Slightly OT - mobile OpenPGP usage

Chris Narkiewicz hello at ezaquarii.com
Wed Aug 28 00:44:35 CEST 2019


On 27/08/2019 20:50, Stefan Claas via Gnupg-users wrote:
> But what would be, when using computers at work or public places, then
> the best strategy for using OpenPGP, without carrying a Notebook or
> smartphone?
The strategy I advice would be to not use GnuPG and look for alternatives.

I wouldn't look for some golden practice because I believe there
is none. Bluntly speaking, GnuPG is not fit for purpose of
securing everyday communication and shall not be advertised
as such.

Generally your keys should never leave secure environment. Secure
environment can be either dedicated machine that you control
or (better) SmartCard/HSM.

If your keys cannot be contained in secure environment, your comms
channel should be re-keyed after use. Modern communicators perform
re-keying after every message. GnuPG makes re-keying very cumbersome.

> There should be good solution available IMHO. :-)

Sadly, GnuPG never delivered friendly user experience.
It found it's niche in some specialized use-cases, such as
infrastructure - package signing, backup encryption, commands
by e-mail, etc - but it never gained significant adoption among
wider population.

If you expected more - I' m sorry that you will be disappointed.

Cheers,
Chris Narkiewicz



More information about the Gnupg-users mailing list