Conversation

PGP for secure messaging especially via email is very misguided. Even a decent implementation wouldn't have decent / expected security properties. A secure messaging system should have automatic rotation of long-lived keys, forward secrecy for sessions, proper verification, etc.
1
1
If you want federated, end-to-end encrypted messaging use Matrix instead of insecure cryptography poorly bolted onto a protocol ill suited for it. It doesn't solve the hard problems. Can't paper over the fact that it's fundamentally designed wrong with awful security properties.
1
1
You can consider signify+age as a replacement for GPG. It's just not a good approach to secure messaging outside of niche use cases. For example, the best approach for accepting anonymous submissions of encrypted files would be age. It's anonymous authenticated file encryption.
1
2
If you want to prove authenticity too, you need to sign it with signify. However, you still have authenticated encryption with age alone without signify. It just doesn't assert an origin so while someone can't tamper with the message, they could outright replace it with another.
1
1
Minisign extends with with trusted (verified) comments and optional built-in pre-hashing support. If you don't use those extensions, minisign signatures are compatible with signify. Signify also knows how to verify files via a signed BSD-style hash file (minisign doesn't).
2
1
Age gives you authenticated encryption for files with either public/private keys or passphrases. Creator of the file is anonymous when using either native age keys or passphrases. I think it would be nice if it provided signing but leaving it up to signify/minisign is fine too.
2
1
Show replies