OpenPGP mechanisms

OpenPGP mechanisms #

OpenPGP acts as a toolkit that offers a variety of operations, which may be combined to achieve a variety of goals.

Encryption #

Encryption, which provides confidentiality, is one central facility of OpenPGP.

In a way, encryption is the most non-negotiable element of OpenPGP: When a message is encrypted, only actors who have access to a suitable secret are able to access the contained data.

For modern encryption schemes (like SEIPD v1 and v2, in OpenPGP), once a message has been successfully decrypted, there is no doubt that the plaintext is exactly what the sender intended to transmit. The integrity of the decrypted data is assured.

However, the encryption mechanism in OpenPGP by itself gives no indication about the identity of the sender of the message.

The recipient can only be sure that the message has been encrypted to them, but not by whom.

Signatures #

Signatures are used in many different contexts, in OpenPGP.

The two most important user-facing types of signature in OpenPGP are:

  • Data Signatures, which guarantee the authenticity of the data in a message.
  • Third party identity certifications by which one actor can certify the validity of an identity in another actor’s OpenPGP certificate (such as: “I have verified that this certificate is used by <alice@example.org>”).

Signatures always act as a cryptographic statement by one party, which is machine-readable, and can be inspected and verified by anyone who has access to the signature, the data, and the signer’s certificate.

A signature always makes statements about some data, and exists for the benefit of a verifier. However, signature validation is more subtle than decryption:

For example, while a signature might be valid, the recipient could be misled about the identity of the signing party, or about the signature’s intent.

Certificates and Metadata #

OpenPGP certificates are complex data structures, which combine public key material with identity statements and metadata. They are mostly geared towards use by correspondents of the key-holder.

The metadata in certificates is used for life-cycle operations (such as adding or removing an associated identity) and to signal preferences and capabilities to peers (such as preferred encryption algorithms).

This metadata is cryptographically secured with signatures. The signatures can be verified to confirm that certificate metadata originates from the key-holder and has not been tampered with.

All of this metadata essentially expresses wishes by the keyholder.

However, these wishes are not cryptographically enforced:

For example, technically, a sender could just as easily encrypt to an expired encryption key as they can to a non-expired one. However, OpenPGP software usually honors and enforces the key-holder’s wish that the key should no longer be encrypted to.

Combining encryption and signatures in messages #

OpenPGP messages can combine a signature (or multiple signatures) with encryption.

This is often used to achieve both confidentiality and strong assurance about the identity of the sending party.