|
OpenPGP (Pretty Good Privacy) is the Internet open standard used by PGP, GNU Privacy Guard (GnuPG), Hushmail, Veridis, and others for the exchange of encrypted and digitally signed data and the maintenance of a Public key infrastructure. RFC 2440, created by the OpenPGP Working Group of the IETF, defines the standard and ensures interoperability by specifying a format for messages and algorithms that must be implemented.
The standard was developed because of the wide use of PGP and the desire to make it be a cryptographic standard owned by the community, not any one entity. Although originally designed for email, the standard is now used with virtually all digital information.
Public Key Infrastructure
OpenPGP implements both the web of trust and certificate authorities. To support the web of trust, the standard mandates a format to sign keys. In addition, an optional format allows one to differentiate their certainty that the key belongs to its claimed owner. Although many programs read and write this information, few (if any) incorporate the level of certification when calculating whether to trust a key.
The specification of trust signatures supports the creation of certificate authorities. A trust signature indicates both that the key belongs to its claimed owner and that the owner of the key is trustworthy to sign other keys at one level below their own. A level 0 signature is comparable to a web of trust signature, only the validity of the key is certified. A level 1 signature is similar to the trust one has in a certificate authority because a key signed to level 1 is able to issue an unlimited number of level 0 signatures. A level 2 signature is highly analogous to the trust that many have of Microsoft whenever they use the default certificate authority list in Internet Explorer, because it allows the owner of the key to make other keys certificate authorities.
See also
External links
| 
