|
An
Analysis of 5 Million OpenPGP Keys St. Pölten University of Applied Sciences, Austria Abstract OpenPGPG is a well-known environment for email encryption, data signing, authentication and key certification with a long-standing history. Commonly, research regarding OpenPGP focuses on the web of trust and cryptography related aspects. However, there are a lot of other properties of OpenPGP keys that have not been analyzed until now. In this work, we analyze a set of 5 million OpenPGP keys with respect to algorithms used and selection of internal parameters. Furthermore, we analyze connections to third party software, as well as related aspects of the keys. The major contribution lies in analyzing these properties, to visualize trends of OpenPGP usage over the last 20 years and to analyze the evolution of OpenPGP since its beginnings. This provides an insight which can be useful for further decision making regarding OpenPGP and the adoption of public key cryptography in general. In addition, plotting the evolution of public key properties can help find anomalies. Looking at the details of the keys over time makes it possible to see if recommendations regarding key characteristics have an effect on real world use, which in turn might give feedback on new recommendations. The analysis of OpenPGP keys also allows to investigate, how long it takes for changes in default settings of popular software packets to reach the users. Keywords: PGP, key exchange, web of trust +: Corresponding author: Peter Kieseberg Journal of Wireless Mobile Networks, Ubiquitous
Computing, and Dependable Applications (JoWUA),
Vol. 11, No. 3, pp. 107-140, September 2020 [pdf] DOI: 10.22667/JOWUA.2020.09.30.107 |