The GNU Privacy Guard (GnuPG)

Sometimes you need to encrypt some files or messages to prevent accessing them by unathorized persons. There are several standards and software for this purpose, but the most popular standard that adopted on the Internet is PGP. I will show you how to install and use GNU implementation, which is known as GNU Privacy Guard (GnuPG or GPG). Below is little bit of history of PGP and something about GnuPG, but you do not need to read this if you only want to know how to install and configure your system and/or mail client (MUA) to encrypt files/messages. In the next article you will find links and instructions for Windows and Ubuntu Linux and Thundrbird.

Pretty Good Privacy (PGP)

First version of PGP encryption was found in 1991 by Phil Zimmermann. The name, “Pretty Good Privacy”, is humorously ironic and was inspired by the name of a grocery store, “Ralph’s Pretty Good Grocery”, featured in radio host Garrison Keillor’s fictional town, Lake Wobegon. This first version included a symmetric-key algorithm that Zimmermann had designed himself, named BassOmatic after a Saturday Night Live sketch. Zimmermann had been a long-time anti-nuclear activist, and created PGP encryption so that similarly inclined people might securely use BBSs and securely store messages and files. No license was required for its non-commercial use. There was not even a nominal charge, and the complete source code was included with all copies.
Due to US Export regulations, in 1993 Phil Zimmermann became the formal target of a criminal investigation by the US Government for “munitions export without a license”. Zimmermann challenged these regulations in a curious way. He published the entire source code of PGP in a hardback book, via MIT Press, which was distributed and sold widely. Anybody wishing to build their own copy of PGP could buy the $60 book, cut off the covers, separate the pages, and scan them using an OCR program, creating a set of source code text files. One could then build the application using the freely available GNU Compiler Collection. PGP would thus be available anywhere in the world.
Because of PGP worldwide popularity many people/companies wanted to write their own software that would interoperate with PGP 5. Zimmermann became convinced that an open standard for PGP encryption was critical for them and for the cryptographic community as a whole. In July 1997, PGP Inc. proposed to the IETF that there be a standard called OpenPGP. They gave the IETF permission to use the name OpenPGP to describe this new standard as well as any program that supported the standard. The IETF accepted the proposal and started the OpenPGP Working Group.
OpenPGP is on the Internet Standards Track and is under active development. The current specification is RFC 4880 (November 2007), the successor to RFC 2440. Many e-mail clients provide OpenPGP-compliant email security as described in RFC 3156.
The Free Software Foundation has developed its own OpenPGP-compliant program called GNU Privacy Guard (abbreviated GnuPG or GPG). GnuPG is freely available together with all source code under the GNU General Public License (GPL) and is maintained separately from several Graphical User Interfaces (GUIs) that interact with the GnuPG library for encryption, decryption and signing functions (see KGPG, Seahorse, MacGPG). Several other vendors have also developed OpenPGP-compliant software.


TheGNU Privacy Guard

GnuPG is the GNU project‘s complete and free implementation of the OpenPGP standard as defined by RFC4880. GnuPG allows to encrypt and sign your data and communication, features a versatile key management system as well as access modules for all kinds of public key directories. GnuPG, also known as GPG, is a command line tool with features for easy integration with other applications. A wealth of frontend applications and libraries are available. Version 2 of GnuPG also provides support for S/MIME.

GnuPG is Free Software (meaning that it respects your freedom). It can be freely used, modified and distributed under the terms of the GNU General Public License.

GnuPG comes in two flavours: 1.4.11 is the well known and portable standalone version, whereas 2.0.18 is the enhanced and somewhat harder to build version.

Project Gpg4win provides a Windows version of GnuPG. It is nicely integrated into an installer and features several frontends as well as English and German manuals.

Project GPGTools provides a Mac OS X version of GnuPG. It is nicely integrated into an installer and features all required tools.

Project Aegypten developed the S/MIME functionality in GnuPG 2.


You may also like...

Leave a Reply