Editing Pretty Good Privacy (section)

==OpenPGP==
Within PGP Inc., there was still concern surrounding patent issues. RSADSI was challenging the continuation of the Viacrypt RSA license to the newly merged firm. The company adopted an informal internal standard that they called "Unencumbered PGP" which would "use no algorithm with licensing difficulties".  Because of PGP encryption's importance worldwide, many wanted to write their own software that would interoperate with PGP 5. Zimmermann became convinced that an [[open standard]] for PGP encryption was critical for them and for the cryptographic community as a whole. In July 1997, PGP Inc. proposed to the [[IETF]] that there be a standard called OpenPGP. They gave the IETF permission to use the name OpenPGP to describe this new standard as well as any program that supported the standard. The IETF accepted the proposal and started the OpenPGP [[IETF Working Group|Working Group]].

OpenPGP is on the [[Internet Standard|Internet Standards Track]] and is under active development. Many e-mail clients provide OpenPGP-compliant email security as described in RFC 3156. The current specification is RFC 9580 (July 2024), the successor to RFC 4880. RFC 9580 specifies a suite of required algorithms consisting of [[X25519]], [[EdDSA#Ed25519|Ed25519]], [[SHA-2|SHA2-256]] and [[Advanced Encryption Standard|AES-128]]. In addition to these algorithms, the standard recommends [[X448]], [[EdDSA#Ed448|Ed448]], [[SHA-2|SHA2-384]], [[SHA-2|SHA2-512]] and [[Advanced Encryption Standard|AES-256]]. Beyond these, many other algorithms are supported.

* PGP
** {{IETF RFC|1991|link=no}} PGP Message Exchange Formats (obsolete)<ref name="tools.ietf.org">{{cite journal|last1=David|first1=Shaw|last2=Lutz|first2=Donnerhacke|last3=Rodney|first3=Thayer|last4=Hal|first4=Finney|last5=Jon|first5=Callas|title=OpenPGP Message Format|url=https://tools.ietf.org/html/rfc4880|website=tools.ietf.org|year=2007|doi=10.17487/RFC4880|language=en|access-date=April 19, 2018|archive-date=July 13, 2012|archive-url=https://web.archive.org/web/20120713063928/http://tools.ietf.org/html/rfc4880|url-status=live}}</ref>
* OpenPGP
** {{IETF RFC|2440|link=no}} OpenPGP Message Format (obsolete)<ref name="tools.ietf.org"/>
** {{IETF RFC|4880|link=no}} OpenPGP Message Format (obsolete)
** {{IETF RFC|5581|link=no}} The Camellia Cipher in OpenPGP (obsolete)
** {{IETF RFC|6637|link=no}} Elliptic Curve Cryptography (ECC) in OpenPGP (obsolete)
** {{IETF RFC|9580|link=no}} OpenPGP
* PGP/MIME
** {{IETF RFC|2015|link=no}} MIME Security with Pretty Good Privacy (PGP)
** {{IETF RFC|3156|link=no}} MIME Security with OpenPGP

OpenPGP's encryption can ensure the secure delivery of files and messages, as well as provide verification of who created or sent the message using a process called digital signing. The [[open source]] office suite [[LibreOffice]] implemented document signing with OpenPGP as of version 5.4.0 on Linux.<ref>{{cite web|title=OpenPGP signature support in LibreOffice|url=https://blog.thebehrens.net/2017/07/28/openpgp-signature-support-in-libreoffice/|website=Thorsten's Weblog|access-date=10 December 2017|date=28 July 2017|archive-date=November 1, 2017|archive-url=https://web.archive.org/web/20171101231613/https://blog.thebehrens.net/2017/07/28/openpgp-signature-support-in-libreoffice/|url-status=live}}</ref> Using OpenPGP for communication requires participation by both the sender and recipient. OpenPGP can also be used to secure sensitive files when they are stored in vulnerable places like mobile devices or in the cloud.<ref>Eric Geier (August 22, 2014). "[https://www.pcworld.com/article/2472771/how-to-use-openpgp-to-encrypt-your-email-messages-and-files-in-the-cloud.html How to use OpenPGP to encrypt your email messages and files in the cloud] {{Webarchive|url=https://web.archive.org/web/20180518132535/https://www.pcworld.com/article/2472771/how-to-use-openpgp-to-encrypt-your-email-messages-and-files-in-the-cloud.html |date=May 18, 2018 }}". ''PC World''. Accessed March 1, 2022.</ref>

In late 2023, a schism occurred in the OpenPGP world: IETF's OpenPGP working group decided to choose a "crypto-refresh" update strategy for the RFC 4880 specification, rather than a more gradual "4880bis" path preferred by Werner Koch, author of GnuPG. As a result, Koch took his draft, now abandoned by the workgroup, and forked it into a "LibrePGP" specification.<ref name="LibrePGP">{{cite web |title=A schism in the OpenPGP world [LWN.net] |url=https://lwn.net/Articles/953797/ |website=lwn.net |access-date=February 14, 2024 |archive-date=February 22, 2024 |archive-url=https://web.archive.org/web/20240222124116/https://lwn.net/Articles/953797/ |url-status=live }}</ref>

=== Implementations ===

The [[Free Software Foundation]] has developed its own OpenPGP-compliant software suite called [[GNU Privacy Guard]], freely available together with all source code under the [[GNU General Public License]] and is maintained separately from several [[graphical user interfaces]] that interact with the GnuPG library for encryption, decryption, and signing functions (see [[KGPG]], [[Seahorse (software)|Seahorse]], [[MacGPG]]).{{undue inline|reason=other important implementations exist and should be cited|date=July 2021}} Several other vendors{{Specify|reason=readers expect a neutral list of vendors|date=July 2021}} have also developed OpenPGP-compliant software.

The development of an [[open source]] OpenPGP-compliant library, OpenPGP.js, written in [[JavaScript]] and supported by the [[Framework_Programmes_for_Research_and_Technological_Development#Horizon_2020|Horizon 2020 Framework Programme]] of the [[European Union]],<ref>{{cite web|url=https://openpgpjs.org/|title=OpenPGPjs|author=OpenPGPjs-Team|access-date=January 2, 2017|archive-date=July 9, 2017|archive-url=https://web.archive.org/web/20170709124936/https://openpgpjs.org/|url-status=live}}</ref> has allowed web-based applications to use PGP encryption in the web browser.

PGP keys are supported in [[Mozilla Thunderbird]] (Built-in in version 78 onwards on PC,<ref>{{Cite web|url=https://linuxreviews.org/Thunderbird_78_Has_Finally_Got_Built-In_Calendar_And_OpenPGP_Support|title=Thunderbird 78 Has Finally Got Built-In Calendar And OpenPGP Support|date=8 October 2020|access-date=14 May 2025|publisher=LinuxReviews}}</ref> and with the [[OpenKeychain]] app as of version 9 on Android<ref>{{Cite web|url=https://www.zdnet.com/article/how-to-add-pgp-support-on-android-for-added-security-and-privacy/|title=How to add PGP support on Android for added security and privacy|publisher=[[ZDNET]]|author=Jack Wallen|access-date=14 May 2025|date=13 November 2024}}</ref>), [[GitHub]],<ref>{{Cite web|url=https://inspirezone.tech/using-gpg-keys-on-github/|title=Using GPG keys on GitHub: Creating and updating expired keys|date=18 April 2021|access-date=14 May 2025|publisher=Inspirezone}}</ref> and [[GitLab]].<ref>{{Cite web|url=https://sdtimes.com/automation/gitlab-xcode-chrome-enterprise-sdtimes-newsdigest/|title=GitLab 9.5, Xcode 9, IEEE standard for quantum computing, and Chrome Enterprise — SD Times news digest: August 23, 2017|date=23 August 2025|access-date=14 May 2025|publisher=[[SD Times]]|author=Madison Moore}}</ref>