Using GNU PGP

Using GNU PGP

GNU Privacy Guard (GnuPG or GPG) is a GPL Licensed alternative to the PGP suite of cryptographic software. GnuPG  is compliant with RFC 4880, which is the current IETF standards track specification of Open PGP. Current versions of PGP (and Veridis' Filecrypt) are interoperable with GnuPG and other OpenPGP-compliant systems.

GnuPG is a hybrid encryption software program in that it uses a combination of conventional symmetric-key cryptography for speed, and public-key cryptography for ease of secure key exchange, typically by using the recipient's public key to encrypt a session key which is only used once. This mode of operation is part of the OpenPGP standard and has been part of PGP from its first version.

GnuPG also supports symmetric encryption algorithms. By default GnuPG uses the CAST5 symmetrical algorithm.

GnuPG does not use patented or otherwise restricted software or algorithms. Instead, GnuPG uses a variety of other, non-patented algorithms

GnuPG is a command-line based system, that is not written as an API which may be incorporated into other software. GPGME is an API wrapper around GnuPG which parses the output of GnuPG, and various graphical front-ends based on GPGME have been created. This currently requires an out-of-process call to the GnuPG executable for many GPGME API calls. Because GPGME makes use of a special GnuPG interface designed for machine use, a stable and maintainable API between the components is given. Possible security problems in an application do not propagate to the actual crypto code due to the process barrier.