GNUPG Developer Launches librepgp Project
Werner Koch, the main developer and creator of the GNUPG project (GNU Privacy Guard), has founded the project librepgp. The new project focuses on the development of an updated specification as an alternative to the OpenPGP standard. This decision comes in response to changes outlined by the working group IETF for the renewal of the OpenPGP specification (RFC-4880), which Koch considers doubtful in terms of compatibility and security maintenance. Concerns have been raised by the developers of GNUPG, rnp (OpenPGP implementation by Thunderbird), and gpg4win about the potentially destructive impact of the proposed changes on existing OpenPGP applications, whose users rely on stability of the long-term specification and are not prepared to accept compatibility violations.
Librepgp incorporates useful improvements developed for the future OpenPGP specification, while excluding changes that negatively affect compatibility. Compared with the current RFC-4880 standard, Librepgp includes the following accepted enhancements:
- Support for the encryption algorithm Camellia (RFC-5581).
- ECC extensions (Elliptic Curve Cryptography) for OpenPGP (RFC-6637).
- Mandatory support for Hashi Sha2-256, with Sha-1 and MD5 classified as not recommended.
- An increase in the size of the test cast (FingerPrint) to 256 bits.
- Support for digital signatures of the Eddsa and Elliptic curves BRAINPOOLP256R1, BRAINPOLP384R1, BRAINPOLP512R1, ED25519, Curve25519, Ed488, and X448.
- Support for the Crystals-Kyber algorithm, resistant to selection on quantum computers.
- Support for authenticated encryption modes OCB (Offset Codebook Mode).
- Implementation of the fifth version of the format of digital signatures with metadata protection.
- Support for advanced subpackets with digital signatures.