there was efail.de where some of the vulns were due to integrity errors from shelling out to GPG not being propagated to the MUAs, which is one of the risks of shelling out
Conversation
This makes me want to get started again on my Go GPG library interfaces again, but I know I’ll forget about it until the next time.
1
Use modern, secure cryptography instead. Secure messaging should be done with proper secure messaging protocols. Standalone authenticated file encryption should be done with github.com/FiloSottile/age. File signing should be done with signify/minisign which have libraries available.
2
4
I’m definitely down with using something more modern and applicable, but (aside from atrocious usability issues) I have trouble understanding what’s so fatally flawed about PGP as a de facto standard.
1
And the problems with the other ones are lack of widespread support in mail/file/desktop clients compared to PGP, which is a fixable problem, but we gotta settle on a smaller subset of things before that’ll happen.
1
Meanwhile, I still need to interact with PGP signed/encrypted files, so making a library that does that properly instead of shelling out to GPG is something that has potential benefit to me.
1
PGP for secure messaging especially via email is very misguided. Even a decent implementation wouldn't have decent / expected security properties. A secure messaging system should have automatic rotation of long-lived keys, forward secrecy for sessions, proper verification, etc.
1
1
If you want federated, end-to-end encrypted messaging use Matrix instead of insecure cryptography poorly bolted onto a protocol ill suited for it. It doesn't solve the hard problems. Can't paper over the fact that it's fundamentally designed wrong with awful security properties.
1
1
In general, I’m happy to concede that there’s not a great one-size-fits-all solution for what PGP tries to tackle, namely encryption/signing of files at rest (for multiple recipients) and encryption/signing of ephemeral/ish messages in transit, which is more session-oriented.
1
You can consider signify+age as a replacement for GPG. It's just not a good approach to secure messaging outside of niche use cases. For example, the best approach for accepting anonymous submissions of encrypted files would be age. It's anonymous authenticated file encryption.
1
2
If you want to prove authenticity too, you need to sign it with signify. However, you still have authenticated encryption with age alone without signify. It just doesn't assert an origin so while someone can't tamper with the message, they could outright replace it with another.
I’ll need to dig into that more, then, sounds like that pairing covers about 90% of what I’m interested in.
1
1
Signify signatures are a line with "untrusted comment: ..." followed by a line with base64 encoded signature.
Encoded data is "Ed" (in case it ever needs a new algorithm), 64-bit key id (no security relevant beyond helping with rotation) and raw ed25519 signature (~20 bytes).
1
1
Show replies