>Now I’m still excited about the future, but I dream of a world where I can uninstall it.
From 10 years ago, but still, there is nothing today as secure as GPG. Why, because I control the key, not some application or company that embeds encryption into their product.
Since 2015 we have seen may applications that use encryption, and almost every one has given up their key once the company get a legal request from their government. Just look a China for an example.
The only thing I still do not fully understand are 'sub' keys, but that does not prevent me from using gpg.
Another thing is gpg2 pinentry on *BSD needs to be fixed. It fails 100% of the time when gpg2 is called on a GUI application (ex: Emacs) on Net/OpenBSD. On gpg1, a text prompt use to be presented in Emacs, when in X, gpg2 GUI call fails.
kaoD•12m ago
> there is nothing today as secure as GPG
Depending on what part of the huge hulk that GPG is, there are many tools that are as secure (or more) than GPG.
For encryption age[0] comes to mind. For signing minisign[1] or, more recently, plain ssh-keygen[2]. For encryption at rest, restrict[3].
PGP having all this built-in with forward-compatibility is a liability.
jmclnx•21m ago
From 10 years ago, but still, there is nothing today as secure as GPG. Why, because I control the key, not some application or company that embeds encryption into their product.
Since 2015 we have seen may applications that use encryption, and almost every one has given up their key once the company get a legal request from their government. Just look a China for an example.
The only thing I still do not fully understand are 'sub' keys, but that does not prevent me from using gpg.
Another thing is gpg2 pinentry on *BSD needs to be fixed. It fails 100% of the time when gpg2 is called on a GUI application (ex: Emacs) on Net/OpenBSD. On gpg1, a text prompt use to be presented in Emacs, when in X, gpg2 GUI call fails.
kaoD•12m ago
Depending on what part of the huge hulk that GPG is, there are many tools that are as secure (or more) than GPG.
For encryption age[0] comes to mind. For signing minisign[1] or, more recently, plain ssh-keygen[2]. For encryption at rest, restrict[3].
PGP having all this built-in with forward-compatibility is a liability.
[0] https://github.com/FiloSottile/age
[1] https://github.com/jedisct1/minisign
[2] https://man.openbsd.org/ssh-keygen.1
[3] https://github.com/restic/restic