Misplaced Pages

#402597

50-803: November 2023 saw two drafts aiming to update the 2007 OpenPGP v4 specification (RFC4880), ultimately resulting in the RFC 9580 proposed standard in July 2024. The proposal from the GnuPG developers is called LibrePGP. GnuPG is part of the GNU Project and received major funding from the German government in 1999. GnuPG is a hybrid-encryption software program because it uses a combination of conventional symmetric-key cryptography for speed, and public-key cryptography for ease of secure key exchange, typically by using

100-478: A "+ 0.1" higher version number (e.g. 2.2, 2.0, 1.4); hence branches 2.2 and 2.1 both belong to the "modern" series, 2.0 and 1.9 both to the "stable" series, while the branches 1.4 and 1.3 both belong to the "classic" series. With the release of GnuPG 2.3.0, this nomenclature was altered to be composed of a "stable" and "LTS" branch from the "modern" series, plus 1.4 as the last maintained "classic" branch. Also note that even or odd minor release numbers do not indicate

150-471: A GnuPG crowdfunding effort closed, raising € 36,732 for a new website and infrastructure improvements. Since the release of a stable GnuPG 2.3, starting with version 2.3.3 in October 2021, three stable branches of GnuPG are actively maintained: Before GnuPG 2.3, two stable branches of GnuPG were actively maintained: Different GnuPG 2.x versions (e.g. from the 2.2 and 2.0 branches) cannot be installed at

200-455: A Linux distribution) qualifies as free (libre), and helps distribution developers make their distributions qualify. The list mostly describes distributions that are a combination of GNU packages with a Linux-libre kernel (a modified Linux kernel that removes binary blobs, obfuscated code, and portions of code under proprietary licenses) and consist only of free software (eschewing proprietary software entirely). Distributions that have adopted

250-703: A Unix system so that one could get along without any software that is not free." Development was initiated in January 1984. In 1991, the Linux kernel appeared, developed outside the GNU project by Linus Torvalds , and in December 1992 it was made available under version 2 of the GNU General Public License . Combined with the operating system utilities already developed by the GNU project, it allowed for

300-767: A basis for the GNU Project, as it was portable and "fairly clean". When the GNU project first started they had an Emacs text editor with Lisp for writing editor commands, a source level debugger , a yacc -compatible parser generator, and a linker . The GNU system required its own C compiler and tools to be free software, so these also had to be developed. By June 1987, the project had accumulated and developed free software for an assembler , an almost finished portable optimizing C compiler ( GCC ), an editor ( GNU Emacs ), and various Unix utilities (such as ls , grep , awk , make and ld ). They had an initial kernel that needed more updates. Once

350-619: A full key recovery for RSA-1024 and about more than 1/8th of RSA-2048 keys. This side-channel attack exploits the fact that Libgcrypt used a sliding windows method for exponentiation which leads to the leakage of exponent bits and to full key recovery. Again, an updated version of GnuPG was made available at the time of the announcement. In October 2017, the ROCA vulnerability was announced that affects RSA keys generated by YubiKey 4 tokens, which often are used with PGP/GPG. Many published PGP keys were found to be susceptible. Around June 2018,

400-478: A fully free (libre) GNU/Linux distribution. From the mid-1990s onward, with many companies investing in free software development, the Free Software Foundation redirected its funds toward the legal and political support of free software development. Software development from that point on focused on maintaining existing projects, and starting new projects only when there was an acute threat to

450-420: A license for some uses in countries in which IDEA was patented. Starting with versions 1.4.13 and 2.0.20, GnuPG supports IDEA because the last patent of IDEA expired in 2012. Support of IDEA is intended "to get rid of all the questions from folks either trying to decrypt old data or migrating keys from PGP to GnuPG", and hence is not recommended for regular use. More recent releases of GnuPG 2.x ("modern" and

500-460: A number of front-ends for OS integration of encryption and key management as well as GnuPG installations via Installer packages for macOS . GPG Suite installs all related OpenPGP applications (GPG Keychain), plugins ( GPG Mail ) and dependencies (MacGPG), along with GPG Services (integration into macOS Services menu) to use GnuPG based encryption. Instant messaging applications such as Psi and Fire can automatically secure messages when GnuPG

550-406: A result, any user who obtains the software legally has the same freedoms as the rest of its users do. The GNU Project and the Free Software Foundation sometimes differentiate between "strong" and "weak" copyleft. "Weak" copyleft programs typically allow distributors to link them together with non-free programs, while "strong" copyleft strictly forbids this practice. Most of the GNU Project's output

SECTION 10

#1732801971403

600-562: A stable or development release branch, anymore.) Although the basic GnuPG program has a command-line interface , there exists various front-ends that provide it with a graphical user interface . For example, GnuPG encryption support has been integrated into KMail and Evolution , the graphical email clients found in KDE and GNOME , the most popular Linux desktops. There are also graphical GnuPG front-ends, for example Seahorse for GNOME and KGPG and Kleopatra for KDE. GPGTools provides

650-489: A standard Windows installer, making it easier for GnuPG to be installed and used on Windows systems. The OpenPGP standard specifies several methods of digitally signing messages. In 2003, due to an error in a change to GnuPG intended to make one of those methods more efficient, a security vulnerability was introduced. It affected only one method of digitally signing messages, only for some releases of GnuPG (1.0.2 through 1.2.3), and there were fewer than 1000 such keys listed on

700-457: A variety of ways, such as Internet key servers . They must always be exchanged carefully to prevent identity spoofing by corrupting public key ↔ "owner" identity correspondences. It is also possible to add a cryptographic digital signature to a message, so the message integrity and sender can be verified, if a particular correspondence relied upon has not been corrupted. GnuPG also supports symmetric encryption algorithms. By default, GnuPG uses

750-469: A version of GNU/Hurd that is suitable for production environments since the commencement of the GNU/Hurd project over 33 years ago. A stable version (or variant) of GNU can be run by combining the GNU packages with the Linux kernel , making a functional Unix-like system. The GNU project calls this GNU/Linux, and the defining features are the combination of: Within the GNU website, a list of projects

800-521: Is installed and configured. Web-based software such as Horde also makes use of it. The cross-platform extension Enigmail provides GnuPG support for Mozilla Thunderbird and SeaMonkey . Similarly, Enigform provides GnuPG support for Mozilla Firefox . FireGPG was discontinued June 7, 2010. In 2005, g10 Code GmbH and Intevation GmbH released Gpg4win , a software suite that includes GnuPG for Windows, GNU Privacy Assistant, and GnuPG plug-ins for Windows Explorer and Outlook . These tools are wrapped in

850-487: Is laid out and each project has specifics for what type of developer is able to perform the task needed for a certain piece of the GNU project. The skill level ranges from project to project but anyone with background knowledge in programming is encouraged to support the project. The packaging of GNU tools, together with the Linux kernel and other programs, is usually called a Linux distribution (distro). The GNU Project calls

900-482: Is not installable on Windows Me or any prior versions of Windows. Depending on the vendor, end-of-life may differ from end of service life, which has the added distinction that a vendor of systems or software will no longer provide maintenance, troubleshooting or other support. Such software that is abandoned service-wise by the original developers is also called abandonware . Sometimes, software vendors hand over software on end-of-life, end-of-sale or end-of-service to

950-682: Is not profitable, to demonstrate good faith and to retain a reputation of durability. Minimum service lifetimes are also mandated by law for some products in some jurisdictions. Alternatively, some producers may discontinue maintenance of a product in order to force customers to upgrade to newer products. In the computing arena, the concept of end-of-life has significance in the production, supportability and purchase of software and hardware products. For example, Microsoft marked Windows 98 for end-of-life on June 30, 2006. Software produced after that date may not work for it. Microsoft's product Office 2007 (released on November 30, 2006), for instance,

1000-550: Is now independently managed by the GNOME Project . GNU Enterprise ( GNUe ) was a meta-project started in 1996, and can be regarded as a sub-project of the GNU Project. GNUe's goal is to create free "enterprise-class data-aware applications" ( enterprise resource planners , etc.). GNUe is designed to collect Enterprise software for the GNU system in a single location (much like the GNOME project collects Desktop software),it

1050-490: Is released under a strong copyleft, although some is released under a weak copyleft or a lax, push-over free software license. The first goal of the GNU project was to create a whole free-software operating system. Because UNIX was already widespread and ran on more powerful machines, compared to contemporary CP/M or MS-DOS machines of time, it was decided it would be a Unix-like operating system. Richard Stallman later commented that he considered MS-DOS "a toy". By 1992,

SECTION 20

#1732801971403

1100-562: Is the same detailed history as at their web site. The GNU Manifesto was written by Richard Stallman to gain support and participation in the GNU Project. In the GNU Manifesto, Stallman listed four freedoms essential to software users: freedom to run a program for any purpose, freedom to study the mechanics of the program and modify it, freedom to redistribute copies, and freedom to improve and change modified versions for public use. To implement these freedoms, users needed full access to

1150-446: Is to give computer users freedom and control in their use of their computers and computing devices by collaboratively developing and publishing software that gives everyone the rights to freely run the software, copy and distribute it, study it, and modify it. GNU software grants these rights in its license . In order to ensure that the entire software of a computer grants its users all freedom rights (use, share, study, modify), even

1200-565: The AES symmetrical algorithm since version 2.1, CAST5 was used in earlier versions. GnuPG does not use patented or otherwise restricted software or algorithms. Instead, GnuPG uses a variety of other, non-patented algorithms. For a long time, it did not support the IDEA encryption algorithm used in PGP. It was in fact possible to use IDEA in GnuPG by downloading a plugin for it, however, this might require

1250-580: The SigSpoof attacks were announced. These allowed an attacker to convincingly spoof digital signatures. In January 2021, Libgcrypt 1.9.0 was released, which was found to contain a severe bug that was simple to exploit. A fix was released 10 days later in Libgcrypt 1.9.1. GNU Project The GNU Project ( / ɡ n uː / ) is a free software , mass collaboration project announced by Richard Stallman on September 27, 1983. Its goal

1300-556: The free software community . One of the most notable projects of the GNU Project is the GNU Compiler Collection , whose components have been adopted as the standard compiler system on many Unix-like systems. The copyright of most works by the GNU Project is owned by the Free Software Foundation. The GNOME desktop effort was launched by the GNU Project because another desktop system, KDE ,

1350-458: The kernel and the compiler were finished, GNU was able to be used for program development . The main goal was to create many other applications to be like the Unix system. GNU was able to run Unix programs but was not identical to it. GNU incorporated longer file names, file version numbers, and a crash-proof file system. The GNU Manifesto was written to gain support and participation from others for

1400-415: The source code . To ensure code remained free and provide it to the public, Stallman created the GNU General Public License (GPL), which allowed software and the future generations of code derived from it to remain free for public use. Although most of the GNU Project's output is technical in nature, it was launched as a social, ethical, and political initiative. As well as producing software and licenses,

1450-510: The GNU FSDG include Dragora GNU/Linux-Libre , GNU Guix System , Hyperbola GNU/Linux-libre , Parabola GNU/Linux-libre , Trisquel GNU/Linux , PureOS , and a few others. The Fedora Project's distribution license guidelines were used as a basis for the FSDG. The Fedora Project's own guidelines, however, currently do not follow the FSDG, and thus the GNU Project does not consider Fedora to be

1500-423: The GNU Project has published a number of writings, the majority of which were authored by Richard Stallman. The GNU project uses software that is free for users to copy, edit, and distribute. It is free in the sense that users can change the software to fit individual needs. The way programmers obtain the free software depends on where they get it. The software could be provided to the programmer from friends or over

1550-456: The GNU project had completed all of the major operating system utilities, but had not completed their proposed operating system kernel , GNU Hurd . With the release of the Linux kernel , started independently by Linus Torvalds in 1991, and released under the GPLv2 with version 0.12 in 1992, for the first time it was possible to run an operating system composed completely of free software. Though

GNU Privacy Guard - Misplaced Pages Continue

1600-460: The Internet, or the company a programmer works for may purchase the software. Proceeds from associate members, purchases, and donations support the GNU Project. Copyleft is what helps maintain free use of this software among other programmers. Copyleft gives the legal right to everyone to use, edit, and redistribute programs or programs' code as long as the distribution terms do not change. As

1650-507: The Linux kernel is not part of the GNU project, it was developed using GCC and other GNU programming tools and was released as free software under the GNU General Public License . Most compilation of the Linux kernel is still done with GNU toolchains, but it is currently possible to use the Clang compiler and the LLVM toolchain for compilation. As of present, the GNU project has not released

1700-456: The combination of GNU and the Linux kernel "GNU/Linux", and asks others to do the same, resulting in the GNU/Linux naming controversy . Most Linux distros combine GNU packages with a Linux kernel which contains proprietary binary blobs . The GNU Free System Distribution Guidelines (GNU FSDG) is a system distribution commitment that explains how an installable system distribution (such as

1750-491: The first operating system that was free software, commonly known as Linux . The project's current work includes software development, awareness building, political campaigning, and sharing of new material. Richard Stallman announced his intent to start coding the GNU Project in a Usenet message in September 1983. Despite never having used Unix prior, Stallman felt that it was the most appropriate system design to use as

1800-480: The key servers. Most people did not use this method, and were in any case discouraged from doing so, so the damage caused (if any, since none has been publicly reported) would appear to have been minimal. Support for this method has been removed from GnuPG versions released after this discovery (1.2.4 and later). Two further vulnerabilities were discovered in early 2006; the first being that scripted uses of GnuPG for signature verification may result in false positives ,

1850-670: The last production date depends on the product and relates to the expected product lifetime from a customer's point of view. Different lifetime examples include toys from fast food chains (weeks or months), mobile phones (3 years) and cars (10 years). Product support during EOL varies by product. For hardware with an expected lifetime of 10 years after production ends, the support includes spare parts, technical support and service. Spare-part lifetimes are price-driven due to increasing production costs, as high-volume production sites are often closed when series production ends. Manufacturers may also continue to offer parts and services even when it

1900-475: The most fundamental and important part, the operating system (including all its numerous utility programs) needed to be free software. Stallman decided to call this operating system GNU (a recursive acronym meaning " GNU's not Unix! "), basing its design on that of Unix , a proprietary operating system. According to its manifesto, the founding goal of the project was to build a free operating system, and if possible, "everything useful that normally comes with

1950-429: The now deprecated "stable" series) expose most cryptographic functions and algorithms Libgcrypt (its cryptography library) provides, including support for elliptic-curve cryptography (ECDH, ECDSA and EdDSA) in the "modern" series (i.e. since GnuPG 2.1). As of 2.3 or 2.2 versions, GnuPG supports the following algorithms: GnuPG was initially developed by Werner Koch . The first production version, version 1.0.0,

2000-523: The product is at the end of its useful life (from the vendor's point of view). At this stage, a vendor stops the marketing , selling, or provisioning of parts, services, or software updates for the product. The vendor may simply intend to limit or end support for the product. In the specific case of product sales, a vendor may employ the more specific term " end-of-sale " (" EOS "). All users can continue to access discontinued products, but cannot receive security updates and technical support. The time-frame after

2050-491: The project. Programmers were encouraged to take part in any aspect of the project that interested them. People could donate funds, computer parts, or even their own time to write code and programs for the project. The origins and development of most aspects of the GNU Project (and free software in general) are shared in a detailed narrative in the Emacs help system. (C-h g runs the Emacs editor command describe-gnu-project .) It

GNU Privacy Guard - Misplaced Pages Continue

2100-587: The recipient's public key to encrypt a session key which is used only once. This mode of operation is part of the OpenPGP standard and has been part of PGP from its first version. The GnuPG 1.x series uses an integrated cryptographic library, while the GnuPG ;2.x series replaces this with Libgcrypt . GnuPG encrypts messages using asymmetric key pairs individually generated by GnuPG users. The resulting public keys may be exchanged with other users in

2150-418: The release of GnuPG 2.0, all stable releases originated from a single branch; i.e., before November 13, 2006, no multiple release branches were maintained in parallel. These former, sequentially succeeding (up to 1.4) release branches were: (Note that before the release of GnuPG 2.3.0, branches with an odd minor release number (e.g. 2.1, 1.9, 1.3) were development branches leading to a stable release branch with

2200-426: The same time. However, it is possible to install a "classic" GnuPG version (i.e. from the 1.4 branch) along with any GnuPG 2.x version. Before the release of GnuPG 2.2 ("modern"), the now deprecated "stable" branch (2.0) was recommended for general use, initially released on November 13, 2006. This branch reached its end-of-life on December 31, 2017; Its last version is 2.0.31, released on December 29, 2017. Before

2250-484: The second that non-MIME messages were vulnerable to the injection of data which while not covered by the digital signature, would be reported as being part of the signed message. In both cases updated versions of GnuPG were made available at the time of the announcement. In June 2017, a vulnerability (CVE-2017-7526) was discovered within Libgcrypt by Bernstein, Breitner and others: a library used by GnuPG, which enabled

2300-444: The user community, to allow them to provide service and further upgrades themselves. Notable examples are the web browser Netscape Communicator , which was released in 1998 by Netscape Communications under an open-source license to the public, and the office suite StarOffice , which was released by Sun Microsystems in October 2000 as OpenOffice.org ( LibreOffice forked from this). Sometimes, software communities continue

2350-423: Was GNOME, which tackled the same issue from a different angle. It aimed to make a replacement for KDE that had no dependencies on proprietary software. The Harmony project did not make much progress, but GNOME developed very well. Eventually, the proprietary component that KDE depended on ( Qt ) was released as free software. GNOME has since dissociated itself from the GNU Project and the Free Software Foundation, and

2400-519: Was becoming popular but required users to install Qt , which was then proprietary software . To prevent people from being tempted to install KDE and Qt, the GNU Project simultaneously launched two projects. One was the Harmony toolkit . This was an attempt to make a free software replacement for Qt. Had this project been successful, the perceived problem with the KDE would have been solved. The second project

2450-559: Was later Decommissioned . In 2001, the GNU Project received the USENIX Lifetime Achievement Award for "the ubiquity, breadth, and quality of its freely available redistributable and modifiable software, which has enabled a generation of research and commercial development". End-of-life (product) An end-of-life product ( EOL product ) is a product at the end of the product lifecycle , which prevents users from receiving updates, indicating that

2500-477: Was released on September 7, 1999, almost two years after the first GnuPG release (version 0.0.0). The German Federal Ministry of Economics and Technology funded the documentation and the port to Microsoft Windows in 2000. GnuPG is a system compliant to the OpenPGP standard, thus the history of OpenPGP is of importance; it was designed to interoperate with PGP , an email encryption program initially designed and developed by Phil Zimmermann . On February 7, 2014,

#402597