Did you know SSH can sign files?
And you can look up public keys on GitHub?
This post explains a simple PKI already on most computers, that already has public keys for most people on GitHub:
dlorenc.medium.com/ssh-is-the-new
Thanks to for implementing this!
Conversation
This Tweet was deleted by the Tweet author. Learn more
I'd guess that at least one order of magnitude more people have SSH keys configured and stored on GitHub than have gpg keys published in a key server. Maybe two orders of magnitude.
7
This Tweet was deleted by the Tweet author. Learn more
Right, and the latter are what GPG gets horribly wrong (in the ux department at least).
1
PGP has serious flaws such as inherently depending on SHA-1 and having a ridiculous amount of legacy cruft and bloat. The whole web of trust thing is pretty much harmful nonsense, at least as designed. GPG has serious implementation issues beyond all that. I've migrated away.
2
1
10
What are your thoughts on github.com/FiloSottile/age? I've been thinking the same thing, and what I really require is whatever _____ I use must live on my hardware Yubikey.
1
1
Quote Tweet
Replying to @DanielMicay @RichFelker and 2 others
Just going to set up my email server to automatically reject PGP encrypted emails and send a response telling people to contact me on Matrix. Matrix and signify cover nearly all my use cases for it. If I ever actually want to encrypt a file anonymously, I'll use age for that.
1
Don't try to use signify + age for secure messaging instead of a proper secure messaging app with forward secrecy, a good verification system, etc.
1
3
Also see twitter.com/DanielMicay/st. An HSM no secure input, no secure display and the lack of a secure backup system is quite flawed. Needing to generate a key on a general purpose computer to back it up and import it into the HSM is a bad design. Can do a lot better than that.
Quote Tweet
Replying to @bmastenbrook and @whitequark
In general, I don't think an HSM without secure input and output can actually provide as much as people expect from them.
For example, a hardware wallet for Bitcoin with no display lets an attacker send a million dollars to themselves when you confirm buying a pizza with it.
1
Please don't interpret the example that I'm using in that thread as an actual recommendation of an alternative though, since it lacks a secure element. I'm just using it as an example of a proper design for the interface / workflow.
Agreed on not using age for messaging.
I like age+yk for password-store because with touch-to-operate the attacker is capped at exfil one secret per tap. A screen would be great, but Apple's TouchBar SEP looks too complex. For backup I just encrypt to multiple recipients.
1