GNU Privacy Guard, abbreviated GnuPG or GPG, is a free cryptography system. It is used to encrypt and decrypt data, as well as to generate and verify digital signatures.
The program implements the OpenPGP standard according to RFC 4880 and was developed as a replacement for PGP. Versions 2.0 and later also implement the S/MIME and PGP/MIME standards. By default, GnuPG uses only patent-free algorithms and is distributed under the GNU GPL. It can be run on GNU/Linux, MacOS and various other Unix-like systems, as well as Microsoft Windows. The project was started in 1997 by Werner Koch, who is still the main developer.
Goals and Use of GNU Privacy Guard
GnuPG has set itself the goal of enabling the largest possible group of users to use cryptographic methods for the confidential transmission of electronic data. GnuPG supports the following functions:
---
- Encrypting data (e.g., emails) to transmit sensitive information to one or more recipients that can only be decrypted by the recipients.
- Generate a signature on the sent data to ensure its authenticity and integrity.
Both functions can be combined. As a rule, the signature is first formed and attached to the data. This packet of message and signature is then sent to the recipients in encrypted form. Combining both actions in one call only supports GnuPG in that order. When sending e-mails (as PGP/MIME), both variants are possible, but due to the limitations of the mail clients, this is the only possible order in practice. The possibility of first encrypting an e-mail and then providing it with a plaintext signature (which could then be evaluated, for example, by a virus scanner or spam filter, which cannot decrypt the actual message), is not provided. However, you can encrypt files independently of how they are sent, attach them to an email, and then have the email signed as PGP/MIME.
GnuPG is used by at least most Linux distributions and related systems as part of their package manager to ensure the integrity of distributed software packages and is therefore already included in most installations. Therefore, booting from an authentic installation medium of such a system is a way to start GnuPG in a secure environment (i.e. free of malware), for example for the generation or use of keys with high security requirements.
How GNU Privacy Guard Works
GPG is a public-key encryption method, which means that no secret information is required to encrypt messages. Each GPG user creates a key pair that consists of two parts: the private key and the public key. Only the owner may have access to the private key. Therefore, it is usually protected with a password. This can be used to decrypt and sign data.
The public key is used to encrypt data and verify signed data. It must be available to any communication partner who wants to carry out these two actions. The data cannot be signed or decrypted with the public key, so there is no security risk associated with its distribution. The public keys can be exchanged with other users through a variety of channels, such as Internet key servers. They (or the combination of public key and user ID) should be reliably checked before use in order to prevent identity manipulation, as the identity information entered into public keys (usually name and e-mail, possibly also a comment) can be trivially falsified. GPG can only determine whether the data has been signed or encrypted with a specific key. The user has to decide whether the key itself is trustworthy, after all, anyone can create a key with the information of other users and upload it to a key server. A key downloaded from an insecure source (e.g. the Internet) should therefore not be trusted at first. To verify this, obtain the fingerprint (hash value) of the key via a secure channel and compare it with the locally generated one of the downloaded key. This is secure because it is not possible to generate a matching key for a given fingerprint. This security depends on the strength of the hash function (and the amount of possible keys). Version 4 of the OpenPGP key format specifies the use of the hash function SHA-1 for this purpose, for which currently collision attacks are possible, but not the second-preimage attacks that are crucial for the imitation of keys. With the recent establishment of the SHA-3 hash function, the development of the next OpenPGP key format has started.
To encrypt or sign the data, keys of different strengths are available. Currently (2014) 2048- to 4096-bit keys with a recommended length of 2048 bits are common. GPG currently only uses non-patented algorithms to encrypt data with these keys, such as RSA, Elgamal, CAST5, Triple-DES (3DES), AES (Rijndael), and Blowfish.
Offline master key
GnuPG supports master keys, a security feature that goes beyond the OpenPGP standard, and therefore does not work reliably when such secret keys are to be imported into another OpenPGP application. The master key is not used for day-to-day signing and decryption, but for managing one’s own key components (user IDs and subkeys) and certifying other keys. These actions are comparatively rare, so you can secure the master key in a special way. The advantages of this approach are:
- The verification of the key does not need to be repeated by the communication partners. The master key remains valid.
- Subkeys can be easily replaced. Expiring and new subkeys are nothing special for OpenPGP, are automatically included in key updates and used transparently for the user.
- If the master key is also allowed to sign, you can use its significantly higher level of security to sign information of great importance, such as your own key policy.
The technical approach is to export the secrets without the master key (after a backup of the master key), then delete all secrets, and then import only the subkeys. Unfortunately, this GnuPG feature is not yet supported by the GUI, so you have to do the necessary steps yourself in the console.
Web of Trust
By means of a Web of Trust, PGP/GnuPG tries to counter the problem that it is usually not possible to personally ensure the authenticity of the keys of all communication partners. Users can sign other keys with their own key, confirming to third parties that they have verified the authenticity of the key. You can also determine how much you trust the person’s signatures. This creates the trust network described. For example, if Alice has confirmed the authenticity of Bob’s key with her signature, Cloey can trust the authenticity of Bob’s key even if she herself has not been able to convince herself of this directly, for example because she obtained it from the Internet. Of course, the prerequisite for this is that she knows and trusts Alice’s key. There are some certification authorities (CA) that determine the authenticity of keys, for example through personal contact with ID card verification.
PGP’s Web of Trust has been thoroughly studied and visualized in detail by scientists. It was found that a large proportion of users belong to a subset that is fully connected to each other through mutual confirmations, the so-called Strong Set of the Web of Trust. Another important contributor to the Web of Trust is the Debian project, which requires digital signatures to receive contributions.
Command Line Usage of GPG
To illustrate the command line usage of GNU Privacy Guard (GPG), we’ll provide some common commands along with their descriptions:
Generating a Key Pair
1 | gpg --full-generate-key |
This command prompts you to choose the type of key you want to generate (RSA or RSA and RSA, for example), the key size, the expiration date, and the user information (name, email address). After providing the necessary information, GPG generates a key pair consisting of a public key and a private key.
Listing Keys
1 | gpg --list-keys |
This command lists all the public keys stored in your keyring.
Importing a Public Key
1 | gpg --import <filename> |
This command imports a public key from a file into your keyring.
Exporting a Public Key
1 | gpg --export --armor <user-id> > public_key.asc |
This command exports the public key associated with a specific user ID and saves it to a file named public_key.asc.
Encrypting a File
1 | gpg --encrypt --recipient <recipient-id> <filename> |
This command encrypts a file using the public key of the specified recipient. The encrypted file is saved with the .gpg extension.
Decrypting a File
1 | gpg --decrypt <filename.gpg> |
This command decrypts a file that was encrypted using your private key. You will be prompted to enter your passphrase.
Signing a File
1 | gpg --sign <filename> |
This command signs a file using your private key, generating a detached signature file.
Verifying a Signature
1 | gpg --verify <signature-file> <signed-file> |
This command verifies the integrity and authenticity of a signed file using the corresponding public key.
Encrypting and Signing a File
1 | gpg --encrypt --sign --recipient <recipient-id> <filename> |
This command encrypts and signs a file simultaneously, providing both confidentiality and authenticity.
Practical Applications of GPG
GNU Privacy Guard has a wide range of practical applications in securing digital communication and data. GPG can be used to encrypt and sign email messages, ensuring confidentiality and authenticity in email communication. Compatible email clients, such as Mozilla Thunderbird with Enigmail, integrate seamlessly with GnuPG to provide a user-friendly interface for secure email exchange.
GPG enables users to encrypt files and directories, protecting sensitive data stored on disk or transmitted over insecure channels. Encrypted files can only be decrypted by authorized recipients who possess the corresponding private keys. It can be used to digitally sign software packages and code repositories, providing assurance of their authenticity and integrity. Software developers and maintainers can sign their releases with their private keys, allowing users to verify the signatures before installation or execution. GPG can be integrated into messaging platforms and chat applications to enable end-to-end encrypted communication. By encrypting messages with recipients’ public keys, GnuPG ensures that only authorized parties can read the messages, protecting confidentiality and privacy.
