GNU Privacy Guard

GNU Privacy Guard (GnuPG or GPG) is a free-software replacement for Symantec's cryptographic software suite PGP.

[5] November 2023 saw two drafts aiming to update the 2007 OpenPGP v4 specification (RFC4880), ultimately resulting in the RFC 9580 standard in July 2024.

Support of IDEA is intended "to get rid of all the questions from folks either trying to decrypt old data or migrating keys from PGP to GnuPG",[10] and hence is not recommended for regular use.

More recent releases of GnuPG 2.x ("modern" and the now deprecated "stable" series) expose most cryptographic functions and algorithms Libgcrypt (its cryptography library) provides, including support for elliptic-curve cryptography (ECDH, ECDSA and EdDSA)[11] in the "modern" series (i.e. since GnuPG 2.1).

[14][12] The German Federal Ministry of Economics and Technology funded the documentation and the port to Microsoft Windows in 2000.

[15][16] On February 7, 2014, a GnuPG crowdfunding effort closed, raising €36,732 for a new website and infrastructure improvements.

For example, GnuPG encryption support has been integrated into KMail and Evolution, the graphical email clients found in KDE and GNOME, the most popular Linux desktops.

The cross-platform extension Enigmail provides GnuPG support for Mozilla Thunderbird and SeaMonkey.

In 2003, due to an error in a change to GnuPG intended to make one of those methods more efficient, a security vulnerability was introduced.

Two further vulnerabilities were discovered in early 2006; the first being that scripted uses of GnuPG for signature verification may result in false positives,[32] the second that non-MIME messages were vulnerable to the injection of data which while not covered by the digital signature, would be reported as being part of the signed message.

This side-channel attack exploits the fact that Libgcrypt used a sliding windows method for exponentiation which leads to the leakage of exponent bits and to full key recovery.

In October 2017, the ROCA vulnerability was announced that affects RSA keys generated by YubiKey 4 tokens, which often are used with PGP/GPG.

Example of usage of GnuPG: As software repository signing key for openSUSE (with ZYpp )