UNCLASSIFIED

FSG-A // SECURE DELIVERY

SECURE DELIVERY
OPENPGP ENCRYPTION TOOLKIT

COMPLETE TOOLKIT 2026-04-19 6 MIN READ

KEY TAKEAWAY

FSG-A ships an asymmetric encryption toolkit for delivering source archives to Försvarsmakten, FMV, FOI, and NATO partners. It uses OpenPGP (RFC 4880) via GnuPG — the cryptographic standard Swedish defence already trusts. Each recipient holds their own private key; you encrypt to their public key; only they can decrypt. Optional digital signatures prove the file came from you unchanged. The toolkit is stress-tested across 20 scenarios covering key generation, multi-recipient workflows, tamper detection, non-recipient lock-out, and signature verification. Files are in gpg-tools/ inside the source archive.

Contacting FSG-A

FSG-A accepts contact only via PGP-encrypted email. There is no public phone number, no unencrypted email address, and no contact form. This is a deliberate operational-security choice: the author lives in a combat zone, works on systems that affect peer-adversary capabilities, and accepts correspondence only through channels where authentication and confidentiality are cryptographically enforced.

FSG-A PGP public key

Fingerprint

B892 2A94 E356 87EF A78F 83BC 0D0D 7A5C 62CD 468C

Keyserver

keys.openpgp.org

Fetch command

gpg --keyserver keys.openpgp.org --recv-keys B8922A94E35687EFA78F83BC0D0D7A5C62CD468C

Verify the fingerprint independently before trusting the key. A fingerprint published on a single website is not a root of trust — cross-reference it against any other channel where FSG-A is verifiable (signed commits, prior correspondence, in-person exchange). If a keyserver returns a key whose fingerprint does not match the one above, do not use it.

To send encrypted email to FSG-A, fetch the key using the command above, write your message, and encrypt it with gpg --encrypt --recipient B8922A94E35687EFA78F83BC0D0D7A5C62CD468C. Deliver the resulting .asc or .gpg file through any channel you prefer — the ciphertext is safe to transmit over unencrypted email, file-sharing services, or messenger apps. Only the holder of the corresponding private key can decrypt it.

Why OpenPGP

Försvarsmakten, FMV, and FOI already use OpenPGP-compatible tooling for secure exchange of unclassified-but-sensitive material. Choosing a standard that evaluators already trust means FSG-A deliveries can be opened with existing workflows — no new software to approve, no new training, no vendor lock-in. OpenPGP has three decades of cryptanalytic scrutiny and is governed by an open IETF standard (RFC 4880bis), which makes it the natural choice when the delivery chain includes government evaluators.

Asymmetric encryption means each recipient holds their own private key and publishes a corresponding public key. You encrypt to the recipient's public key; only their private key can decrypt. This eliminates the classic "how do we share the password" problem that plagues symmetric-key systems. It also composes cleanly with multiple recipients — the same ciphertext can be decrypted by any of several named recipients independently.

Toolkit Contents

FILES IN tools/ (shipped inside fsga-wiki-src.zip)

fsga-gpg-setup.py

First-time setup guide, keyring audit, public-key export

fsga-gpg-encrypt.py

Encrypt one or many files to one or more recipients, with optional signing

fsga-gpg-decrypt.py

Decrypt received archives, verify signatures, or verify-only without decryption

test_gpg_toolkit.py

Comprehensive stress suite — 20 tests on isolated throwaway keys

README-GPG.md

Quick-start reference, troubleshooting, hardware-token setup

Cryptographic Properties

The toolkit does not invent new cryptography. It delegates all cryptographic operations to GnuPG (version 2.2 or later), which implements RFC 4880-compliant OpenPGP. Session keys for bulk encryption use AES-256 in CFB mode. Session keys themselves are wrapped in either RSA-4096 (legacy-compatible) or Curve25519 / Ed25519 (modern elliptic-curve, preferred for new keys). Message authentication uses modification detection codes (MDC) to detect tampering, and optional digital signatures provide non-repudiation.

SECURITY PROPERTIES

Confidentiality

AES-256 session keys wrapped in RSA-4096 or Curve25519

Integrity

Modification Detection Code (MDC); tampered ciphertext rejected

Authenticity

Optional Ed25519 or RSA-PSS digital signature

Multi-recipient

One ciphertext, N independent recipients; any can decrypt alone

Forward secrecy

Not provided by OpenPGP itself — pair with TLS transport if needed

Hardware-backed keys

Supported via YubiKey 5, Nitrokey, Försvarsmakten smartcards

Workflow — End-to-End Delivery

The complete delivery workflow from FSG-A to a Försvarsmakten evaluator proceeds as follows. The sender (FSG-A operator) and recipient (evaluator) each run their half of the workflow on their own machine. No secret material traverses the network in plaintext.

#!/bin/bash
# ─── ONE-TIME SETUP (sender) ────────────────────────────────────
gpg --full-generate-key                  # Choose RSA 4096 or Curve25519
python3 gpg-tools/fsga-gpg-setup.py --audit  # Verify keyring hygiene

# ─── ONE-TIME SETUP (recipient, e.g. FMV evaluator) ─────────────
gpg --full-generate-key
python3 gpg-tools/fsga-gpg-setup.py --export-public \
    "evaluator@fmv.se" --out fmv-evaluator.asc
# Send fmv-evaluator.asc to FSG-A via any channel

# ─── FSG-A IMPORTS RECIPIENT'S PUBLIC KEY ──────────────────────
gpg --import fmv-evaluator.asc
gpg --fingerprint "evaluator@fmv.se"
# VERIFY fingerprint with recipient by phone/signal/in-person

# ─── FSG-A ENCRYPTS + SIGNS ─────────────────────────────────────
python3 gpg-tools/fsga-gpg-encrypt.py --batch \
    --recipient "evaluator@fmv.se" \
    --sign "fsga-operator@example.com"

# Output: fsga-code-v2.zip.gpg, fsga-wiki-dist.zip.gpg,
#         fsga-wiki-src.zip.gpg — safe to send via email/cloud/USB

# ─── RECIPIENT DECRYPTS + VERIFIES ──────────────────────────────
python3 gpg-tools/fsga-gpg-decrypt.py --input fsga-code-v2.zip.gpg
# GPG automatically verifies the signature; if invalid, warns loudly

Stress Test Coverage

The toolkit ships with test_gpg_toolkit.py — a 20-test stress suite that exercises every critical path. The suite generates throwaway 2048-bit RSA test keys in an isolated temporary directory and destroys them after the run; the user's real keyring is never touched.

STRESS TEST — 20 SCENARIOS (all passing)

Infrastructure (3)

GPG binary present, python-gnupg importable, scripts compile cleanly

Key generation (4)

Three test identities (Alice, Bob, Eve) generated; keyring lists all three

Single recipient (2)

Encrypt Alice → ciphertext; Alice decrypts identically

Multi-recipient (2)

Encrypt to Alice AND Bob; both can decrypt independently

Signed encryption (2)

Alice signs → Bob decrypts; Bob verifies Alice's signature

Tamper detection (1)

One-bit flip in ciphertext → decryption or signature fails as required

Non-recipient lock-out (1)

Encrypt to Alice only; Eve (non-recipient) cannot decrypt

Large file performance (1)

10 MB round-trip in under 30 seconds (typical: ~5 MB/s)

ASCII armor (1)

Text-safe output begins with BEGIN PGP MESSAGE header

Batch mode (1)

All three FSG-A archives encrypted in one command

Setup helpers (2)

Audit runs cleanly; exported public key contains no private material

Boundaries — What the Toolkit Does Not Do

Three explicit non-goals limit the toolkit's scope. First, the toolkit does not transmit files. Encryption is local; the sender chooses the transport channel (email, cloud upload, USB drive, physical delivery). Second, the toolkit does not handle your passphrase. gpg-agent and pinentry prompt you directly when your private key needs to be unlocked; no FSG-A script ever sees, logs, or stores the passphrase. Third, the toolkit does not delete plaintext. After verifying that the encrypted output works, the operator manually decides when and how to destroy plaintext originals according to their organisation's data-handling policy.

Hardware Token Support

Operational deployments should use hardware-backed keys rather than software keys stored on disk. A hardware token like YubiKey 5, Nitrokey 3, or a Försvarsmakten-issued smartcard holds the private key on the device itself — the key material never exists in computer memory. Losing a laptop without the token gives an attacker nothing; losing the token requires the attacker to also know the PIN, and after three incorrect PIN entries the key is permanently locked. This is the recommended deployment model for any FSG-A operator who carries operational material on a mobile device.

#!/bin/bash
# Generate key directly on hardware token (YubiKey / Nitrokey / FM smartcard)
gpg --card-edit
gpg/card> admin
gpg/card> generate
# Follow prompts — key never leaves the token
# Verify token holds the key:
gpg --card-status
# Export public key for distribution:
gpg --armor --export > operator-hardware.asc

Integration With Wiki Deliverables

The three main FSG-A archive files can all be encrypted to one or more named recipients using a single batch command. The files are fsga-wiki-dist.zip (the live website), fsga-wiki-src.zip (buildable source including the SDK and validators), and fsga-code-v2.zip (the standalone code bundle with SDK, stress tests, and Fischer 26/26E capability verification). Each corresponds to a different evaluation need — the dist archive serves documentation reviewers, the src archive serves build-and-test evaluators, and the code archive serves engineering acceptance.

Related Chapters

Download Source Code

Formal Documentation Suite

Contributors & Acknowledgements

About FSG-A

Sources

Standards referenced: RFC 4880 OpenPGP Message Format (IETF); RFC 6637 Elliptic Curve Cryptography in OpenPGP; GnuPG manual (GnuPG project documentation). The toolkit itself is CC BY-SA 4.0, built on top of GnuPG (GPL) and python-gnupg (BSD). Cross-references within the FSG-A wiki — source archive download: download.html; SDK specification and structure: fischer26e-sdk.html; cryptographic primitives used inside the SDK itself (MAVLink HMAC, HKDF daily rotation, DRAM scrubber): cybersecurity-mavlink.html, lisa26-captured-drone.html.

SECURE DELIVERYOPENPGP ENCRYPTION TOOLKIT