PGP Versions Are Not All Made the Same

Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. Phil Zimmermann developed PGP in 1991.

PGP and similar software follow the OpenPGP standard (RFC 4880) for encrypting and decrypting data.

PGP encryption uses a serial combination of hashing, data compression, symmetric-key cryptography, and finally public-key cryptography; each step uses one of several supported algorithms. Each public key is bound to a username or an e-mail address.

The first version of this system was generally known as a web of trust to contrast with the X.509 system, which uses a hierarchical approach based on certificate authority and which was added to PGP implementations later. Current versions of PGP encryption include both options through an automated key management server.

As PGP evolves, versions that support newer features and algorithms are able to create encrypted messages that older PGP systems cannot decrypt, even with a valid private key. Therefore, it is essential that partners in PGP communication understand each other’s capabilities or at least agree on PGP settings.

PGP can be used to send messages confidentially. For this, PGP combines symmetric-key encryption and public-key encryption. The message is encrypted using a symmetric encryption algorithm, which requires a symmetric key. Each symmetric key is used only once and is also called a session key.

The message and its session key are sent to the receiver. The session key must be sent to the receiver so they know how to decrypt the message, but to protect it during transmission it is encrypted with the receiver’s public key. Only the private key belonging to the receiver can decrypt the session key.

The version lines that are usually shown by default in PGP keys and PGP signature blocks, often reveal which OS the person is using.

PGP / GPG Version Strings

You can tell a fair bit about a user’s PGP/GPG setup from their Version: string. Here are some typical examples:

Version: GnuPG v1.4.11 (GNU/Linux)

This key belongs to a Linux user.

Version: GnuPG v2.0.19 (MingW32)

This key belongs to a Windows user.

Version: GnuPG/MacGPG2 v2.0.17 (Darwin)

This key belongs to a Mac OS X user.

PGP Versions That Should Make You Nervous

Version: 9.9.0.397

This person is using the official PGP version, as published by Symantec. I’ve read statements by Kevin Mitnick that he no longer trusts PGP since it was acquired by Symantec.   In his post, Mitnick refers to the case of Diskreet, which back in the early days, was an encryption package sold by Symantec.

This software purported to use the full 56-bit DES cipher algorithm, which was quite strong for its day. Mitnick stated that he acquired a copy of the Diskreet source code, and discovered that the actual key was nowhere near 56-bits, but was incredibly weak. He went on to say that based on his experience, he would not trust any version of PGP published by Symantec.

His caution is only underscored by the Snowden revelations earlier this Summer, which set out the NSA’s campaign of attempting to weaken or backdoor crypto.

I, for one, would not trust any closed-source crypto software published by an American company — that goes double for companies with a history like Symantec.

To the best of my knowledge, Symantec does not publish PGP source code, and as an American company, their crypto software is now suspect.

Versions of PGP That Should Make You Run Away Screaming

Versions of PGP with these Version: strings are based on the BouncyCastle Java crypto libraries. They should be avoided like the plague.
Version: BCPG v1.45
Version: BCPG v1.47

These versions of PGP are absolutely NOTORIOUS for generating MASSIVELY UNSAFE PGP keys by default.

These versions typically generate DSS/ElGamal keys with signing keys with a size of 1024-bits, and an encryption sub-key of as little as 512-bits.

By: Nightcrawler
512-bit keys are so unsafe, that they were being broken by hobbyists on spare hardware a dozen years ago. 1024-bit keys were deprecated by NIST more than 3 years ago.
Version: BCPG C# v1.6.1.0
This version of PGP generates by default a PGP key of 1024-bits, with NO encryption sub-key. Again, these keys are unsafe/obsolete.

Recommendations

Any software that uses the Java Bouncycastle crypto libraries (like PortablePGP) should be avoided like the plague. These typically contain BCPG in the Version: string.

GPG4Win/Kleopatra/GPA are also deprecated — Kleopatra generates RSA keys without an encryption sub-key. Dual RSA keys, with one RSA key for signing, and the other exclusively for encryption have been standard since the Fall of 2009.

GPA will not generate keys over 3072-bits in length.

GPG4USB or Gnu Privacy Tray (GnuPT) are recommended, as they are:

* Easy to use

* Standards compliant

GnuPT, in particular, is frequently updated. Usually, when there is a new GPG version (e.g. 1.4.15), the GnuPT developers issue an update with a day or two, reflecting the change.

Download links:

GPG4USB: http://gpg4usb.cpunk.de/index.html

GnuPT: http://www.gnupt.de/ (Site is in German)

Check out how to install PGP on Linux here.