Why you should not use GnuPG or PGP

You are most likely a private person. And you are most likely sending Emails to other private persons. If that is the case, GnuPG and PGP are not your friends!

Take a peek at these four cryptographic properties:

  1. End-to-end encryption
    No one should be able to read intercepted messages - except the intented receiver of course.
  2. Forward secrecy
    Old encrypted messages should stay encrypted even if the encryption keys get stolen one day. In other words: what was beeing said should stay secret.
  3. Authenticity
    It should be clear that the person writing is the real person and not an imposter.
  4. Deniablity
    If something was beeing said in private there is naturally no proof about what was beeing said thus everything is deniable.

Every one of those four properties is a necessary part of what we commonly call a private conversation. Take for example Deniablity. If we leave that out, every participant of a conversation could not only forward received messages to third parties and claim that they are real but also mathematically prove that they are real. How private would such a conversation really be?

While the strong proofs provided by digital signatures in cryptographic packages like PGP and S/MIME [offer non-repudiability, the opposite of deniablity, they] are useful for signing contracts, most casual conversations online do not require, and in fact, should not have, that level of permanence associated with them.[1]

GnuPG/PGP does only a lip service to private conversation in that they only provide Authenticity and End-to-end encryption. They completely lack Forward secrecy and Deniablity.

Worse yet: People using GnuPG/PGP are often inclined to generally sign all messages they write - not only those that are encrypted. Meaning they provide a way for recipients to authenticate their messages even if the content of the message was sendt in plain-text. Since we know that the internet is surveiled at a large scale, people signing their mails without actually encrypting them are voluntarily providing better data to all the surveilling agencies - the agencies then can not only store and parse the mails but also have higher certainty that the mails are real.

[...] for all the good PGP has done in the past, it's a model of email encryption that's fundamentally broken.[2]

What to do? The best way forward, in my opinion, is then to leave Email behind as a lost technology. Use it here and there to reach your peers but try to win them over for technologies that protect all four cornerstones of private conversations.

There are two main open source products which provide these features: TextSecure and OTR. TextSecure is a messenger in and of itself while OTR is an encryption layer you can use with multi-messengers like Pidgin and soon Empathy. Better get started with good encryption now: Check out Textsecure for the cell phone or Pidgin with OTR for the desktop.

Further reading/References:
1. A more technical discussion:
  otr.cypherpunks.ca: Off-the-Record Communication, or, Why Not To Use PGP
2. A good read! Not too technical:
  blog.cryptographyengineering.com: What's the matter with PGP?
The author

Written by Per

Free software enthusiast and transhumanist residing in Stuttgart, Germany.

comments powered by Disqus