What are GPG keys?

I haven’t finished writing this blog post, but I published it so the already-written information can be read by you. I will improve this post one day™.

• PGP (Pretty Good Privacy) is the original proprietary software package
• OpenPGP is the open standard defined by RFC4880
• GnuPG (GNU Privacy Guard), often abbreviated as GPG, is a complete and free implementation of the OpenPGP standard
• gpg is the command used on Unix systems to work with GnuPG

GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 (also known as PGP). GnuPG allows you to encrypt and sign your data and communications; it features a versatile key management system, along with access modules for all kinds of public key directories. GnuPG, also known as GPG, is a command line tool with features for easy integration with other applications. A wealth of frontend applications and libraries are available. GnuPG also provides support for S/MIME and Secure Shell (ssh).

Since its introduction in 1997, GnuPG is Free Software (meaning that it respects your freedom). It can be freely used, modified and distributed under the terms of the GNU General Public License.

GPG (GNU Privacy Guard) and PGP (Pretty Good Privacy) are both cryptographic software used for encryption, decryption, digital signatures, and securing communication. They provide similar functionalities and share common goals of ensuring data confidentiality and integrity, but they have different origins and implementations.

PGP (Pretty Good Privacy)

• Origin: PGP was developed by Phil Zimmermann in the early 1990s. It was initially released as a proprietary software package for encrypting and securing email communications.
• Features: PGP offers various cryptographic functionalities such as encryption, decryption, digital signatures, and secure email communication. It gained popularity for its strong encryption capabilities and was widely used for securing emails and files.
• Ownership: PGP was initially a proprietary software owned by various companies over the years. Symantec Corporation acquired PGP Corporation, which further developed and maintained the PGP software suite.

GPG (GNU Privacy Guard)

• Origin: GPG, on the other hand, is an open-source implementation of the OpenPGP standard. It was developed by Werner Koch and released as free software as part of the GNU Project.
• Compatibility: GPG aims to be compatible with the OpenPGP standard defined in RFC 4880. It implements the OpenPGP protocol for secure communication and encryption.
• Open Source: GPG is distributed under the GNU General Public License (GPL) and is free to use, modify, and distribute. Being open-source, GPG is transparent and subject to community-driven development and scrutiny.

Differences

1. Licensing and Ownership: PGP started as a proprietary software with various ownerships over time, while GPG is an open-source implementation distributed under a free software license.
2. Development Model: GPG’s development is open and community-driven, while PGP’s development was initially proprietary and later continued under commercial entities.
3. Compatibility: Both GPG and PGP adhere to the OpenPGP standard, which means they are designed to be interoperable with each other and other software that follows the same standard.

In summary, while GPG and PGP serve similar purposes and follow the same OpenPGP standard, the key differences lie in their origins, licensing, development models, and ownership history. GPG is a free and open-source implementation of the OpenPGP standard, while PGP was initially a proprietary software later maintained by commercial entities.

If you’re familiar with cryptography, you can jump to the next section.

Public-key cryptography, or asymmetric cryptography, is the field of cryptographic systems that use pairs of related keys. Each key pair consists of a public key and a corresponding private key. Key pairs are generated with cryptographic algorithms based on mathematical problems termed one-way functions. Security of public-key cryptography depends on keeping the private key secret; the public key can be openly distributed without compromising security.

In a public-key encryption system, anyone with a public key can encrypt a message, yielding a ciphertext, but only those who know the corresponding private key can decrypt the ciphertext to obtain the original message.