The Essential Collection

GnuPG (The GNU Privacy Guard)
GnuPG is a complete and free replacement for PGP. Because it does not use the patented IDEA algorithm, it can be used without any restrictions. GnuPG is a RFC2440 (OpenPGP) compliant application.
Enigmail: A simple interface for OpenPGP email security
Enigmail is an extension to the mail client of Mozilla / Netscape and Mozilla Thunderbird which allows users to access the authentication and encryption features provided by GnuPG.
Enigmail: Enigmail Quickstart Guide
my GnuPG and Enigmail Tips
Tips on installing GnuPG and Enigmail. My attempt to explain that to a Windows user, not running Windows myself..
Enigmail / Forum / Enigmail Support:Upgraded gpg and now gpg fails under enigmail but works at the command prompt
The cause why GnuPG 2.0.23 exits with return code 2 is gpg: Note: signatures using the MD5 algorithm are rejected because there are old keys with MD5 hashes that if --allow-weak-digest-algos is not given lead to a fingerprint of 0x00000000000000000000000000000000 (even if the short/long ID says different) and ultimately to gpg: Oops: keyid_from_fingerprint: no pubkey.
In short: for a workaround delete those old MD5 crap keys from your keyring unless you are forced to use them..
gpg2 --list-key 0x00000000000000000000000000000000
gpg2 --export 0x00000000000000000000000000000000 >md5_keys.gpg
gpg2 --delete-keys 0x00000000000000000000000000000000
(repeat until no such key left)
Note: This is supposed to be fixed in GnuPG 2.0.29, see Issue 2000: PGP-2 Keys are handled as if their Fingerprint is always zero - GnuPG's BTS
OpenPGP Best Practices -
Evil 32: Check Your GPG Fingerprints
Stop using 32bit key ids. It takes 4 seconds to generate a colliding 32bit key id on a GPU (using scallion). Key servers do little verification of uploaded keys and allow keys with colliding 32bit ids. Further, GPG uses 32bit key ids throughout its interface and does not warn you when an operation might apply to multiple keys.
The GNU Privacy Handbook
Das GNU-Handbuch zum Schutze der Privatsphäre
Frontends -
Lists of software with support for GnuPG. GUI frontends, MUA frontends, chat programs, network related, frontends for scripting, for *nix platform, for Windows platform, for Mac platform.
Oberflächen -
PGP jetzt! | -=daMax=-
Links fuer Thunderbird, Apple Mail, Android, iPhone
Crypto für alle – Förderung der Verbreitung von Kryptografie
GnuPG und EnigMail mit Thunderbird (Praxis)
Slides eines einfuehrenden Vortrags von Roland Schmalenberg, mit PgUp/PgDn blaettern oder rechts unten nach Maus-Over das ø Symbol fuer HTML-Komplettseite waehlen.
Official Homepage | GPGTools (OpenPGP Tools for Apple OS X)
Gpg4win - EMail-Security using GnuPG for Windows
gpg4win is an installer package for Windows with computer programs and handbooks for EMail and file encryption. GnuPG, Kleopatra, GPA, GpgOL, GpgEx, Claws Mail, Gpg4win Compendium, Gpg4win for Novices (Einsteiger- und Durchblicker-Handbuch).
cryptophane - A Windows UI for the GnuPG encryption program - Google Project Hosting
Cryptophane is an easy-to-use Windows application that works with GnuPG (a PGP-compatible encryption program.) It allows users to encrypt, sign, decrypt, and perform key maintenance without having to deal with GnuPG's command-line interface.
Make sure that you download only the cryptophane executable (currently cryptophane-0.7.0.exe) without the gnupg executable, as gnupg-1.4.2 from 2009 is way outdated ...
OpenKeychain (for Android) | sufficiently secure
OpenPGP implementation for Android.
Android Privacy Guard
OpenPGP for Android.
GnuPG Anleitung - Raven Wiki
Die GnuPG Anleitung schlechthin. Geht auch ausfuehrlich auf grafische shells / GUIs ein. Kai Raven meinte in seinem Vorwort zur GnuPG Anleitung sehr richtig:
Mit der Version 3.2 der Deutschen GnuPG Anleitung, die nun schon seit vier Jahren erscheint und der Veröffentlichung von GnuPG 1.4.1 wird gleichzeitig die weitere Pflege der Deutschen PGP Anleitung eingestellt.
Ich denke, GnuPG hat mittlerweile einen ausreichenden Reifeprozess durchgemacht, so breite Verwendung gefunden und durch die Integration in zahlreiche E-Mail und Instant Messaging Programme, genauso wie durch die grafischen Benutzeroberflächen so viel an Benutzerfreundlichkeit gewonnen, dass es für keinen Nutzer des Internets mehr nötig ist, PGP einzusetzen.
GnuPG - ArchWiki
Quite good overview of GnuPG command line usage, configuration, key management and gpg-agent; archlinux wiki
How To OpenPGP (
How To Transition To A Longer Key (
Weblog for dkg - HOWTO prep for migration off of SHA-1 in OpenPGP
Creating the perfect GPG keypair - Alex Cabal
For those concerned rightly about carrying around the master key on their laptop, this is the subkey solution.
Subkeys - Debian Wiki
GPG subkeys - Elena ``of Valhalla'' Homepage
Connexer Ltd. | Improve the Security of Your OpenPGP Key by Using Subkeys
GPG Signing: Traditional vs. PGP/Mime
Inline PGP signatures considered harmful
gpg - converting from pgp
Moving from PGP to GnuPG - or - Arghhh! How do I switch to GnuPG when I (and my friends) already use PGP?
Replacing PGP 2.x with GnuPG
Describes how to communicate with people still using old versions of PGP 2.x, GnuPG can be used as a nearly complete replacement for PGP 2.x.
GnuPG mini HOWTO
Quite old but basics still apply, available in English, Dutch, German and Spanish and in different formats.
g10 Code
The GnuPG Experts.
Another link-list with short desriptions of tools and plugins around GnuPG/PGP.
Websites about PGP and encryption
Das GNU Privacy Projekt (GnuPP)
Als Partner der Aktion "Sicherheit im Internet" des Bundesministeriums für Wirtschaft und Arbeit (BMWA) und des Bundesministeriums des Innern (BMI) entwickel[te]n Spezialisten eine frei verfügbare Verschlüsselungssoftware für jedermann.
[ed: Leider ist die Foerderung eingestellt, die in dem Paket enthaltene GnuPG Version veraltet, und sollte mit einer neuen Version ersetzt werden, was der Anwender nach der Installation selber tun muss. Mit dem neuen GnuPG 1.4.1 fuehrt das allerdings dazu, dass auch ein neueres WinPT installiert werden muss, so dass der Nutzen dieses alten Pakets fraglich wird. Das Projekt macht einen verwaisten Eindruck.]
Windows Privacy Tray and related projects on Sourceforge. Also is dead.
Project Ägypten (Free Software Sphinx-Clients)
The Sphinx project launched by German authorities aims to improve secure email exchange. The projects technological base is the protocol 'TeleTrust e.V. MailTrusT Version 2'. This includes the standards S/MIME, X.509v3 and others.
The Free Software companies Intevation, g10 Code and Klarälvdalens Datakonsult AB are contracted by the German 'Bundesamt für Sicherheit in der Informationstechnik (BSI)' to incorporate the Sphinx protocols into Free Software MUAs. Background is to ensure availability of alternatives to proprietary desktops.
Project Ägypten2: Improving Free Software Sphinx-Clients
Ägypten2 is a successor project of Ägypten1, but with its own technical aims, primarily addressing a better GUI and some more functionality such as OCSP. The Ägypten2 project has the same structural and organisational frame as Ägypten1, started December 1st 2003 and finished in November 2004.
Precessor of caff of the PGP Tools (see below). CABot is a set of scripts that help managing some parts of a PGP keysigning process. It sends encrypted challenges to UIDs of an OpenPGP key, analyzes the replies and assists the key owner in signing them.
Development on this project has ended in 2005.
GPGshell is a graphical interface for GnuPG, Windows.
Last release v3.78 of 2011-11-03
The International PGP Home Page
The purpose of the International PGP Home Page is to promote the use of PGP worldwide, and to be a resource pool for information on the PGP program and the OpenPGP standard.
/pub/mitarb/lutz/crypt/software/pgp/pgp263in directory
A special PGP v2.6.3 international version from 1997 with features added for certification purposes (ENCRyption and SIGNature keys, expiry of keys, revocations of own certificates from other's public keys, etc.). It is fully compatible and interoperable with all prior versions of PGP 2.6.x. It is also the only reliable version available for plain old DOS, look out for* files.
Lutz Donnerhacke's gesammelte Texte zu Pretty Good Privacy
FoeBuD e.V. - PGP-Handbuch
Aeltere Anleitung basierend auf PGP 2.6.x, 5.x und GnuPG.


SKS Keyservers
Keyservers in x-hkp://, see also status
Diensten: SURFnet PKI: Searching, extracting or submitting keys (
SKS OpenPGP Keyservers rotation of servers running SKS keyring software capable of handling subkeys.
Sometimes doesn't answer ...
SKS OpenPGP Public Key Server (
The keyserver where retrieves keys for the statistics.
Submit your key there to make sure your key is included in the strong set (if it does have signatures from the strong set that is). However, the keyserver connects with other keyservers, so usually that shouldn't be necessary.
Public Key Server Commands has a little different view on keys but doesn't retain photo IDs.
PGP Public Key Server Uni Mainz
Info on the Replicated WWW Based PGP 5.0 Key Server System
Search form at, others are at, ca, ch, cz, de, dk, es, nl, uk and us.
Top Level page for
PGPnet choose
Let the server guess a mirror near to you.
Do NOT use the MIT PGP Key Server (
This server uses old software and is a bit dumb, it doesn't understand multiple subkeys or subkeys with multiple signatures and treats them as errors, throwing away the elements and effectively crippling keys. I strongly recommend you use a different server.
David Ross -- PGP Public Key Servers
List of key servers with annotations.
RedIRIS - PGP Keyserver Synchronization Graph
outdated, from 2008-10-16 retrieved on 2009-12-30


GnuPrivacyGuardHowto - Community Help Wiki - Getting your key signed
How to become part of the web of trust and keysigning guidelines. Ubuntu help wiki.
The Keysigning Party HOWTO
Introduction to keysigning parties by V. Alex Brennen.
Efficient Group Key Signing Method
Speedup of fingerprint verification step in large keysigning parties.
Site appears to be dead, but text is available at
Keysigning Party Methods - The 'Ad Hoc' Method
The 'Ad-Hoc' method (which is basically a fancy shmancy way of saying "the standard way keysignings have always been done!") is best suited to small groups since it can quickly become chaotic with large numbers of people and does not scale well. However, it requires little or no planning so is very easy with small groups.
Keysigning Party Methods - The 'Sassaman-Efficient' Method
The 'Sassaman-Efficient' method is based on a proposal by Len Sassaman to efficiently manage large keysigning events. It is well suited to large groups. There is also a modified version known as the 'Sassaman-Projected' method.
Keysigning Party Methods - The 'Sassaman-Projected' Method
The 'Sassaman-Projected' method is a modified version of the 'Sassaman-Efficient' method and is well suited to large groups.
The principle difference is that instead of having a folded back line of participants when it comes time to check IDs, a document projector is used to display the ID of each person in turn so that every other participant can clearly see it at the same time. Each participant's ID is therefore examined by everyone else present simultaneously, instead of by each in turn, and the event duration scales linearly with number of participants.
pgp Key Signing Observations: Overlooked Social and Technical Considerations - The Community's Center for Security
Social Implications of Keysigning
Debian -- Keysigning
PGP Tools
PGP Tools is a collection for all kinds of pgp related things, including signing scripts, party preparation scripts etc. The caff (CA - Fire and Forget) script is a successor of CA-Bot, much easier in handling.
In Debian the tools are part of the signing-party package.
In Fedora it is the pgp-tools package
Pius (PGP Individual UID Signer) helps attendees of PGP keysigning parties. Similar but different to caff. Of course also available in Debian and Fedora.
PGP Key Signing Party Keyserver
pgp-kspkeyserver scripts, used at FOSDEM'09 keysigning
tmarble/kspsig - GitHub
Key Signing Party signature verification tool
Savannah: Project Info - keylookup
DFN-PCA: Policy Certification Authority des Deutschen Forschungs Netzes e.V. (DFN)
Biglumber - key signing coordination
PGP: Graphing The Trust
sig2dot GPG/PGP Keyring Graph Generator can be used to generate a graph of all of the signature relationships in a GPG/PGP keyring, like those resulting from keysigning parties, or the Debian Keyring (of all Debian developers). It converts the output of "gpg --list-sigs" to a .dot file, which is a graph definition that can be rendered by springgraph or graphviz.
sims |
sims (sims is more than sig2dot) parses the output of "gpg --list-sigs" and produces graphs of all the signature relationships in different output formats. It aims to be a replacement for sig2dot which provides many new features. Additionally, parsing of the input is much improved.
GPG/PGP Signature Path Tracing traces a signature path through a keyring.
Mutt GPG Signature Tracing
mutt-sigtrace is a wrapper for sigtrace to display signature paths from you to the key which signed an email, automatically, in mutt.
Web of trust statistics and pathfinder, group matrix generator and key lister.
Did you know that the strong set of keys, those where all keys are connected by their signatures, forms a leaf in a graphical representation? The Leaf of Trust.
Wotsap: Search
Search forms to query Wotsap. Pathfinder, Key statistics, Group matrix, List keys.
PGP pathfinder and key statistics
The statistics and the trustpath form on top of this page link to it.


Weblog for dkg - HOWTO prep for migration off of SHA-1 in OpenPGP
Replace your 1024-bit DSA keys with 2048-bit RSA keys or larger. See also Creating a new GPG key description at
Long-term Memory » Blog Archive » The internals of a GPG/PGP key
Key management using a USB key
Mail thread on the Debian devel list.
udev keyloader: script for loading ssh/gpg keys off of usb media.
Gnu Privacy Guard Agent (GPG) (
How to setup the passphrase agent for GnuPG that saves you from having to type in your passhphrase a gazillion times per day.
Freies & sicheres IM mit Jabber & OpenPGP - Inhalt
GnuPG Plugin for Pidgin
PIDGIN-GPG | Download PIDGIN-GPG software for free at
gnupg - Plugin for transparent editing of gpg encrypted files. : vim online
The Strong Distribution HOWTO
Teams/GnuPG/UsingGnuPGv2 - Debian Wiki
This is a list of packages either supporting GnuPG v2.1 (gnupg2, gpgv2) natively, or describing how to make them use it.
g10 Code - Products - Card
The OpenPGP Card is a specification of an ISO 7816-4,-8 compatible smartcard and also an actually available implementation of this specification as a standard sized card.
kernel concepts SmartCard products.
GnuPG SmartcardHOWTO
GnuPG supports the use of smartcards. This HOWTO explains how to install and work with these cards.
A tad outdated though..
TechDocs/CardHowtos - FSFE Fellowship Wiki
Howtos for setting up your computer to use your Fellowship smart card, or any other OpenPGP card.
Using the OpenPGP card with subkeys - debian grimoire - groups - Crabgrass
OpenPGP/CleanRoomLiveEnvironment - Debian Wiki
Creating a PGP Master key management workstation that boots from Live CD with networking disabled (Clean room)
Nitrokey | Secure your digital life
The Crypto Stick is an USB key to enable highly secure encryption and signing of emails and data, as well as login to the Web, networks and computers.
Formerly named Crypto Stick and originally a project of the German Privacy Foundation.
REINER SCT - Chipkartenleser
Scute is a PKCS #11 module that adds support for the OpenPGP smartcard card to the Mozilla Network Security Services (NSS).
gpg4usb is a very easy to use and small portable editor to encrypt and decrypt any text-message or -file you want.
Biglumber Links
Some useful encryption links.
OpenPGP JavaScript implementation.
OpenPGP encryption for webmail, using OpenPGP.js
OpenPGP Verschlüsselung für Gmail und andere Webmailer | Gmail-Blog
Mailvelope am Beispiel von Gmail und Chrome, Kurzbeschreibung mit screenshots.
google/end-to-end · GitHub
End-To-End is a Chrome extension that helps you encrypt, decrypt, digital sign, and verify signed messages within the browser using OpenPGP.
Early alpha release.
See also Google looks to make OpenPGP easier for Gmail users | Naked Security
totemo › Securing Data in Motion.
OpenPGP and X.509 transparent email gateway. Proprietary.
Cryptographically verify Usenet control messages.
The Monkeysphere Project
The Monkeysphere project's goal is to extend OpenPGP's web of trust to new areas of the Internet to help us securely identify servers we connect to, as well as each other while we work online. The suite of Monkeysphere utilities provides a framework to transparently leverage the web of trust for authentication of TLS/SSL communications through the normal use of tools you are familiar with, such as your web browser or secure shell.
Paperkey - an OpenPGP key archiver
If everything else fails ... a key printed on paper may survive much longer than any of your disks or CDs.
Fun things you can do with a PGP/GnuPG key

Validome valid HTML 4.01! W3C valid HTML 4.01! Home ../../bookmarks