HackedGnuPG is now financially self-sustaining

GnuPG is now financially self-sustaining


- Advertisment -

Longtime GnuPG maintainer Werner Koch has posted an change on the project,
largely eager by the unusual linked “GnuPG VS-Desktop” enterprise that is,
it appears, going fairly effectively:

For hundreds of years our work used to be essentially financed by donations and smaller
projects. Now we have reached a level where we can gain pleasure in a
continuous earnings circulate to attain and prolong the system without
asking for donations or grants. Right here’s fairly a brand unusual journey to us
and I am essentially a bit proud to manual one of the few self-sustaining
free system projects who had now to now not sacrifice the needs of the

He concludes with a demand for participants who were donating to GnuPG
to redirect their generosity toward one other deserving project. Right here’s
fair news; GnuPG ran on a shoestring for plenty too prolonged.

From: Werner Koch via Gnupg-devel
To: gnupg-allege-AT-gnupg.org
Topic: [Announce] A Novel Future for GnuPG
Date: Mon, 03 Jan 2022 08: 19: 26 +0100
Message-ID: <871r1p1e2p.fsf__49588.9554427535$1641194935$gmane$org@wheatstone.g10code.de>
Cc: Werner Koch
Whats up and a Delighted Gnu 300 and sixty five days!

It has been fairly some time since my last home whisper on GnuPG.  I
were fairly busy working on the project nonetheless unfortunately rarely ever
active on the frequent channels.  So, here's a brand unusual whisper telling what we
did over the last two or three years.

Please learn at the least the last allotment.

A web model of this article is on hand at

Some background

  Within the starting achieve GnuPG used to be a relaxing project I did in my spare time.
  After a couple of years this modified into out to be a fleshy time job and it used to be
  imaginable to originate paid projects to attain and extra produce

  When the BSI (Germany's Federal Living of job for Info Safety)
  migrated reduction from Linux to Windows, a must migrate their
  discontinue-to-discontinue encryption solution, per GnuPG and KMail, used to be wanted.
  A requirement bids for an Open Source solution used to be issued and our
  firm, g10 Code, along with our associates at Intevation and KDAB
  purchased the contract.  The consequence used to be Gpg4win, the within the meantime
  usual distribution of GnuPG for Windows.

  It modified into out that the system broken-down in Germany to present protection to restricted
  recordsdata at the VS-NfD diploma, called Chiasmus, showed its age.  For
  instance, the block length of 64 bits (love IDEA or 3DES) is now now not
  anymore obtain for recordsdata of better than 150 MiB.  Additionally the secret
  encryption algorithm has now now not anymore the conceitedness folks broken-down to
  have in it and attributable to missing hardware toughen it is far reasonably slack.  A
  unusual call to expose for a replacement of that system used to be issued and we
  moreover with Intevation were granted the contract.  Our solution used to be to
  change GnuPG and its frontends Kleopatra and GpgOL.  After some
  thorough evaluate of our system (working title /Gpg4VS-NfD/) and
  the frequent bureaucratic we purchased a significant approval in January 2019.

Meet GnuPG.com

  I were working with Andre Heinecke of Intevation GmbH since about
  2010 on Gpg4win and some utterly different projects.  With the foreseeable
  approval of /Gpg4VS-NfD/ Andre then left Intevation and took over 40%
  of the g10 Code shares from my brother (I am maintaining utterly different 60%).

  We began to acquire a true product out of /Gpg4VS-NfD/.  Thus we rented
  a brand unusual utter of enterprise to work desk by desk on this and employed workers for gross sales
  and marketing.  We launched the stamp /GnuPG.com/ to have a closer
  recognition of our product than by our obedient title /g10 Code GmbH/.
  The system itself used to be re-branded as /GnuPG VS-Desktop®/ and
  dispensed as an MSI packet for Windows and as an AppImage for Linux.
  With the exception of for customer particular configuration recordsdata /GnuPG VS-Desktop/ is
  and would possibly maybe maybe repeatedly be Open Source below the GNU Typical Public License.

  We moreover achieve maintaining /Gpg4win/ because the community model.  Right here's
  per the the identical source code as /GnuPG VS-Desktop/ nonetheless comes with
  more aspects attributable to using the most new style department.

  The advantages for the customer to pay for /GnuPG VS-Desktop/ are: a
  industrial toughen contract, the guarantee of a prolonged bustle maintained
  and licensed model, customization strategies, community tested unusual
  aspects, and the per-approval required vendor for security updates.

  Additionally technically printed for longer, it modified into entirely last year broadly
  known, that the legacy Chiasmus system can also now now not anymore be broken-down for
  restricted communication from this year on.  For the administration
  and moreover for the industry two choice exist emigrate away from
  Chiasmus: the proprietary GreenBone system from /cryptovision GmbH/
  and our Open Source system /GnuPG VS-Desktop/.

The flee in direction of GnuPG VS-Desktop

  Since summer 2021 the telephones of our gross sales team did now not discontinue ringing and
  we can also lift within the fruits of our work.  We weren't conscious how many
  utterly different governmental businesses exist and how a amount of them have a necessity
  to present protection to recordsdata at the VS-NfD (restricted) diploma.  And with these
  businesses moreover comes a mountainous deepest and corporate sector who moreover have
  to address such communication.

  Even supposing we toughen S/MIME, the majority of our customers determined in
  prefer of the OpenPGP protocol, attributable to its higher flexibility and
  independence of a centralized public key infrastructure.  A minor
  plot back is that for a fast launch and simple migration from Chiasmus,
  many web sites will remark symmetric-entirely encryption (i.e. per
  "gpg -c").  Nevertheless, the now deployed system offers the
  foundation to transfer on to a gratified public-key solution.

  In particular, our now silent integration into Challenging Itemizing makes
  working with OpenPGP below Windows essentially tremendous.  We were moreover in a position to
  accomplice with Rohde & Schwarz Cybersecurity GmbH for a silent
  integration of GnuPG VS-Desktop with their smartcard administration

  We estimate that a quarter million locations of work will be equipped with
  GnuPG VS-Desktop and provide the users utter of the artwork file and
  mail encryption.  Our longer term thought is to equip all public agency
  locations of work with discontinue-to-discontinue encryption system - now now not entirely these with
  a straight need for an licensed VS-NfD solution.  This ought to nonetheless moreover
  match effectively into the launched aim of the unusual German government to
  foster the come of Open Source.

Kudos to all supporters

  For hundreds of years our work used to be essentially financed by donations and smaller
  projects.  Now we have reached a level where we can gain pleasure in a
  continuous earnings circulate to attain and prolong the system without
  asking for donations or grants.  Right here's fairly a brand unusual journey to us
  and I am essentially a bit proud to manual one of the few self-sustaining
  free system projects who had now to now not sacrifice the needs of the

  These of you with SEPA donations, please stop them and redirect your
  funds to utterly different projects which are more fast of monetary toughen.
  The Paypal and Stripe essentially essentially based recurring donations have already been
  canceled by us.

     All you supporters seriously helped us to attain GnuPG alive and to
              in the end setup a sustainable style mannequin.



Right here's an announcement entirely mailing list.  Please send replies entirely to
the gnupg-users at gnupg.org mailing list.
List of Open Signing Keys:
To guarantee that a downloaded GnuPG model has now now not been tampered by
malicious entities we provide signature recordsdata for all tarballs and
binary variations.  The keys are moreover signed by the prolonged bustle keys of
their respective owners.  Latest releases are signed by a lot of
of these four keys:

  rsa3072 2017-03-17 [expires: 2027-03-15]
  5B80 C575 4298 F0CB 55D8  ED6A BCEF 7E29 4B09 2E28
  Andre Heinecke (Open Signing Key)

  ed25519 2020-08-24 [expires: 2030-06-30]
  6DAA 6E64 A76D 2840 571B  4902 5288 97B8 2640 3ADA
  Werner Koch (dist signing 2020)

  ed25519 2021-05-19 [expires: 2027-04-04]
  AC8E 115B F73E 2D8D 47FA  9908 E98E 9B2D 19C6 C8BD
  Niibe Yutaka (GnuPG Open Key)

  brainpoolP256r1 2021-10-15 [expires: 2029-12-31]
  02F3 8DFF 731F F97C B039  A1DA 549E 695E 905B A208
  GnuPG.com (Open Signing Key 2021)

The keys are on hand at https://gnupg.org/signature_key.html and
in any fair as of late launched GnuPG tarball within the file g10/distsigkey.gpg .
Expose that this mail has been signed by a special key.

g10 Code GmbH        -=- GnuPG.com -=-      AmtsGer. Wuppertal HRB 14459
Bergstr. 3a                                 Geschäftsführung Werner Koch
D-40699 Erkrath      https://gnupg.com      USt-Identity DE215605608
Gnupg-allege mailing list
Gnupg-devel mailing list

(Log in to put up feedback)

- Advertisement -

Join the pack! Join 8000+ others registered users, and obtain chat, obtain teams, put up updates and obtain associates spherical the enviornment!

- Advertisement -

You might also likeRELATED
Recommended to you

The College Park (Prince Georges County) Twister of 2001 September 24

The temporary MFRI headquarters before the tornado The remains of the MFRI building after the tornado; Ann and Imogen were inside with 5 others Until 2001 September 24 we tended to look on tornado watch warnings as an exciting possibility to see something dramatic but harmless: after all, tornados never touch down in suburban Maryland.…

Framework Notebook computer with Ubuntu Analysis

I constructed my have computer over the...

Focalboard open source, self-hosted alternative to Trello, Notion, and Asana

Like what you see? 👀 Give us a GitHub...

A deep dive into an NSO zero-click on iMessage exploit: Faraway Code Execution

Posted by Ian Beer & Samuel Groß of Google Project Zero We want to thank Citizen Lab for sharing a sample of the FORCEDENTRY exploit with us, and Apple’s Security Engineering and Architecture (SEAR) group for collaborating with us on the technical analysis. The editorial opinions reflected below are solely Project Zero’s and do not…
- Advertisement -

Billionaire Chamath Palihapitiya: ‘nobody cares’ about China’s Uyghur genocide

WASHINGTON – Billionaire investor Chamath Palihapitiya triggered a backlash on social media after saying during a recent episode of his podcast that "nobody cares" about the ongoing human rights abuses against the Uyghurs in China.During a 90-minute episode, Palihapitiya told co-host Jason Calacanis on their "All-In" podcast that he would be lying if he said that…

Show HN: Declarative Instrumentation for Python

Pyccolo is a library for declarative instrumentation in Python; i.e., it lets you specify the what of the instrumentation you wish to perform, and takes care of the how for you. It aims to be ergonomic, composable, and portable, by providing an intuitive interface, making it easy to layer multiple levels of instrumentation, and allowing…

Must read

Show HN: Free polling tool for scheduling meetings by Calendly

IndividualsTeamsEnterpriseProductPricingResourcesMeeting PollsA simpler way for everyone to find time...
- Advertisement -