Working with OpenPGP Files

Working with OpenPGP Files

Some organizations use encryption tools based on the OpenPGP standard, rather than the International Telecommunications Union X.509 standard. OpenPGP uses the same basic Public Key Infrastructure principles for exchanging encrypted files, but uses a decentralized “Web of Trust” method of authenticating signatures.


Smartcrypt extracts and decrypts files that comply with the OpenPGP standard, RFC 4880.  It can also create OpenPGP files encrypted using passphrases, public/private key pairs, or both; it will apply digital signatures with OpenPGP public/private key pairs too. In this section, you’ll learn more about the OpenPGP standard, and how to use Smartcrypt with OpenPGP.


Overview: OpenPGP vs. X.509

The X.509 standard relies on a hierarchical “trust chain” model, where an individual digital signature is issued by an intermediate Certificate Authority (CA), which is assumed to have received enough documentation to determine that an individual is who he says he is. The intermediate CA’s certificate gets its certificate, in turn, from a Root CA. Each certificate says who issued it, and theoretically if you question the authenticity of a certificate, you can find the documentation presented to the original CA.


OpenPGP certificates are typically created by individuals, and authenticated by other individuals. In the real world, you have friends who can vouch that you are who you say you are. If you walk into a room full of strangers, your friend can introduce you to the people he knows. Since you trust that your friend is correctly identifying his friends and acquaintances, that trust extends to his friends too.


When you translate the above experience to the electronic, OpenPGP world, it works this way: You create an OpenPGP certificate to identify yourself. When a friend comes to visit, display the certificate. The friend can now sign your certificate (often called “key signing”) and certify that this certificate represents you. Now everyone who trusts the person who signed your key can also trust that your certificate is authentic. A Web of Trust is developed as more people authenticate each certificate. Everyone in the Web of Trust can also exchange messages in the OpenPGP format.


Applying OpenPGP to Archives

To apply OpenPGP encryption or a digital signature to an archive, make sure that the OpenPGP Options are set appropriately to the task you are performing (including creating a new archive, adding files to an archive, refreshing or updating an archive).


Add files to a new archive as you would normally, then use the Save As dialog to save the archive with the OpenPGP file type. When you apply OpenPGP to a new archive, you actually create a TAR archive, which can be signed, encrypted, compressed (or any combination of those actions) in the same dialog. Smartcrypt uses only algorithms supported by the OpenPGP standard on OpenPGP files. These algorithms are listed in the next section.

 

Supported OpenPGP Algorithms

This table lists the supported OpenPGP algorithms used for encryption, signing, and hashing.

Algorithm

Type

IDEA (128-bit)

Public-Key Encryption

3DES

Symmetric-Key

CAST5 (128-bit)

Symmetric-Key

AES (128-bit)

Symmetric-Key

AES (192-bit)

Symmetric-Key

AES (256-bit)

Symmetric-Key

Uncompressed

Data Compression

ZIP (RFC 1951)

Data Compression

BZIP2

Data Compression

SHA-1

Hash

SHA-256

Hash

SHA-384

Hash

SHA-512

Hash