Differences between revisions 12 and 13
Revision 12 as of 2021-04-14 10:07:01
Size: 4100
Editor: PaulWise
Comment: add RNP
Revision 13 as of 2021-04-14 10:40:34
Size: 4100
Editor: GuillemJover
Comment: Typo fix
Deletions are marked like this. Additions are marked like this.
Line 26: Line 26:
|| sq-keyring-linter || DebianPkg:sq-keyring-linter || Sequoia keyring linter and fixed tool || || sq-keyring-linter || DebianPkg:sq-keyring-linter || Sequoia keyring linter and fixer tool ||

OpenPGP is the most widely used email encryption standard in the world. It is defined by the OpenPGP Working Group of the Internet Engineering Task Force (IETF) Proposed Standard RFC 4880. The OpenPGP standard was originally derived from PGP (Pretty Good Privacy), first created by Phil Zimmermann in 1991.

OpenPGP is not just used for email encryption however, but also for encryption and verifying the authenticity and integrity of files and for authentication. The most commonly used software for working with OpenPGP in Debian is GnuPG. There are also many software packages that use GnuPG in their backend to provide cryptographic features, and alternatives to GnuPG such as netpgp (wnpp) also exist.

OpenPGP-compatible Software in Debian

GnuPG

GnuPG is a complete and free implementation of the OpenPGP standard. GnuPG allows to encrypt and sign your data and communication, features a versatile key management system as well as access modules for all kinds of public key directories. GnuPG, also known as GPG, is a command line tool with features for easy integration with other applications. A wealth of frontend applications and libraries are available. Version 2 of GnuPG also provides support for S/MIME and Secure Shell (ssh).

More information about GnuPG can be found on its dedicated wiki page.

Stateless OpenPGP interface

This is an IETF draft to document a stateless OpenPGP command-line interface.

Several OpenPGP implementations provide such native interfaces, while others have been created by the Sequoia-PGP team. In Debian, the sqop package provides one such interface.

Other Software

Upstream Name

Package(s)

Description

sq

sq

Command-line interface for Sequoia-PGP

sq-keyring-linter

sq-keyring-linter

Sequoia keyring linter and fixer tool

sqv

sqv

Sequoia command-line verification tool

sqop

sqop

Sequoia SOP implementation

enigmail

enigmail

OpenPGP support for Thunderbird and Debian Icedove

hOpenPGP

libghc-hopenpgp-dev

OpenPGP library in Haskell

hopenpgp-tools

hopenpgp-tools

OpenPGP tools built using hOpenPGP

monkeysign

monkeysign

OpenPGP key signing and exchange for humans

monkeysphere

monkeysphere

leverage the OpenPGP web of trust for SSH and TLS authentication

onak

onak

OpenPGP Key Server

parcimonie

parcimonie

privacy-friendly helper to refresh a GnuPG keyring

RNP

rnp

OpenPGP C++ library and command-line tools

Seahorse

seahorse

GNOME front end for GnuPG

Note: This list is incomplete, help in completing it is appreciated.

Usage by the Debian Project

When joining the Debian project, developers need to identify themselves by providing an OpenPGP key that is signed by at least two existing members of the project. Contributions to the Debian archive are cryptographically signed using the developer's OpenPGP key to protect against forgeries.

The Debian Keyring and other keyrings maintained by keyring-maint are the keyrings that contain those OpenPGP keys which belong to Debian Developers (uploading and non-uploading) and Debian Maintainers.

It is suggested to use a Clean Room environment, such as a Live CD to manage PGP private keys.

There are some best practices for OpenPGP available.


CategorySystemSecurity CategorySoftware