A subjective and somewhat random look at OpenPGP #
This site is a starting point for any readers who want to learn about OpenPGP.
OpenPGP acts as a building block for a diverse range of privacy and security infrastructure, including package integrity validation in many Linux distributions. It is also used for confidentiality by encryption in a wide range of applications.
My main goal is empowerment: OpenPGP has a tendency to seem daunting, but really, it’s not rocket science. This site offers introductory material, combined with links to resources for deeper engagement.
While OpenPGP has a long history (going back to the 1990s “crypto wars” and before1), its latest revision, RFC 9580 from July 2024, modernizes the format to standard state-of-the-art cryptographic mechanisms. Mandatory algorithms in RFC 9580 include SHA-2, Ed25519/X25519 and AEAD (the OCB scheme based on AES). Post-quantum cryptography in OpenPGP is approaching standardization at the IETF.
It’s an exciting time to work with OpenPGP. My hope is that a new crop of hackers, activists and users will carry PGP’s progressive and anti-authoritarian mission further into the 21st century, where digital self-defense and PGP’s original ethos of radical decentralization once again seem distressingly necessary.
See the “About” page for more information about this site and its author.
Other resources #
The canonical documentation on OpenPGP is RFC 9580. However, I found this RFC hard to read before getting an initial understanding of the mechanisms and terminology of OpenPGP.
The text “OpenPGP for application developers” (of which I am one co-author) is intended as a stepping-stone towards reading the OpenPGP RFC(s).
My hope is that these three resources combine in helpful ways for a broad range of readers:
- openpgp.foo (this site),
- openpgp.dev, “OpenPGP for application developers”, and
- RFC 9580, the IETF standard document for “OpenPGP”.
Material on this page #
The content on this site is split into the three following categories (also see the navigation bar on the left).
Learn #
A series of articles that focus on playful exploration of OpenPGP concepts.
Tools #
The “Tools” section introduces a few specific OpenPGP-related tools and contextualizes them.
These tools all serve a clearly delineated purpose, and are designed to be relatively minimalistic. They strive to be easy to comprehend - both for users, and for developers who work on them.
(This is in sharp contrast to for example the gpg tool that serves an extremely wide range of purposes, and is thus massively complex, and very hard to comprehend.)
Blog #
One-off content that might grow into more structured articles later.
-
PGP’s original creator, Phil Zimmermann came from a background as a peace activist in the US, with a focus on a nuclear weapons freeze. In this context, Phil started to work on PGP: “It was in that political climate, in 1984, that I saw the need to develop what would become PGP, both for protecting human rights overseas, and for protecting grassroots political organizations at home.”
Phil went on to fight a multi-year legal battle over the publication of PGP with the US government, which at the time enacted draconian regulation of the publication of cryptographic software.
The history of PGP is deeply entangled with that era of fighting for a human right to digital privacy.
PGP’s original tagline in the 1990s was “Public Key Encryption for the Masses”. ↩︎