mail encryption and signing. Enigmail works under Microsoft Windows, Unix-like, and Mac OS X operating systems. Enigmail can operate with other mail clients compatible with PGP/MIME and inline PGP such as: Microsoft Outlook with Gpg4win package installed, Gnome Evolution, KMail, Claws Mail, Gnus, Mutt. Its cryptographic functionality is handled by GNU Privacy Guard.
S/MIME is a standard for public-key encryption and signing of MIME data. S/MIME is on an IETF standards track and defined in a number of documents, most importantly RFC 8551. It was originally developed by RSA Data Security, and the original specification used the IETF MIME specification with the de facto industry standard PKCS #7 secure message format. Change control to S/MIME has since been vested in the IETF, and the specification is now layered on Cryptographic Message Syntax (CMS), an IETF specification that is identical in most respects with PKCS #7. S/MIME functionality is built into the majority of modern email software and interoperates between them. Since it is built on CMS, MIME can also hold an advanced digital signature.
In computer security, a key server is a computer that receives and then serves existing cryptographic keys to users or other programs. The users' programs can be running on the same network as the key server or on another networked computer.
GnuTLS is a free software implementation of the TLS, SSL and DTLS protocols. It offers an application programming interface (API) for applications to enable secure communication over the network transport layer, as well as interfaces to access X.509, PKCS #12, OpenPGP and other structures.
The following tables compare general and technical features of notable email client programs.
WinPT or Windows Privacy Tray is frontend to the Gnu Privacy Guard (GnuPG) for the Windows platform. Released under GPL, it is compatible with OpenPGP compliant software.
Email encryption is encryption of email messages to protect the content from being read by entities other than the intended recipients. Email encryption may also include authentication.
KDE Wallet Manager (KWallet) is free and open-source password management software written in C++ for UNIX-style operating systems. KDE Wallet Manager runs on a Linux-based OS and Its main feature is storing encrypted passwords in KDE Wallets. The main feature of KDE wallet manager (KWallet) is to collect user's credentials such as passwords or IDs and encrypt them through Blowfish symmetric block cipher algorithm or GNU Privacy Guard encryption.
In cryptography, the OpenPGP card is an ISO/IEC 7816-4, -8 compatible smart card that is integrated with many OpenPGP functions. Using this smart card, various cryptographic tasks can be performed. It allows secure storage of secret key material; all versions of the protocol state, "Private keys and passwords cannot be read from the card with any command or function." However, new key pairs may be loaded onto the card at any time, overwriting the existing ones.
The CryptoRights Foundation, Inc. (CRF) is a 501(c)(3) non-profit organization based in San Francisco. The CryptoRights Foundation helps human rights groups and other NGOs use encryption to protect their online communications. It has contributed to encryption standards such as OpenPGP, IPsec and GnuPG. The organization was founded on 26 February 1998 during a total solar eclipse on a boat chartered by attendees of the International Financial Cryptography Association conference on Anguilla by Dave Del Torto and a group of fellow "cypherpunk" cryptology experts.
GPG Mail is a commercial extension for Apple Mail which comes as part of GPG Suite, a software collection that provides easy access to a collection of tools designed to secure your communications and encrypt files. GPG Mail provides public key email encryption and signing. It integrates with the default email client Apple Mail under macOS and the actual cryptographic functionality is handled by GNU Privacy Guard.
The tables below compare cryptography libraries that deal with cryptography algorithms and have application programming interface (API) function calls to each of the supported features.
pretty Easy privacy was a pluggable data encryption and verification system that provided automatic cryptographic key management through a set of libraries for written digital communications.
Mailvelope is free software for end-to-end encryption of email traffic inside of a web browser that integrates itself into existing webmail applications. It can be used to encrypt and sign electronic messages, including attached files, without the use of a separate, native email client using the OpenPGP standard.
OpenKeychain is a free and open-source mobile app for the Android operating system that provides strong, user-based encryption which is compatible with the OpenPGP standard. This allows users to encrypt, decrypt, sign, and verify signatures for text, emails, and files. The app allows the user to store the public keys of other users with whom they interact, and to encrypt files such that only a specified user can decrypt them. In the same manner, if a file is received from another user and its public keys are saved, the receiver can verify the authenticity of that file and decrypt it if necessary. As of August 2021, it is no longer actively developed.
Germany's Federal Office for Information Security (BSI)…in 2006…funded the development of GPG4win
Timestamp of installer file `gpg4win-1.0.0.exe`: 06 April 2006
Press release: Gpg4win 2.0.0 is ready, it does S/MIME and secure attachments
