GNU Privacy Guard, abbreviated GnuPG or GPG, is a free cryptography system. It is used to encrypt and decrypt data, as well as to generate and verify electronic signatures.
The program implements the OpenPGP standard and was developed as a replacement for PGP. Versions 2.0 and later also implement the S/MIME and PGP/MIME standards. By default, GnuPG uses only patent-free algorithms and is distributed under the GNU GPL. It can be run on GNU/Linux, MacOS and various other Unix-like systems, as well as Microsoft Windows. The project was started in 1997.
Goals of GnuPG
GnuPG has set itself the goal of enabling the largest possible group of users to use cryptographic methods for the confidential transmission of electronic data. GnuPG supports the following functions:
- Encrypting data (e.g., emails) to transmit sensitive information to one or more recipients that can only be decrypted by the recipients.
- Generation of a signature on the sent data to ensure its authenticity and integrity.
Both functions can be combined. As a rule, the signature is first formed and appended to the data. This packet, in turn, is then sent to the recipients in encrypted form. Combining both actions in one call only supports GnuPG in that order. When sending e-mails, both variants are possible, but due to the limitations of the mail clients, this is the only possible order in practice. The possibility of first encrypting an e-mail and then providing it with a plaintext signature (which could then be evaluated, for example, by a virus scanner or spam filter, which cannot decrypt the actual message), is not provided. However, you can encrypt files independently of how they are sent, attach them to an email, and then have the email signed as PGP/MIME.
GnuPG is used by at least most Linux distributions and related systems as part of their package manager to ensure the integrity of distributed software packages and is therefore already included in most installations. Therefore, booting from an authentic installation medium of such a system is a way to start GnuPG in a secure environment (i.e. free of malware), for example for the generation or use of keys with high security requirements.
Goals of GnuPG
GPG is a public-key encryption method, which means that no secret information is required to encrypt messages. Each GPG user creates a key pair that consists of two parts: the private key and the public key. Only the owner may have access to the private key. Therefore, it is usually protected with a password. This can be used to decrypt and sign data. The public key is used to encrypt data and verify signed data. It must be available to any communication partner who wants to carry out these two actions. The data cannot be signed or decrypted with the public key, so there is no security risk to its distribution. The public keys can be exchanged with other users through a variety of channels, such as Internet key servers. They (or the combination of public key and user ID) should be reliably checked before use in order to prevent identity manipulation, as the identity information entered into public keys (usually name and e-mail, possibly also a comment) can be trivially falsified. GPG can only determine whether the data has been signed or encrypted with a specific key. The user has to decide whether the key itself is trustworthy, after all, anyone can create a key with the information of other users and upload it to a key server. A key downloaded from an insecure source (e.g. .dem the Internet) should therefore not be trusted at first. To verify this, the fingerprint (hash value) of the key is obtained via a secure channel (e.g. telephone) and compared with the locally generated one of the downloaded key. This is secure because it is not possible to generate a matching key for a given fingerprint. This security depends on the strength of the hash function (and the amount of possible keys). Version 4 of the OpenPGP key format specifies the use of the hash function SHA-1 for this purpose, for which collision attacks are currently (2012) possible, but not the second-preimage attacks that are crucial for the imitation of keys. With the recent establishment of the SHA-3 hash function, the development of the next OpenPGP key format can be expected to begin soon.
To encrypt or sign the data, keys of different strengths are available. Currently (2014) 2048- to 4096-bit strong keys, with 2048 bit recommended length, are common. GPG currently only uses non-patented algorithms to encrypt data with these keys, such as RSA, Elgamal, CAST5, Triple-DES (3DES), AES (Rijndael), and Blowfish.
GnuPG supports master keys, a security feature that goes beyond the OpenPGP standard, and therefore does not work reliably when such secret keys are to be imported into another OpenPGP application. The master key is not used for day-to-day signing and decryption, but for managing one’s own key components (user IDs and subkeys) and certifying other keys. These actions are comparatively rare, so you can secure the master key in a special way. The advantages of this approach are:
- The verification of the key does not need to be repeated by the communication partners. The master key remains valid.
- Subkeys can be easily replaced. Expiring and new subkeys are nothing special for OpenPGP, are automatically included in key updates and used transparently for the user.
- If the master key is also allowed to sign, you can use its significantly higher level of security to sign information of great importance, such as your own key policy.
The technical approach is to export the secrets without the master key (after a backup of the master key), then delete all secrets, and then import only the subkeys. Unfortunately, this GnuPG feature is not yet supported by the GUI, so you have to do the necessary steps yourself in the console.