PGP
In 1991, Philip R. Zimmermann of the United States developed a set of procedures for message encryption and verification in order to protect personal Privacy in the network, and named PGP(Pretty Good Privacy), the Chinese translation of excellent confidentiality agreement.
In June 1991, Philip R. Zimmermann published the PGP program and source code on the Internet, and stipulated that non-commercial use did not require licensing, and no fees. PGP soon spread across the Internet and, shortly after its launch, left the United States
In February 1993, Philip R. Zimmermann was the subject of a criminal investigation by the United States Customs Service for alleged violations of the Arms Export Control Act. Under the U.S. Export Administration Act at the time, encryption systems with keys larger than 40 digits were considered munitions. PGP uses a key larger than 128 bits. The investigation lasted three years, but during that time the United States raised the maximum limit allowed for legal exports, and in 1996 the government dropped the case without prosecution.
In 1996, after the government dropped the case, Philip R. Zimmermann formed **PGP Inc.** and released an updated version of PGP and a number of other related products.
In July 1997, PGP Inc. and Philip R. Zimmermann agreed with The Internet Engineering Task Force (IETF) to develop a public Internet standard, Called OpenPGP, any program that supports this standard is also allowed to be called OpenPGP.
In December 1997, PGP Inc. and its intellectual property were acquired by Network Associates Inc. (NAI), which continues to own and develop PGP products for commercial and freeware use
OpenPGP
OpenPGP is an Internet standard for message encryption, originally an open standard version of Network Associates Inc(NAI) ‘s PGP encryption protocol. Managed by The Internet Engineering Task Force (IETF).
The primary purpose of OpenPGP is to encrypt email traffic end-to-end, but it is also used to encrypt messaging and files, among other things.
The message format of PGP was defined in RFC1991, 1996.
Support for RSA and DSA was added to RFC4880 in 2007.
In 2012, RFC6637 added support for elliptic Curve cryptography (ECC) and key exchange for elliptic Curve DSA and elliptic Curve DH based on Curve p-256, p-384 and p-521.
GnuPG
The GNU Privacy Guard (GnuPG) is a complete implementation of the RFC4880 standard of OpenPGP in the GNU(free software) community.
Most people like to call GnuPG GPG, but I prefer GnuPG because GNU stands for a spirit of freedom.Copy the codeGnuPG allows you to encrypt and sign data and communications, with a common key management system and access modules for various public key directories. GnuPG also provides support for S/MIME and Secure Shell (SSH).
Since its introduction in 1997, GnuPG has been free software (meaning it respects your freedom) that you are free to use, modify, and distribute under the terms of the GNU General Public License.
Due to the characteristics of free software, GnuPG is widely used in the network. A common usage scenario is that all KINDS of IT-related software will provide a GPG software signature when downloading, to prevent the released software from being tampered with
Maven’s download interface, for example, provides a GnuPG signature for the software
The following is the content of the apache-Maven-3.6.3-bin.zip signature
-----BEGIN PGP SIGNATURE-----
iHUEABEKAB0WIQSwITfYddgz2bIzkuyuWn+2CKAiHAUCXdRESQAKCRCuWn+2CKAi
HD8UAQCgvWcZmgWf/afuZHleaG0O4g6ZeR3F6nMrYiZS1BAmzgEAp4E963ruFFxh
pcXUZkEE6T1bHtRlHnJ8cETZLprtuug=
=Oxpf
-----END PGP SIGNATURE-----
Copy the codeAfter downloading, you can use GnuPG to verify maven packages and their signatures to see if the software has been tampered with
reference
PGP官网 RFC 6637 GnuPG 官网 GNU 官网