The GNU Privacy Guard (GnuPG or GPG) is a free software replacement for the Pretty Good Privacy suite of cryptographic software, released under the GNU General Public License. It is a part of the Free Software Foundation s GNU software project. GPG is completely compliant with the Internet Engineering Task Force standard for OpenPGP, and is supported by the German government. Current versions of PGP (and Veridis Filecrypt) are interoperable with GPG and other OpenPGP-compliant systems. Although some older versions of PGP are also interoperable, not all features of newer software are supported by the older software. It is necessary for users to understand those incompatibilities and work around them.

=History=

GPG was initially developed by Werner Koch. Version 1.0.0 was released on September 7th, 1999. The German Federal Ministry of Economics and Technology has funded the documentation and the port to Microsoft Windows in 2000.

Because GPG is an OpenPGP standard compliant system, the history of OpenPGP is of importance. See both PGP and OpenPGP for more information.

Version 1.4.2 of the stable branch was announced on 27 July 2005, and version 1.9.19 of the development branch (with S/MIME support) was released on 12 September 2005.

=Users of GnuPG=

GPG is stable, production-quality software. It is frequently included in free operating systems, such as FreeBSD, OpenBSD, and NetBSD and nearly all distributions of GNU/Linux.

Although the basic GPG program has a command line interface, there exist various front-ends that provide it with a graphical user interface; for example, it has been integrated into KMail and Novell Evolution, the graphical email client found in the most popular Linux desktops KDE and GNOME. For GNOME, there is a graphical GPG front-end called Seahorse (software). A Plugin known as Enigmail allows GPG to be integrated with Mozilla and Mozilla_Thunderbird, which works on Microsoft Windows as well as Linux and other operating systems. Web-based software such as Horde_(Software) also makes use of it. Note that, because the plugin mechanism is not part of GPG itself and not specified by the Open PGP standard, and because neither the GPG nor Open PGP developers were involved in their development, it is possible that GPG s security benefits could be compromised or even lost as a result of using such auxiliaries.

GPG can also be compiled for other platforms like Mac OS X and Microsoft Windows. For Mac OS X, there is a free port called MacGPG which has been adapted to use the OS X user interface and its native class definitions. Cross compilation is not a trivial exercise, at least in part because security provisions vary with operating system and adapting to them is often tricky, but high quality compilers should routinely produce executables which will interoperate correctly with other GPG implementations.

=How GPG works=

GPG encrypts messages using asymmetric keypairs individually generated by GPG users. The resulting public keys can be exchanged with other users in a variety of ways, such as Internet key servers. They must always be exchanged carefully to prevent identity spoofing by corrupting public key ↔ owner identity correspondences. It is also possible to add a cryptographic digital signature to a message, so the message integrity and sender can be verified, if a particular correspondence relied upon has not been corrupted.

GPG does not use patented or otherwise restricted software or algorithms, including the International Data Encryption Algorithm encryption algorithm which has been present in PGP almost from the beginning. Instead, it uses a variety of other, non-patented algorithms such as ElGamal encryption, CAST5, Triple DES, AES and Blowfish (cipher). It is still possible to use IDEA in GPG by downloading a plugin for it, however this may require getting a license for some uses in some countries in which IDEA is patented.

GPG is a hybrid encryption software program in that it uses a combination of conventional symmetric key algorithm for speed, and public-key cryptography for ease of secure key exchange, typically by using the recipient s public key to encrypt a session key which is only used once. This mode of operation is part of the Open PGP standard and has been part of PGP from its first version.

=Problems=

The OpenPGP standard specifies several methods of s [http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000160.html]. Most people did not use this method, and were in any case discouraged from doing so, so the damage caused (if any, and none has been publicly reported) would appear to have been minimal. Support for this method has been removed from GPG versions released after this discovery (1.2.4 and later).

GPG is a command-line based system. GPGME is an API wrapper around GPG which parses the output of GPG, and various graphical front-ends based on GPGME have been created. Other software wraps the command line in a Perl script (e.g. gpg-dialog) that is menu based and more user friendly.

=See also=

*PGP *Asymmetric key algorithm *Cryptosystem

=References=

=External links=