Skip to content

GnuPG

links: AC2 TOC DPKI - Index


PGP (Pretty Good Privacy)

  • can be used to encrypt and digitally sign files and e-mails
  • Data is at rest or transmitted unidirectionally \(\rightarrow\) no secure channel!
  • PGP certificates are public key certificates with one or more identity labels tied to it

GnuPG (GPG, GNU Privacy Guard)

  • free version of PGP, with library (libgcrypt)
  • provides common cryptographic primitives & implementation of OpenPGP
  • used for: secure e-mail, encrypt files, sign files

PGP Certificate

  • PGP Version
  • Holder's public key: RSA or DSA
  • Holder information: identity information (name, user ID, ...)
  • Holder digital signature: "self-signature", signature using the private key
  • Validity period: start and expiration date
  • Preferred symmetric encryption algorithm: e.g. CAST, IDEA, Triple-DES, AES, ...

PGP Certification: one certificate may be signed by multiple entities (persons)

Key validity

PGP Private Keyring

  • stores private/public key pairs:
    • timestamp
    • key ID (indexed)
    • public key
    • encrypted private key (with passphrase)
    • user ID (indexed)

PGP Public Keyring

  • stores public key pairs, certificate and trust status:
    • timestamp
    • key ID (indexed)
    • public key
    • user ID (indexed)
    • owner trust:
      • unknown user
      • usually not trusted to sign
      • usually trusted to sign
      • always trusted to sign
      • ultimately trusted (own key in private keyring)
    • signature(s)
    • signature trust(s): copy of owner trust of the signer
    • validity of public key

Key validity calculation

  • if at least one signature trust is ultimate, then the validity of the key is 1 (complete)
  • otherwise, a weighted sum of the signature trust values is computed (always trusted signature have more weight as usually trusted)

links: AC2 TOC DPKI - Index