GnuPG and OpenPGP

On 6th September 2022, the OpenPGP schism was triggered by GnuPG’s announcement that it would implement an earlier version of the draft specification that would eventually become RFC 9580, and not the version that was agreed by the rest of the OpenPGP Working Group. In order to minimise the damage to the ecosystem, RFC 9580 incremented several version numbers from 5 to 6, and changed some other code points to avoid conflicting definitions.

As a result, GnuPG only implements some parts of the current OpenPGP specification:

• RFC 4880, the previous major revision of OpenPGP.
• RFC 5581, which specifies the Camellia cipher in OpenPGP.
• RFC 6637, which specifies elliptic curve cryptography in OpenPGP.
• Brainpool and 25519Legacy curves, which are also included in RFC 9580.

Instead of the remainder of RFC 9580 however, it implements several novel formats that do not correspond to any OpenPGP specification, most of which are not supported by any other software.

GnuPG does not make clear in its UI where it diverges from OpenPGP, and many of its users are unaware that recent versions produce non-standard formats by default. Several efforts are underway to work around the resulting incompatibilities. For example, most Linux distributions ship GnuPG with the FreePG patch set that disables non-OpenPGP formats by default. Many of them are also actively migrating away from GnuPG to OpenPGP-compliant software in their packaging systems.

Further Info

• A Critique on “A Critique on the OpenPGP Updates”
• Changes between rfc4880bis and crypto refresh