Comment by jmclnx
3 months ago
>Now I’m still excited about the future, but I dream of a world where I can uninstall it.
From 10 years ago, but still, there is nothing today as secure as GPG. Why, because I control the key, not some application or company that embeds encryption into their product.
Since 2015 we have seen may applications that use encryption, and almost every one has given up their key once the company get a legal request from their government. Just look a China for an example.
The only thing I still do not fully understand are 'sub' keys, but that does not prevent me from using gpg.
Another thing is gpg2 pinentry on *BSD needs to be fixed. It fails 100% of the time when gpg2 is called on a GUI application (ex: Emacs) on Net/OpenBSD. On gpg1, a text prompt use to be presented in Emacs, when in X, gpg2 GUI call fails.
> there is nothing today as secure as GPG
Depending on what part of the huge hulk that GPG is, there are many tools that are as secure (or more) than it.
For encryption age[0] comes to mind. For signing minisign[1] or, more recently, plain ssh-keygen[2]. For encryption at rest, restic[3].
PGP having all this built-in with forward-compatibility is a liability.
[0] https://github.com/FiloSottile/age
[1] https://github.com/jedisct1/minisign
[2] https://man.openbsd.org/ssh-keygen.1
[3] https://github.com/restic/restic
The 4 tools you've listed all lack any notion of trust inheritance, which is an utterly vital property of any good crypto system.
The only viable alternative for that is x509 and that's useless for individuals due to the design.
> From 10 years ago, but still, there is nothing today as secure as GPG.
Age?
> Since 2015 we have seen may applications that use encryption, and almost every one has given up their key once the company get a legal request from their government. Just look a China for an example.
https://xkcd.com/538/ ?!?!