Public key ciphers also have flaws. First, encryption / decryption operations require significantly more computational resources and, accordingly, are performed more slowly than with the use of symmetric ciphers. Secondly, public key algorithms have certain features that make them difficult to use and make it undesirable to use these algorithms for encrypting large amounts of data. Public key ciphers, however, are effective in distributing keys of symmetric ciphers and it is for this purpose that they are used in hybrid cryptosystems.

The hybrid cipher uses both a symmetric cipher and a public key cipher. First, a random key is generated for a symmetric cipher, called a session key. The message is encrypted with a symmetric cipher using a session key. Then the session key is encrypted with the recipient's public key. A session key encrypted with a public key cipher and a message encrypted with a symmetric cipher are automatically merged together. The recipient uses his secret key to decrypt the session key and then uses the received session key to decrypt the message. Since the key of the symmetric cipher is transferred in a secure manner, a new session key is generated for each message. Additionally, it becomes possible to encrypt a message for several recipients at once, and several copies of the session key encrypted with the public keys of different recipients are added to the message encrypted with the session key. Both PGP and GnuPG use exactly the hybrid scheme.

It should be remembered that a hybrid cipher is no more stable than the weakest cipher it uses. Those. if a weak symmetric cipher is used, then it does not make sense to use a public key cipher with a huge key length.

GnuPG

GnuPG

Type of	PGP
Author	Werner Koch
Developer	GNU Project
Written on	Si
operating system	Cross-platform software
Interface languages	multiple languages [d]
First edition	December 20, 1997 [1]
Latest version	2.1.12 (May 4, 2015)
License	GNU General Public License version 3
Site	gnupg.org

GNU Privacy Guard ( GnuPG , GPG ) is a free program for encrypting information and creating electronic digital signatures. Developed as an alternative to PGP and released under the free GNU General Public License. GnuPG is fully compatible with the IETF OpenPGP standard. Current versions of GnuPG can interact with PGP and other OpenPGP-compatible systems.

Story

The project was created by Werner Koch (him. Werner Koch ). The original name of the project was not GnuPG, but G10 (in honor of the tenth article of the Constitution (him. G rundgesetz ) of Germany). This article is similar to Article 23 of the Constitution of the Russian Federation, which guarantees confidentiality of correspondence, negotiations and other communications. American programmer Philip Zimmermann published the source code of his PGP program (designed to protect e-mail messages) on the Internet. Restrictions in the United States did not allow the export of cryptographic software abroad. The US government began to pursue Zimmermann, and then he bypassed this restriction - he published the source code in the book, and already abroad it was possible to type this source code from the book and compile it on a computer. The severe restrictions of the US government did not allow other countries to use strong cryptography in software of American companies (including Microsoft Windows). It is impossible to develop cryptographic software in the United States with the possibility of further export to other countries, and therefore some of this software was created outside the United States (for example, OpenBSD in Canada, GnuPG in Germany). The German government, wanting to get strong cryptography in the Microsoft Windows operating system, sponsored GnuPG porting to the Windows platform in 2000. The US government tried to force the German government to reconsider its stance on the release of strong cryptography on the Windows platform, but, having achieved nothing, it eventually weakened its export restrictions on cryptographic software.

Version 0.0.0 was released on December 20, 1997. Version 1.0.0 was released on September 7, 1999.

August 1, 2006 version 1.4.5 was released; November 13, 2006 - version 2.0; October 3, 2014 - version 2.1.

Currently the following versions exist:

• GnuPG "classic" (1.4) - for older platforms.
• GnuPG "stable" (2.0) is the current stable development for general use.
• GnuPG "modern" (2.1) is the latest development with many innovations and improvements.

All branches of GnuPG versions are developed in parallel.

Features

• Complete PGP alternative.
• Does not use proprietary algorithms.
• Distributed under the GNU General Public License.
• Full implementation of OpenPGP.
• Decryption and authentication of email messages created using PGP 5, 6 and 7.
• Electronic signature support using ElGamal, DSA, RSA and MD5 hash functions, SHA-1, SHA-2, RIPE-MD-160 and TIGER.
• Work with asymmetric encryption ElGamal and RSA (key length from 1024 to 4096 bits).
• Support for blocking symmetric encryption algorithms AES, CAST5, 3DES, Twofish, Blowfish, Camellia, and IDEA with the help of a plugin.
• Compression algorithms support: ZIP, ZLIB, BZIP2.
• Easy implementation of new algorithms with additional modules.
• Overdue key and signature support.
• Integrated HKP key server support.

Using

GnuPG is a program that runs on almost all operating systems: from Microsoft Windows and GNU / Linux to Mac OS X, FreeBSD, OpenBSD, NetBSD, etc.

Although the main GnuPG interface is the command line, there are various external add-ons that make the functionality of this program available through a graphical user interface. For example, GnuPG is integrated into KMail and Evolution graphical email clients. The plugin engine is fully compatible with the OpenPGP standard.

Using the Enigmail extension, GnuPG works in the Mozilla Thunderbird email client to encrypt and authenticate messages. GnuPG support is also available in Mutt, The Bat! and gnus.

Using GPGrelay, you can encrypt and sign emails using GnuPG by any email client using the POP3, IMAP4, SMTP protocols.

For users of the Microsoft Windows operating system, the second branch of GnuPG comes immediately with a graphical interface. Since 2005, the developers of the GnuPG project have been releasing Gpg4win (GNU Privacy Guard for Windows) - an installation package that includes:

• the version of GnuPG for Windows (the package kernel, the encryption tool itself);
• Kleopatra (certificate manager for OpenPGP and X.509);
• GPA (Alternative Certificate Manager (GNU) for OpenPGP and X.509);
• GpgOL (plugin for Outlook);
• GpgEX (plugin for Windows Explorer, used when encrypting files);
• Claws Mail (full-featured email program with GnuPG support);
• Documentation in English and German.

In essence, Gpg4win is the official version of GnuPG for the Windows platform and all components included in this package are also free.

Also, using additional GnuPG or SecureIM plugins, you can achieve message encryption using GnuPG in the Miranda IM instant messaging client.

GnuPG is supported by Psi and Gajim Jabber clients.

Browser Plugins

Until June 7, 2010, FireGPG ^[2] was being developed - an add-on for Firefox, which allowed GnuPG support to be added to this browser. Among other things, it allowed GnuPG to be integrated into Gmail. Due to the fact that the Gmail web interface was constantly changing, the author of the plug-in stopped first supporting encryption of Gmail mail, and then the entire plug-in. About 30 thousand people used this FireGPG plugin.

Another WebPG browser plugin exists in versions for Firefox (Seamonkey, Thunderbird) and Chrome (Chromium). It supports functions: encryption, decryption, digital signature, key management. The current version is 0.9.2 dated January 24, 2013. There is experimental integration with Gmail.

Another valid plugin that allows the use of cryptographic protection (encryption and EDS) in a message on a page on the Internet for the Chrome browser is GPG4Browsers. This plugin was originally released by the German company Recurity Labs, but then transferred to a separate project OpenPGP.js.

Using plug-ins in browsers allows you to guarantee that a message belongs to a person (via EDS) or allows you to read a message that is publicly available to someone (for whom this message is encrypted). Including possible use of these plugins in social networks or email.

Principle of operation

GnuPG encrypts messages using asymmetric key pairs generated by GnuPG users. Public keys can be exchanged with other users in various ways, including through the Internet using key servers. GnuPG also allows you to add a cryptographic digital signature to a message, while the integrity and the sender of the message can be checked.

GnuPG does not use proprietary or otherwise limited software and / or algorithms, including the IDEA algorithm, which is introduced in PGP almost from the beginning. GnuPG uses other generic algorithms CAST5, 3DES, AES, Blowfish and Twofish. However, it is possible to use the IDEA algorithm in GnuPG with the help of an additional module.

GnuPG is a hybrid cryptographic software that uses a combination of standard encryption using symmetric keys and public key encryption for secure key exchange, the recipient's public key is needed to encrypt the session key once. This mode of operation is part of the OpenPGP standard and part of PGP in its first version.

Problems

Signature

The OpenPGP standard defines several methods for digitally signed messages. Because of an error made as a result of trying to make these methods more efficient, a vulnerability appeared. This affects only one method in digitally signing messages, only for some releases of GnuPG (1.0.2 to 1.2.3), and there were less than 1000 such keys listed on key servers. ^[3]

CVE-2016-6313

Vulnerability (CVE-2016-6313) was found by experts from the Karlsruhe Institute of Technology, Felix Dörre and Vladimir Klebanov; The bug is present in all versions of GnuPG and Libgcrypt, released before August 17, 2016.

The essence of the problem: if an attacker succeeds in extracting 4620 bits of data from a random number generator, he will be able to predict the next 160 bits of the sequence.

The developers statement specifically states that the problem should not affect the security of existing RSA keys. Also, experts believe it is highly unlikely that someone will be able to use public information to predict the private keys DSA and Elgamal, but the document says that the problem is still being investigated.

Vulnerability resolved with release of Libgcrypt 1.7.3, 1.6.6 and 1.5.6 and release of GnuPG 1.4.21. ^[four]