GPG security documentation

Andrew Clausen andrew.p.clausen at
Sat Jan 28 11:48:56 CET 2017

Hi all,

GPG sometimes asks the user to make security judgments, such as how
long a key to use, or which cipher he prefers.  Does GPG supply any
documentation to help the user make informed choices?  The FAQ [0] has
a limited amount of discussion, but this probably is not the best way
to organise this important information for users.  I'd be happy to
help improve the documentation.

Examples of information that users might find helpful:

 * Key size recommendations, e.g. from NIST.[1]  This ought to explain
why RSA-4096 (or RSA-65536) is typically not recommended.

 * GPG's protections from side-channel attacks.  Specifically,
security researchers have provided patches to previous versions of GPG
to eliminate the leakage of private information through timing and
radiation from CPUs.  Which of GPG's implemented ciphers are most
robust to protecting against these attacks?  See [2] for an
introduction to the issue.

 * Limitations.  For example, to my knowledge, none of GPG's modes of
operation support forward secrecy (like OTR does [3]).  (Specifically,
the standard way to get forward secrecy involves a Diffie-Hellman key
agreement, which requires a round-trip of conversation before any
plaintext is encrypted.  GPG is not currently organised to support
such conversations.)

 * What metadata is publicly visible in GPG messages?  Is it possible
to remove some of this metadata?

Kind regards,

[1] Section 5.6 of

More information about the Gnupg-devel mailing list