Meanwhile, I still need to interact with PGP signed/encrypted files, so making a library that does that properly instead of shelling out to GPG is something that has potential benefit to me.
Conversation
PGP for secure messaging especially via email is very misguided. Even a decent implementation wouldn't have decent / expected security properties. A secure messaging system should have automatic rotation of long-lived keys, forward secrecy for sessions, proper verification, etc.
1
1
If you want federated, end-to-end encrypted messaging use Matrix instead of insecure cryptography poorly bolted onto a protocol ill suited for it. It doesn't solve the hard problems. Can't paper over the fact that it's fundamentally designed wrong with awful security properties.
1
1
In general, I’m happy to concede that there’s not a great one-size-fits-all solution for what PGP tries to tackle, namely encryption/signing of files at rest (for multiple recipients) and encryption/signing of ephemeral/ish messages in transit, which is more session-oriented.
1
You can consider signify+age as a replacement for GPG. It's just not a good approach to secure messaging outside of niche use cases. For example, the best approach for accepting anonymous submissions of encrypted files would be age. It's anonymous authenticated file encryption.
1
2
If you want to prove authenticity too, you need to sign it with signify. However, you still have authenticated encryption with age alone without signify. It just doesn't assert an origin so while someone can't tamper with the message, they could outright replace it with another.
1
1
I’ll need to dig into that more, then, sounds like that pairing covers about 90% of what I’m interested in.
1
1
Signify signatures are a line with "untrusted comment: ..." followed by a line with base64 encoded signature.
Encoded data is "Ed" (in case it ever needs a new algorithm), 64-bit key id (no security relevant beyond helping with rotation) and raw ed25519 signature (~20 bytes).
1
1
Minisign extends with with trusted (verified) comments and optional built-in pre-hashing support. If you don't use those extensions, minisign signatures are compatible with signify.
Signify also knows how to verify files via a signed BSD-style hash file (minisign doesn't).
2
1
Age gives you authenticated encryption for files with either public/private keys or passphrases. Creator of the file is anonymous when using either native age keys or passphrases. I think it would be nice if it provided signing but leaving it up to signify/minisign is fine too.
2
1
Since it has authenticated encryption, age does essentially have signing when using passphrases.
It's a design choice to omit having a way to declare who is creating an encrypted file when encrypting to someone's public key. They'd rather leave it up to signify/minisign for now.
Right. Authenticated MACs are handy, but delegating deep signature validation to something else avoids second system syndrome to some extent.
1
The main annoyance from it is having 2 separate pairs of keys in different formats when a single pair would suffice. A perfectly good solution would be making a 2nd tool able to use age keys for signing / verification.
I wouldn't mind simply having 2 separate CLI tools for it.
1
1
Show replies