Having an alternative implementation to GnuPG is a pretty important. Although many would argue against the use of PGP encryption for many use cases such as email, there are other use cases where PGP's ideas have no replacement.
For a specific example take signing git commits. Even fossil scm delegates this task to pgp. Personally keybase is the only project that may provide some form of alternative, but they do so by supporting pgp.
I definitely agree that PGP was and is no longer the correct tool for every use case as it sort out to be, but I find there are still pockets where PGP has no alternative. I'd be interested what HN's thoughts are on PGP for this specific use case and if there could be an alternative.
I'm using OpenPGP.js for drop-in decentralized client-side authentication for my web-based message board.
This has several benefits, which includes giving technically-savvy users to do their own key generation and message signing using whatever tools they prefer, using one of the most widely used encryption/signing standards in existence.
Meanwhile, non-technical users can create a new profile with literally one click and a couple seconds of compute time on their device. They can then back up the key as a text-file and use it on any compatible site.
I think that the potential of PGP has barely been grazed by Keybase, and there are many more applications than we've even hypothesized so far.
As someone who has been trying to use this library but haven't had the time to finish build integration to cross compile for all of my target platforms, I really wish it weren't using nettle, particularly as it is also using openssl :(. Does rust not have useful cryptography libraries yet? Or couldn't it just openssl?
I still use PGP to encrypt files with secrets in them that I am sending to a known source, and I know it's still the base encryption for a few well known file servers. A new player in the market is welcomed.
I have to admit that it looks more digestible than gpg's. It seems it's still missing a way to manage OpenPGP smartcards like Yubikeys. Also, I can't see a way to manage an arbitrary set of subkeys for a given primary key.
I'm really happy to see an alternative to GnuPG, though. This looks promising.
I've looked into the code. It uses Nettle's Curve25519 which seems to be implemented constant-time (assuming ECC mul is using "ecc-mul-g" from which is protected against cache timing attacks because the other ecc-mul implementations are using raw table access.)
Whenever someone criticizes email encryption they fail to provide an actual replacement. Encrypted instant messaging is an alternative, but it's not a replacement.
Hmm, I don't really see any really convincing points, or workable alternatives that your linked article provides.
Nevertheless I would like to read more about this claim:
> It [PGP] was designed in the 1990s, and in the 20 years since it became popular, cryptography has advanced in ways that PGP has not kept up with. So, for example, it recently turned out to be possible for eavesdroppers to decrypt messages without a key, simply by tampering with encrypted messages. Most technologists who work with PGP don’t understand it at a low enough level to see what’s wrong with it.
[+] [-] qqii|6 years ago|reply
For a specific example take signing git commits. Even fossil scm delegates this task to pgp. Personally keybase is the only project that may provide some form of alternative, but they do so by supporting pgp.
I definitely agree that PGP was and is no longer the correct tool for every use case as it sort out to be, but I find there are still pockets where PGP has no alternative. I'd be interested what HN's thoughts are on PGP for this specific use case and if there could be an alternative.
[+] [-] forgotmypw16|6 years ago|reply
This has several benefits, which includes giving technically-savvy users to do their own key generation and message signing using whatever tools they prefer, using one of the most widely used encryption/signing standards in existence.
Meanwhile, non-technical users can create a new profile with literally one click and a couple seconds of compute time on their device. They can then back up the key as a text-file and use it on any compatible site.
I think that the potential of PGP has barely been grazed by Keybase, and there are many more applications than we've even hypothesized so far.
[+] [-] lstoll|6 years ago|reply
[+] [-] Leace|6 years ago|reply
Why keybase? Reading their crypto page (https://keybase.io/blog/crypto) leaves the impression that they took PGP and embrace-extend-extinguished it...
[+] [-] nickray|6 years ago|reply
Second, it's easy to fake PGP: https://boats.gitlab.io/blog/post/signing-commits-without-gp...
Third, we're adding support to SoloKeys to do this using a hardware token: https://github.com/solokeys/solo/issues/395#issuecomment-612...
We're also collaborating with https://keys.pub/ to make "sign/verify" use cases easily usable with a GUI for everyone. So I'd say there's hope?
[+] [-] pot8n|6 years ago|reply
[deleted]
[+] [-] saurik|6 years ago|reply
[+] [-] superdug|6 years ago|reply
[+] [-] nickray|6 years ago|reply
https://keys.pub is a re-implementation of this use case without the messenger/cryptocurrency baggage that some dislike about Keybase.
[+] [-] unknown|6 years ago|reply
[deleted]
[+] [-] jolmg|6 years ago|reply
https://docs.sequoia-pgp.org/sq/index.html
I have to admit that it looks more digestible than gpg's. It seems it's still missing a way to manage OpenPGP smartcards like Yubikeys. Also, I can't see a way to manage an arbitrary set of subkeys for a given primary key.
I'm really happy to see an alternative to GnuPG, though. This looks promising.
[+] [-] longtermd|6 years ago|reply
[+] [-] qqii|6 years ago|reply
[+] [-] pgt|6 years ago|reply
[+] [-] DyslexicAtheist|6 years ago|reply
[+] [-] cpach|6 years ago|reply
[+] [-] mratsim|6 years ago|reply
I've looked into the code. It uses Nettle's Curve25519 which seems to be implemented constant-time (assuming ECC mul is using "ecc-mul-g" from which is protected against cache timing attacks because the other ecc-mul implementations are using raw table access.)
[+] [-] cpach|6 years ago|reply
[+] [-] steerablesafe|6 years ago|reply
[+] [-] gwd|6 years ago|reply
[+] [-] dr_hooo|6 years ago|reply
Nevertheless I would like to read more about this claim:
> It [PGP] was designed in the 1990s, and in the 20 years since it became popular, cryptography has advanced in ways that PGP has not kept up with. So, for example, it recently turned out to be possible for eavesdroppers to decrypt messages without a key, simply by tampering with encrypted messages. Most technologists who work with PGP don’t understand it at a low enough level to see what’s wrong with it.
(I admit I am one of these technologists)
[+] [-] tptacek|6 years ago|reply
https://latacora.micro.blog/2019/07/16/the-pgp-problem.html
I stand by what I wrote in this post as well, but it's not a good first read for people surprised that cryptographers hate PGP.
[+] [-] laumars|6 years ago|reply