Word of Warning — All versions of PGP are NOT created equally!

2 minute read

The version lines that are usually shown by default in PGP keys and PGP signature blocks, often reveal which OS the person is using.

PGP/GPG Version strings:

You can tell a fair bit about a user’s PGP/GPG setup from their Version: string. Here are some typical examples:

Version: GnuPG v1.4.11 (GNU/Linux)

This key belongs to a Linux user.

Version: GnuPG v2.0.19 (MingW32)

This key belongs to a Windows user.

Version: GnuPG/MacGPG2 v2.0.17 (Darwin)

This key belongs to a Mac OS X user.

Versions that should make you nervous:

Version: 9.9.0.397

This person is using the official PGP version, as published by Symantec. I’ve read statements by Kevin Mitnick that he no longer trusts PGP, since it was acquired by Symantec.   In his post, Mitnick refers to the case of Diskreet, which back in the early days, was an encryption package sold by Symantec. This software purported to use the full 56-bit DES cipher algorithm, which was quite strong for its day. Mitnick stated that he acquired a copy of the Diskreet source code, and discovered that the actual key was nowhere near 56-bits, but was incredibly weak. He went on to say that based on his experience, he would not trust any version of PGP published by Symantec.

His caution is only underscored by the Snowden revelations earlier this Summer, which set out the NSA’s campaign of attempting to weaken or backdoor crypto.
I, for one, would not trust any closed-source crypto software published by an American company — that goes double for companies with a history like Symantec.

To the best of my knowledge, Symantec does not publish PGP source code, and as an American company, their crypto software is now suspect.

Versions of PGP  that should make you run away screaming:

Versions of PGP with these Version: strings are based on the BouncyCastle Java crypto libraries. They should be avoided like the plague.

Version: BCPG v1.45
Version: BCPG v1.47

These versions of PGP are absolutely NOTORIOUS for generating MASSIVELY UNSAFE PGP keys by default. These versions typically generate DSS/Elgamal keys
with signing keys with a size of 1024-bits, and an encryption sub-key of as little as 512-bits.
By: Nightcrawler

512-bit keys are so unsafe, that they were being broken by hobbyists on spare hardware a dozen years ago. 1024-bit keys were deprecated by NIST more than 3 years ago.

Version: BCPG C# v1.6.1.0

This version of PGP generates by default a PGP key of 1024-bits, with NO encryption sub-key. Again, these keys are unsafe/obsolete.

Recommendations:

Any software that uses the Java Bouncycastle crypto libraries (like PortablePGP) should be avoided like the plague. These typically contain BCPG in the Version: string.

GPG4Win/Kleopatra/GPA are also deprecated — Kleopatra generates RSA keys without an encryption sub-key. Dual RSA keys, with one RSA key for signing, and the other exclusively for encryption have been standard since the Fall of 2009.
GPA will not generate keys over 3072-bits in length.

GPG4USB or Gnu Privacy Tray (GnuPT) are recommended, as they are:

* Easy to use

* Standards compliant

GnuPT, in particular, is frequently updated. Usually, when there is a new GPG version (e.g. 1.4.15), the GnuPT developers issue an update with a day or two, reflecting the change.

Download links:

GPG4USB: http://gpg4usb.cpunk.de/index.html

GnuPT: http://www.gnupt.de/ (Site is in German)

Updated: 2014-05-11