>It is by no means a complete replacement for GPG, but that is a good thing considering the sheer number of features is what makes GPG practically unusable.
Kryptor example:
$ kryptor -e -p test.jpg
Same thing with GPG:
$ gpg -c test.jpg
So how can unused features in a command line utility make something "practically unusable"?
I think incredibly easy is a bit far. Look at how many commands and options there are in total: https://www.gnupg.org/documentation/manpage.html. Beyond that, the website isn't the easiest to navigate, and the guides they have linked are quite wordy. You simply cannot argue that it's user friendly overall.
However, I'll admit that my original wording was too harsh in the case of simple encryption. I also agree that GPG with that command is slightly easier than age, although the documentation for age could be better in my opinion. GUI applications will always be best for the average user.
The other point of new tools is to make changes to the file formats, cryptographic algorithms, etc and reduce the number of lines of code to make things more auditable.
Even your analogy is lame, because it's not like that. The "money" is what you're looking for. It's like being mad that your wallet is so stuffed with pointless expired gift cards that you can never find the money, that'd be a more accurate analogy.
So, your next monthly salary should be in the form of sacks of pennies?
The choice isn't "too much docs" Vs "not enough docs" it's "huge complicated thing" Vs "simple thing".
The C++ Programming Language (B. Stroustrup) is a far longer book than The C Programming Language (K&R) but C++ is not a better or simpler to use language by dint of having a larger book
Analogy fail. Twice. The second failure is a result of promoting a personal hobby horse. Yes, we all know you are biased about C++. No, that doesn't make your bias relevant to all topics. Or any topic.
The difficulty that people refer to is about key management that holds for any program, and email encryption, that involves setting up an email client, a plug-in, getting the other side to use encryption, etc. This didn’t scale well, because the average user wants a zero click solution.
The average user (and some times those familiar with technology) hasn’t heard of Thunderbird and doesn’t want to set that up. They have a short password and use web browsers.
Security-critical software is best when it's obvious how to use it, and how not to, which is easier with a focused tool. I feel like GPG has so many features that it's hard to look things up in a manual, or to make use of shell tab-completion, or to get a clear mental picture of its possible failure modes.
It's sort of obviously true that when something makes it harder to make mistakes, it's safer. But there's only so much a tool can do. It's not hard to use if you understand asymmetric cryptography, but if you don't, it's asymptotic to impossible. The model itself is pretty hard.
That's very true. Asymmetric cryptography is a lot less intuitive, and it's hard to come up with a decent GUI for that kind of functionality. Keybase and keys.pub have probably done the best job.
The difference is that this uses your encryption private key. However, I will look into just supporting -p because that's a fair point, although that would be trickier to implement.
As for the unusable statement, I'm referring to the long list of other commands, which is more linked to digital signatures than encryption. For instance, there are entire guides and hour long YouTube videos on how to use GPG.
Edit: I've reworded my criticisms of GPG to clarify that it's not universally difficult to use.
This is all without any kind of key management? No web of trust, no certificate authority/repository?
Gpg is hardly perfect - but I'm not sure how useful public key signature and authenticated encryption modes are without key management?
Are there any kind of embedded timestamp for signatures and encrypted files (signed at/valid to etc)?
Ed: I gather the main focus of this project is to extend age with minisign - but I worry that what's really needed is a (new, not PGP) standard format - that allows authenticated encryption and signing - and possibly with date/validity for signatures (beyond merely an ad hoc use of minisign trusted comments - a standardized use of minisign comments might be fine?).
At any rate, I'm not too thrilled about the age projects stand on signatures:
I strongly believe one of the main uses of encryption is enabling trust - and that implies trusted keys, trusted content and trusted signatures - along with a notion of time.
They might be constructed out of primitives - but a user facing cli/gui should probably be strongly opinionated, and have good training wheels to make misuse and misunderstanding as difficult as possible..
That's correct. I've done something similar to Minisign. Handling that sort of problem is way beyond what one person can manage anyway. I'm only a student and not even a computer science student.
The recommended way of sharing keys is via social media, GitHub, your website, etc. Unfortunately, Keybase has now been abandoned and was acquired by Zoom, so that's not worth using anymore. However, I don't personally see how this method of sharing is that problematic. I think it does the job sufficiently.
There are no timestamps for signing or encryption, but as you mentioned, you could use the comment functionality to add a timestamp for signatures.
A new standard format would be ideal, but that's probably not going to happen for a long time. I'm also disappointed by the stance on signatures, although there are several other things that are wrong with age, which is why I decided to make my own tool, not that it's perfect by any means either. I like to think I did a much better job documenting things though.
> Unfortunately, Keybase has now been abandoned and was acquired by Zoom, so that's not worth using anymore. However, I don't personally see how this method of sharing is that problematic.
https://keys.pub has been trying to solve this too for some time.
Could you please provide evidence on Keybase "abandonment" by Zoom? I'm asking because I'm a heavy user and have always been concerned about a possible sunset for the product.
Thanks for sharing the link, even though it gives me such a bad feeling. I really like Keybase. An important part of my workflow relies on it. So... oh shit.
I can understand the desire to shake off the burden of compatability with PGP - but maybe not if sticking to the same design, and just shifting encryption primitives somewhat?
If you want PGP - there's the sequoia project to consider as well:
% gpg -c hello
gpg: problem with the agent: No pinentry
gpg: error creating passphrase: Operation cancelled
gpg: symmetric encryption of 'hello' failed: Operation cancelled
This is the first time I've seen a reasonably full-featured encryption suite that doesn't require hours of investment to make full use of it.
I liked the considerate UI touches too, such as automated pass-phrase generation on hitting return.
I wonder if there could be a sweet-spot of people with a bit of technical knowledge and a need for encryption beyond GUI apps, but not so much of either to make a big time investment that other command-line tools often require.
Small criticism - and it might just be me, but the perspective alternation here had me reading this part three times:
"You can use hybrid encryption to send an encrypted file to someone else. Note that this is one-way encryption. The sender cannot decrypt the file. This means that you should not overwrite the original file."
Maybe change "the sender cannot..." to something like "You cannot decrypt the file, only the recipient can, using their private key."?
I hope in the near future someone builds a GUI using this. Not that the command line is some scary thing I avoid, but with a GUI, you have the luxury of not having to fiddle too much. GUIs are intuitive and also a luxury few can afford to build, which is why I tend towards using them.
Kryptor actually started out as a GUI application, but cross-platform GUI development is a lot harder than CLI development, especially in C#, I didn't want to work on both a GUI and CLI application, and designing a GUI for file signing and encryption with a password, keyfile, password and keyfile, and private key would be tricky. I also prefer GUIs when possible, but it made sense for me to make the switch.
The age utility is a bit ironic in that a utility intended to make malicious modification less of a problem doesn't do signatures. So an attacker doesn't have to go to the bother to modify the file, they can just create a whole new file.
Kryptor is more complete. If you do public key encryption you also have to support signatures if modification is an issue. You can't just leave it to the user to figure out.
If I want to send an encrypted file to someone, don't I just need the recipient's public key? What is the role of my private key here? Is my private key used for adding my signature?
Yes, you need the recipient's public key, and they need your public key. Your private key is used to perform a key exchange using X25519 (https://www.kryptor.co.uk/technical-details#private-and-publ...). Unlike age, this key exchange is authenticated, meaning you can know who sent you the file.
Unfortunately, due to that and the fact that the file format is fixed rather than variable in length, Kryptor currently only supports specifying one recipient at a time. Implementing multiple recipient support is a nice idea, but it's quite tricky to do and would require creating different files for different people.
Looks interesting, but it looks like it might be hard to integrate with, or use in a batch fashion. Gpg has options like "--passphrase-fd", "--batch", "--yes", and so on to address these things. Not that you need to implement it that way, but some way to accommodate batch mode and integration.
That's a fair point. I previously supported -p|--password followed by a password, but I removed that functionality in a later version because strings are immutable in .NET and therefore cannot be zeroed out from memory. Furthermore, I think hiding the typed password characters is beneficial from a security perspective.
Whilst that functionality could be added back in, I'm trying to keep the number of options as small as possible. Kryptor already has more options than age because it supports signatures. Having two password related options also adds confusion, and it would be slightly more tricky to support batch functionality for decrypting your private key.
I think getting rid of providing the password as a plaintext command line parameter makes sense. Accepting it on a file handle or stdin seems like it would be popular though.
I know what it sounds like, but the 'don't roll your own crypto' mantra is completely overused. That advice really applies to creating custom cryptographic algorithms (e.g. a new cipher or hash function) without adequate academic experience. When it comes to implementing cryptography using libraries like libsodium, that mantra doesn't apply if you're willing to do enough research. Instead, it should be 'be careful rolling your own crypto'.
If everyone took the 'don't roll your own crypto' motto literally, then we wouldn't have had libsodium or Monocypher. Everybody has to start somewhere. Education about how to implement things correctly, code peer review, and feedback on designs should be the norm, not 'don't roll your own crypto'. Unfortunately, some people aren't willing to do any of those things.
Kryptor example:
Same thing with GPG: So how can unused features in a command line utility make something "practically unusable"?