Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [pgp]

The OpenPGP encrypted data format (RFC 4880), and its implementations PGP and GnuPG.

PGP

Pretty Good Privacy (PGP) encryption program provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. Phil Zimmermann developed PGP in 1991.

GPG

GNU Privacy Guard (GnuPG or GPG) is a free software replacement for Symantec's PGP cryptographic software suite. GnuPG is compliant with RFC 4880, which is the IETF standards track specification of OpenPGP. Modern versions of PGP and Veridis' Filecrypt are interoperable with GnuPG and other OpenPGP-compliant systems.

253 questions
11
votes
2 answers

Is a 1024-bit DSA key considered safe?

I created my PGP key in 2000. I’ve revoked the older, weaker sub-keys in favor of a 4096-bit RSA one, but the primary key is 1024-bit DSA. I read on Wikipedia that… NIST 800-57 recommends lengths of 2048 for keys with security lifetimes extending…
bdesham
  • 215
  • 1
  • 2
  • 9
10
votes
1 answer

Why does "gpg --export-secret-keys" ask for a password?

What is it about the architecture of GPG that requires me to enter the password of the secret key when I export it with "gpg --export-secret-keys"? I would expect that gpg can just copy the relevant part out of the keyring and dump it into a file,…
hut
  • 329
  • 2
  • 8
5
votes
1 answer

Can gnupg master key decrypt something encrypted with subkey?

When creating gpg subkeys, the master key signs and certifies that a subkey belongs to that master. That's ok, but, can master key decrypt something encrypted by a subkey? I guess no, but I want to be 100% sure. Am I right or I misunderstood?
Albert Inmand
  • 53
  • 3
4
votes
1 answer

Where is Web of Trust being used?

I've been trying to find specific examples of where Web of Trust is being used today, but there seems to be little information about this. Are there any businesses using Web of Trust today? What do they use it for?
martin
  • 141
  • 1
4
votes
1 answer

Service to expose all encrypted messages its users sent. How protected would this data be?

I have recently started a new side project for an open-source messaging system with end-to-end encryption. My key idea with this project is that everything should be as transparent as possible, with the server only being an intermediary - a…
JohnSomeone
  • 143
  • 3
3
votes
2 answers

Can GnuPG be used with a login system?

I was thinking about creating a proof of concept for the following type of website login system. Instead of passwords being used, on account creation, a public GnuPG key is uploaded to the server, and that serves as the main form of authentication…
James
  • 133
  • 3
3
votes
0 answers

Multiple signature encryption with GnuPG

I'm aware that GnuPG encrypts for multiple recipients, but is there any way to build a multisig, say, 2 of 5 signatures with GPG? So having a file encrypted for the following recipients needs at least two of the five to decrypt it: gpg --encrypt \ …
user105841
  • 31
  • 1
2
votes
2 answers

Is OpenPGP vulnerable to the "crypto doom principle"?

From reading RFC 2015 (MIME security with PGP), and from looking at the raw format of (GnuPG) encrypted and digitally signed email messages, it seems that first a signature is calculated from the plain text message, and then both are encrypted. My…
wmnorth
  • 252
  • 2
  • 11
2
votes
1 answer

PGP signature on literal data packet

I read from PGP spec RFC 1991, section 6.1 (August 1996): The exclusion of the other fields ensures that detached signatures are exactly the same as attached signatures prefixed to the message. Detached signatures are calculated on a separate file…
pianobegginer
  • 49
  • 5
2
votes
1 answer

Is it possible to get the PGP public key from PGP message?

Is it possible to get the public key from PGP message in PEM(Base64) format? Here is the message: -----BEGIN PGP…
ZenXiu
  • 21
  • 2
2
votes
1 answer

Why is GnuPG changing first two characters of ascii armored public key after downloading it from the key server?

When I look at my public key on the key server, the first two characters of the ASCII-Armored data section (as defined in section 6.2 of RFC 4880, which defines the structure of the ASCII-Armored OpenPGP Message Format) differ from the first to…
Alex V
  • 121
  • 3
2
votes
0 answers

How does OpenPGP handles situation when signatures on one OpenPGP key contradict each other?

For example, I was on a key signing party. After a party, one person signed my key with full trust and sent this signature to me by email. Then that person changed their mind and signed my key with marginal trust and uploaded that signature to a key…
user652061
  • 145
  • 5
2
votes
1 answer

Possible to detect if a message is PGP encrypted/signed (ciphertext)

Let's say I have a text field somewhere (i.e. an interactive user submitted text field on a PHP script, or a console application. Basically anything that accepts user input.) How can I detect if said text field contains only a PGP encrypted/signed…
anonymous
  • 21
  • 1
1
vote
0 answers

Web of trust assigning level of trust to someone's public key without directly signing it's key

Having this web of trust scheme, I have a question concerning third scenario in which we assign Dharma and Chloe a marginal trust. In case of Dharma the situation is clear, we sign her public key and assign our marginal trust in it. But how…
ksi3m
  • 53
  • 2
1
vote
1 answer

Is gpg -c safe if an attacker can see multiple versions of a file?

Let's say I have a text file, and I modify it slightly 20 times, and I encrypt each modification using gpg -c (with the same 20 chars secure password). If the attacker has access to the 20 encrypted versions, is the decryption time lower? In this…
user3452345
  • 11
  • 1
1
2 3