OpenPGP is the most widely used email encryption standard. It is defined by the OpenPGP Working Group of the Internet Engineering Task Force (IETF) as a Proposed Standard in RFC 4880. OpenPGP was originally derived from the PGP software, created by Phil Zimmermann.

Although OpenPGP’s main purpose is end-to-end encrypted email communication, it is also utilized for encrypted messaging and other use cases such as password managers.

OpenPGP is available for all major platforms, such as Windows, Mac OS, GNU/Linux, Android, and iOS.

OpenPGP is on the Internet Standards Track and is under active development. Many e-mail clients provide OpenPGP-compliant email security as described in RFC 3156. The current specification is RFC 4880 (November 2007), the successor to RFC 2440. RFC 4880 specifies a suite of required algorithms consisting of ElGamal encryption, DSA, Triple DES and SHA-1. In addition to these algorithms, the standard recommends RSA as described in PKCS #1 v1.5 for encryption and signing, as well as AES-128, CAST-128 and IDEA. Beyond these, many other algorithms are supported. The standard was extended to support Camellia cipher by RFC 5581 in 2009, and signing and key exchange based on Elliptic Curve Cryptography (ECC) (i.e. ECDSA and ECDH) by RFC 6637 in 2012. Support for ECC encryption was added by the proposed RFC 4880bis in 2014.

Typical devices that OpenPGP can run on are smart cards, such as Java Card, or a USB security token. In cryptography, the OpenPGP card is an ISO/IEC 7816-4, -8 compatible smart card that is integrated with many OpenPGP functions. Using this smart card, various cryptographic tasks (encryption, decryption, digital signing/verification, authentication etc.) can be performed. It allows secure storage of secret key material; all versions of the protocol state, “Private keys and passwords cannot be read from the card with any command or function.” However, new key pairs may be loaded onto the card at any time, overwriting the existing ones.

The original OpenPGP card was built on BasicCard, and remains available at retail. Several mutually compatible JavaCard implementations of the OpenPGP Card’s interface protocol are available as open source software and can be installed on generic JavaCard smart cards, including NFC-enabled cards. Nitrokey and Yubico provide USB tokens implementing the same protocol through smart card emulation.

The smart card daemon, in combination with the supported smart card readers, as implemented in GnuPG, can be used for many cryptographic applications. With gpg-agent in GnuPG 2, an ssh-agent implementation using GnuPG, an OpenPGP card can be used for SSH authentication also.

Related Products