GnuPG and OpenPGP ================= See RFC2440 for a description of OpenPGP. I have an annotated version of this RFC online: http://www.gnupg.org/rfc2440.html Compatibility Notes =================== GnuPG (>0.4.5) is in compliance with RFC2440 despite these exceptions: * (9.1) states that RSA SHOULD be implemented. This is not done (except with an extension, usable outside the U.S.) due to patent problems. * (9.2) states that IDEA SHOULD be implemented. This is not done due to patent problems. All MAY features are implemented with this exception: * multi-part armored messages are not supported. MIME should be used instead. Most of the OPTIONAL stuff is implemented. There are a couple of options which can be used to override some RFC requirements. This is always mentioned with the description of that options. A special format of partial packet length exists for v3 packets which can be considered to be in compliance with RFC1991; this format is only created if a special option is active. Some Notes on OpenPGP / PGP Compatibility: ========================================== * PGP 5.x does not accept V4 signatures for anything other than key material. The GnuPG option --force-v3-sigs mimics this behaviour. * PGP 5.x does not recognize the "five-octet" lengths in new-format headers or in signature subpacket lengths. * PGP 5.0 rejects an encrypted session key if the keylength differs from the S2K symmetric algorithm. This is a bug in its validation function. * PGP 5.0 does not handle multiple one-pass signature headers and trailers. Signing one will compress the one-pass signed literal and prefix a V3 signature instead of doing a nested one-pass signature. * When exporting a private key, PGP 2.x generates the header "BEGIN PGP SECRET KEY BLOCK" instead of "BEGIN PGP PRIVATE KEY BLOCK". All previous versions ignore the implied data type, and look directly at the packet data type. * In a clear-signed signature, PGP 5.0 will figure out the correct hash algorithm if there is no "Hash:" header, but it will reject a mismatch between the header and the actual algorithm used. The "standard" (i.e. Zimmermann/Finney/et al.) version of PGP 2.x rejects the "Hash:" header and assumes MD5. There are a number of enhanced variants of PGP 2.6.x that have been modified for SHA-1 signatures. * PGP 5.0 can read an RSA key in V4 format, but can only recognize it with a V3 keyid, and can properly use only a V3 format RSA key. * Neither PGP 5.x nor PGP 6.0 recognize ElGamal Encrypt and Sign keys. They only handle ElGamal Encrypt-only keys. Parts of this document are taken from: ====================================== OpenPGP Message Format draft-ietf-openpgp-formats-07.txt Copyright 1998 by The Internet Society. All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.