OpenPGP

From ArchWiki

OpenPGP is an open standard for cryptographic operations. It is a system based on well-understood cryptographic building blocks. OpenPGP supports the secure delivery of files and messages between a sender and a recipient. It also addresses identities and their verification.

Software

Applications

A number of e-mail clients implement OpenPGP features, such as Thunderbird.

General-purpose OpenPGP commandline tools include gnupg and sequoia-sq.

Note: The IETF draft for Stateless OpenPGP Command Line Interface defines a generic stateless command-line interface for dealing with OpenPGP messages, known as sop. It aims for a minimal, well-structured API covering OpenPGP object security. Many sop implementations exist and are cross-tested in an interoperability test suite.

Libraries

A number of libraries exist for various programming languages.

Hardware security device support

OpenPGP private keys can be securely handled on specialized hardware devices. The OpenPGP card standard defines a smart card application for this purpose. This standard is implemented on many devices, including most models of Nitrokey and YubiKey.

Users can use these smartcards with software such as GnuPG or OpenPGP-card-tools.

Standardization

This article or section needs expansion.

Reason: How is this related to Arch Linux? (Discuss in User talk:Andreymal#OpenPGP standardization)

The standardization of OpenPGP takes place in the context of the IETF OpenPGP working group.

The most recent and widely adopted IETF ratified standard for OpenPGP is RFC4880. This standard defines formats of what is now referred to as "OpenPGP version 4".

RFC6637 defines an extension for elliptic-curve cryptography (ECC) using the NIST prime field curves.

An extension for algorithms based on Curve 25519 is widely used. It was tentatively defined in RFC4880bis, which has not yet been finalized as a new version of the standard.

The working group is currently finalizing an updated specification for OpenPGP which is a continuation of the work done in RFC4880bis. The scope for the RFC in finalization (aka. "crypto refresh") has been updates to the cryptographic capabilities of the OpenPGP standard (see Charter 02 of the IETF OpenPGP working group for details). This new standard defines new formats for "OpenPGP version 6" keys and signatures and facilitates modern AEAD based encryption.

Future work will center around topics such as post-quantum cryptography (PQC) and forward secrecy (see Charter 04 of the IETF OpenPGP working group for details).

Tips and Tricks

This article or section needs expansion.

Reason: Add subsections about encryption, decryption, signing, verification and authentication (identity, WoT and SSH) using several implementations of OpenPGP (by linking to subsections in other articles, such as GnuPG and OpenPGP-card-tools). (Discuss in Talk:OpenPGP)

See also