Conversation

Alright Twitter, it’s time to #killgpg. If you use gpg to encrypt files, tell me how and what features you need. Do you care about signatures? Streaming? Do you pipe tar into it? Do you need seeking? CLI or libraries? Big or small files?

Encrypt w/ symmetric keys
13.7%
Encrypt w/ passwords
14.2%
Encrypt w/ public keys
57.9%
I’m special, see reply
14.2%

2,168 votesFinal results

113

186

432

Filippo Valsorda

@FiloSottile

May 12, 2019

Today we’re going after encryption, not signing. Signing is not a tooling problem but a trust problem, and to the extent it is, it’s mostly covered by signify. Emails are also out of scope. Again, a trust and medium problem. (Which OpenPGP does not solve.)

Filippo Valsorda

@FiloSottile

May 12, 2019

I’m hearing a lot of passwordstore.org, and that’s my own last use case for it! So the new tool will definitely work as a pass backend, and support YubiKeys through the PIV applet.

137

Here's a design by

and I for "age" — a simple, secure and modern encryption tool with small explicit keys, SSH key support, no config options, and UNIX-style composability. docs.google.com/document/d/11y

138

373

Replying to

and

Would be good to have generate include some info about the key, e.g. generation date - or just an argument which is text that will get included in the comment. Should there be short IDs for keys, rather than needing the key hash? Or do you expect that to be done by scripts?

Replying to

and

Adding a generation time comment sounds good, I’ll add that. I am allergic to manual arguments, though. I initially had short IDs, but I realized I hated them in gpg (they can collide! hard to think about) and age keys are short enough to use directly.

Replying to

and

mnemonic backup of seed and deterministic generation for sub keys (if you ever support them) HD Wallet style

Replying to

By the way, Trezor provides this for SSH, GPG and U2F. It also supports the standard usage of a passphrase as an additional word appended to the seed phrase, and on the Trezor Model T that can be directly entered on the device. I use it for a particularly sensitive SSH key.

4:25 PM · May 16, 2019Twitter Web Client

Replying to

github.com/romanz/trezor- also supports a few hardware wallets devices in a portable way. It's also neat that the hardware wallet interface allows the device to show details on the request (sign with identity X) when asking for confirmation to do it.

github.com

GitHub - romanz/trezor-agent: Hardware-based SSH/PGP agent

Hardware-based SSH/PGP agent. Contribute to romanz/trezor-agent development by creating an account on GitHub.