Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [pgp]

The OpenPGP encrypted data format (RFC 4880), and its implementations PGP and GnuPG.

PGP

Pretty Good Privacy (PGP) encryption program provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. Phil Zimmermann developed PGP in 1991.

GPG

GNU Privacy Guard (GnuPG or GPG) is a free software replacement for Symantec's PGP cryptographic software suite. GnuPG is compliant with RFC 4880, which is the IETF standards track specification of OpenPGP. Modern versions of PGP and Veridis' Filecrypt are interoperable with GnuPG and other OpenPGP-compliant systems.

259 questions
59
votes
2 answers

Is the software that uses PGP broken, or is it PGP itself?

PGP is all over the news (even on TV) and there seems to be a lot of confusion about it. For the time being, people face articles like Attention PGP users: new vulnerabilities require you to take action now which tell readers to deactivate their PGP…
Mike Edward Moras
  • 18,161
  • 12
  • 87
  • 240
31
votes
2 answers

How does one verify a GPG/PGP key revocation?

After revoking a key and sending the revocation to MIT's keyserver, I noticed that the key is listed as such: pub 2048R/XXXXXXXX 2011-01-01 *** KEY REVOKED *** [not verified] Who is responsible for the 'verification of the revocation'? Does the…
earthmeLon
  • 440
  • 6
  • 12
27
votes
2 answers

Why did TLS 1.3 prohibit PGP authentication?

There is a specification, in Informational(!) RFC 6091, for using PGP keys in TLS authentication, although I don’t think it has ever been implemented outside of GnuTLS (it’s certainly not in OpenSSL). Yet the TLS 1.3 RFC 8446 §4.4.2 goes as far as…
Alex Shpilkin
  • 370
  • 3
  • 11
24
votes
3 answers

Why is Curve25519 in the GPG “expert” options?

The only way to access the Curve25519 curve in GPG is through gpg --expert --full-gen-key. From my knowledge, Curve25519 is one of the most secure (and fast) elliptic curves in cryptography. So why is RSA fine, but Curve25519 is considered a risk…
Richard R. Matthews
  • 4,545
  • 9
  • 31
  • 49
23
votes
2 answers

How can I remove my personal data from my PGP public key?

According to this Q&A-discussion it is possible to remove all personal data (name and mail address) that is attached to a public key. What steps do I have to follow in order to remove all personal data? Will that modified public key still allow me…
dialogik
  • 377
  • 1
  • 2
  • 6
20
votes
4 answers

Is compressing data prior to encryption necessary to reduce plaintext redundancy?

As explained in William Stallings' Book, in PGP encryption is done after compression, since it reduces redundancy. I couldn't relate encryption strength with redundancy. Could anyone explain more on that?
user5507
  • 1,933
  • 5
  • 21
  • 29
18
votes
2 answers

Is bcrypt better than GnuPG's iterated+salted hashing method?

GnuPG has slow hash built-in in form of iterated+salted S2K. Does it have disadvantages in comparison with bcrypt or scrypt? Is GnuPG's slow hash method easily automated in GPUs?
Andrei Botalov
  • 379
  • 5
  • 12
16
votes
5 answers

Is there an intuitive explanation as to why only the private key can decrypt a message encrypted with the public key?

I have just learned about using PGP/GPG for email encryption and one thing bugs me: How is it possible that a message encrypted with somebody's public key can be decrypted only with that person's private key? This concept of asymmetric encryption is…
king_julien
  • 431
  • 4
  • 8
15
votes
3 answers

If PGP and GPG both follow the OpenPGP standard, are they 100% compatible in all use cases?

If someone gives me their PGP key, can I use it with GPG, and vice versa, all the time (100% interchangeable)? Or are there times when they are not compatible, when only PGP can be used with a PGP key, and only GPG used with a GPG key?
trusktr
  • 261
  • 1
  • 2
  • 6
13
votes
1 answer

What was the BassOmatic cipher, and what made it so weak?

According to Wikipedia, this homebrew cipher was originally used in PGP, before Phil Zimmermann replaced it with IDEA. Supposedly, insecurities in the algorithm were pointed out to him, leading to this change. While I have read the PGP 1.0 source…
forest
  • 15,626
  • 2
  • 49
  • 103
12
votes
1 answer

Why does gnupg create 4 separate keys and what does sub and ssb mean?

When using gpg to create a single key, I get: $ gpg --list-keys ------------------------------- pub 2048R/0C0EA301 2018-01-01 uid [ultimate] sub 2048R/023A0509 2018-01-01 $ gpg --list-secret-keys ------------------------------- sec …
zcaudate
  • 233
  • 2
  • 6
12
votes
2 answers

Why is there the option to use NIST P-256 in GPG?

I am surely not an expert on the field, but I heard some people say that NIST P-256 somehow has backdoors. I don't know about the seriousness of this claim; maybe it's just a conspiracy theory. If there is some truth to the hearsay, why is NIST…
Richard R. Matthews
  • 4,545
  • 9
  • 31
  • 49
11
votes
2 answers

Is a 1024-bit DSA key considered safe?

I created my PGP key in 2000. I’ve revoked the older, weaker sub-keys in favor of a 4096-bit RSA one, but the primary key is 1024-bit DSA. I read on Wikipedia that… NIST 800-57 recommends lengths of 2048 for keys with security lifetimes extending…
bdesham
  • 215
  • 1
  • 2
  • 9
11
votes
1 answer

Alice trusts Bob only when Bob trusts Alice

some story first: Alice and Bob both have public/private key pairs. Now Bob wants Alice to sign his public key id. Alice agrees but only when Bob signs the public key id of her. Is this something that can be achieved? at the end, the signatures…
esskar
  • 373
  • 1
  • 11
10
votes
3 answers

Why does OpenPGP encryption produce different ciphertexts from the same plain text?

With the same plain text to be encrypted and the same public key, OpenPGP tends to produce a different ciphertext every time I run the encryption operation. Why is this?
torstack45
  • 111
  • 3
1
2 3
17 18