GnuPG to protect citizen rights (was: Announced chat control by the EU)

Werner Koch wk at gnupg.org
Thu Oct 9 16:24:14 CEST 2025 

On Wed,  8 Oct 2025 16:21, Robert J. Hansen said:

> generating certificates on GnuPG 1.4. But please, please, please, stop
> using 1.4 already. Switch to the 2.6 series.

I can only repeat that.  Thanks for mentioning this, Rob.

Now that I attended this mail thread anyway, let me assure that I will
never accept a backdoor in GnuPG or related libraries.  I spent the
majority of my working life on that software [1] and the reason I got
into this was and still is privacy for the people.  Meanwhile my company
is on very solid financial grounds and I actually could stop working and
keep on helping with GnuPG maintenance and oversee developments without
financial compensation.

Gpg4win, our Windows installer, is very likely what most people are
using for end-to-end encryption of mail and to protect data at rest.
The very same software is also the base for GnuPG VS-Desktop which is
used in Germany, Europe, Japan and even by some companies in the US.  In
particular we build an NSIS installer for Gpg4win and by using this very
installer along with custom configuration files and extra documentation
we transform this into an MSI installer.  That MSI is what we give to
our government and industrial customer along with a support contract.

Thus all code you see in gpg4win is also in the GnuPG VS-Desktop.  Any
backdoor would be there as well.  We would be entirely crazy trying to
implement a backdoor; our repudiation would we dead and this is what
make up our business.  All my colleagues and co-hackers are also strong
privacy advocates and share my view.

The chat control idea is only one idea on how to throw away citizen
rights.  The EU as well as other states and organization are trying to
protect themselves from their citizens.  For example the EU is currently
setting up the “Expert Group for a technology Roadmap in Encryption” [2]
to plan ahead for more control.  Take care and beware of newspeak.


Shalom-Salam,

   Werner


[1] A post on the GnuPG history from 2007
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob_plain;f=doc/a-decade-of-gnupg.txt

[2] EU encryption roadmap
https://ec.europa.eu/transparency/expert-groups-register/screen/expert-groups/consult?lang=en&groupID=4005

-- 
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 284 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251009/c6ff9925/attachment.sig>

More information about the Gnupg-users mailing list