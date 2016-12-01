Also the longer you use OpenPGP, the less keys need to be verified. The start is very hard, since you start with no trusted keys at all. The longer you use it, the more fluent usage becomes.
Have been using GPG Suite on macOS and the only problem is, you may not get support for the new macOS on day 1 since apple provides no API for Mail.app. And then again, giving Apple some time to figure out their bugs of the intial major release isn't a bad idea.
And there are a lot of those problems! Maybe even the majority of them!
But PGP was designed for message encryption, and it's a poor choice for message encryption. The community is gradually converging on the idea that SMTP store-and-forward email is just never going to be cryptographically safe, and pretty much the only messaging application in which PGP makes any sense is SMTP email.
What's worse is, much of the PGP ecosystem really only makes sense in a messaging context. Which means that the complex parts of PGP, like key servers and subkeys and things like that, aren't really adding value, but still confuse and distract users.
7-Zip is pretty awesome for actually usable encryption. On Windows, with the Explorer integration, you can just right click a file, select "Add to archive" and create an AES-256 encrypted 7-Zip archive that anyone with 7-Zip can extract just by entering the password.
It is the UX/UI experience that anger people to the highest point. Noobs like long time users.
Correct key handling (signing, revoking, publishing and sometimes doing actually the job) is a burden.
Nothing is wrong with the code so far. Much more whatever correct the software is, it is a pain.
My guess, is that true correct cryptography requires this burden whatever the algorithms are because ensuring identity are trustable is where the more work is, and no software can do it.
Hm?
Of course PGP is criticized for that, just less vocally.
- Authentication is off by default in GPG
- Even so, it's very complex, and most of the protocol isn't authenticated
[ This is problematic, because ciphers tend to be more or less easily malleable, so non-signed messages can be tampered with; this is also an issue for encrypting files symmetrically ]
(- Compression is on by default and makes everything super-slow for no good reason)
- Widely used defaults for encryption and key derivation are rather arcane (eg. CAST5)
- PGP signatures, by principle, are non-repudiatiable, unlike most modern encrypted chat applications, so they prove to _anyone_ _forever_ that your key signed that message.
- PGP format announces all recipients to the world
- No forward secrecy possible
- ...
