GNU Privacy Guard (Encryption)
GnuPG is a hybrid encryption software program in that it uses a combination of conventional symmetric-key cryptography for speed, and public-key cryptography for ease of secure key exchange, typically by using the recipient’s public key to encrypt a session key which is only used once. This mode of operation is part of the OpenPGP standard and has been part of PGP from its first version.
GnuPG encrypts messages using asymmetric keypairs individually generated by GnuPG users. The resulting public keys can be exchanged with other users in a variety of ways, such as Internet key servers. They must always be exchanged carefully to prevent identity spoofing by corrupting public key ↔ “owner” identity correspondences. It is also possible to add a cryptographic digital signature to a message, so the message integrity and sender can be verified, if a particular correspondence relied upon has not been corrupted.
GnuPG also supports symmetric encryption algorithms. By default GnuPG uses the CAST5 symmetrical algorithm.
GnuPG does not use patented or otherwise restricted software or algorithms, like the IDEA encryption algorithm used in PGP. (It is in fact possible to use IDEA in GnuPG by downloading a plugin for it, however this may require getting a license for some uses in some countries in which IDEA is patented.) Instead, GnuPG uses a variety of other, non-patented algorithms, including,
- Block ciphers (symmetric encryption algorithms): CAST5, Camellia, Triple DES, AES, Blowfish, and Twofish.
- Asymmetric-key ciphers: ElGamal and RSA
- Cryptographic hashes: RIPEMD-160, MD5, SHA-1, SHA-2, and Tiger
- Digital signatures: DSA and RSA