Introduction to OpenPGP cryptography

History

The first version of the computer program PGP (r) was created in 1991 by Philip Zimmermann. In 1997 PGP Inc., owner of PGP (r) at that time proposed to IETF to be created a standard called OpenPGP, described in RFC 4880 and RFC 2440. After that time PGP (r) and all similar products follow the standard.

How OpenPGP works

OpenPGP is based on public key encryption (PKI). Below is a simple picture illustrating encryption and decryption of a file with OpenPGP.

OpenPGP encryption scheme

Features

  • can digitally sign the encrypted message and afterwords verify signatures (supported hash algorithms: SHA1, SHA256, MD5, etc.)
  • asymmetric encryption with pairs of public and private keys, creates random session keys, uses them to encrypt files with a symmetric algorithm, and adds the session key encrypted with the recipient public key (supported symmetric algorithms: AES, DES, Twofish, Cast5, etc.)
  • the encrypted files can be either in binary format or ASCII format (called ASCII armored)
  • keeps private keys encrypted
  • signs third party public keys
  • the encrypted file can be compressed (ZIP, ZLib, BZip2) or uncompressed
  • the private key contains a copy of the public key within itself, so in case the public key is lost it can be recovered.
  • keys can be revoked with revocation certificates and designated revokers, even if we have lost the password for our private key

File name extensions

Current implementations of the OpenPGP encryption use .asc as a file name extension for public and private key files. Older implementations used .pgp and .pgpkey.

Encrypted files have usually file name extension .pgp for binary format and .asc for ASCII armored format.

Continue to: