Essay on PGP as it is used today

raf gnupg at raf.org
Mon Jul 22 01:27:08 CEST 2019


Stefan Claas wrote:

> raf via Gnupg-users wrote:
> 
> > Stefan Claas via Gnupg-users wrote:
> > 
> > > Andrew Gallagher wrote:
> > > 
> > > > * And finally: “don’t encrypt email”? Yes, well. Email is not going away.
> > > > Just like passwords, its death has been long anticipated, yet never
> > > > arrives. So what do we do in the meantime?
> > > 
> > > I think the biggest problems is how can PGP or GnuPG users tell other users,
> > > not familar with email encyrption yet, what else to use ...
> > 
> > At work, when a client insists on email, and I (or the law)
> > insist on encryption, I provide them with instructions for
> > installing 7-zip and send them an AES-256 encrypted zip or 7z
> > file as an attachment. It's the simplest thing I could think
> > of that I thought most people could cope with.
> 
> That is simple, indeed. But how do you exchange passphrases for
> the encrypted files in advance and do you switch them regularly
> or leave them the same when dealing with many clients?

Passwords are conveyed to clients over the phone and each client
has their own. If it were entirely automated and in heavy use, a
password would be generated for each file and sent via SMS to the
recipient.

> I solved this with using NaCl public keys, bearing no infos of
> the key owners and having a little key ring, where I only assign
> nicknames to the pub keys. The software I use is box
> 
> https://github.com/rovaughn/box
> 
> in combination with a base91 encoder / decoder, for ASCII armor,
> when sending encrypted emails. 
> 
> Before that I also experimented with other tools, like dhbitty,
> MiniLock and Pretty Curved Privacy etc. but for me they all had
> some disadvantages compared to box.
> 
> Regards
> Stefan



More information about the Gnupg-users mailing list