Photo by Amol Tyagi on Unsplash_Key.jpg

Securing email communication with GnuPG

Key Master

Article from ADMIN 89/2025

By Heike Jurzik

We look at certificate management with a Web Key Directory and a directory service and investigate automated authentication with GnuPG actium.

GNU Privacy Guard (GnuPG) [1] is an open source tool used worldwide for encrypting and signing mail and files. Its implementation and use can be challenging when it comes to distributing certificates on a large scale and authenticating their origin. Flexible trust models such as the hierarchical model with a trusted key as the trust anchor and optional trusted introducers for domain-specific authentication simplify management.

The trusted key (certificate authority (CA) certificate) authenticates keys throughout the organization, while trusted introducers (intermediate certificates) add trust relationships to specific domains in a targeted way. Further details and background information can be found in the GnuPG white paper on certificate management [2].

GnuPG forms the basis for other tools designed for different security requirements: GnuPG Desktop [3] and Gpg4win [4] are user-friendly desktop versions. GnuPG VS-Desktop [5] is available for particularly secure use in government agencies and companies in which security and data integrity are paramount, especially when it comes to information with EU-RESTRICTED and NATO-RESTRICTED information [6].

Provisioning Keys in the WKD

A Web Key Directory (WKD) provides a simple and secure way to make public keys for email addresses available over HTTPS. The underlying standard was first implemented in GnuPG version 2.1.12 and has been enabled by default since version 2.1.23. The Web Key Service (WKS) complements this process by automating the management and publication of keys in a WKD, but it is not mandatory. Many

...

Use Express-Checkout link below to read the full article (PDF).