my (and your) PGP habits could be better
I am an opportunistic PGP user, and I've used PGP for quite some time. if you encrypt mail to me, I'll encrypt back. if a download has a signature, I'll check it. I sign every one of my blog posts automatically, thanks to some dirty hacks to bashblog.
what's the issue then? well, I don't always do it religiously. I used to have a proper canary, but I abandoned it because it was a hassle on my end and I was afraid that nobody checked it anyway (I was wrong, one person actually did check it). that's why I have switched to blogging, which is sort of a more natural medium to sign and doesn't require me to go as out of my way to update (and even then, I have been slacking on my blog really hard).
there are some other issues with my current use of PGP. check to see if the following also applies to you:
- creating a perfect keypair? forget it. I don't have an airgapped device to do this safely. and even if I settled for a special removable medium, I used to have some trouble importing my stripped keypair into OpenKeychain. not to mention, the GnuPG utility – or any utility, for that matter – doesn't really have first-class support for this kind of scenario. there are a lot of issues with PGP's user experience, and I'll go into more detail with those later.
- confirming trust of keys by signing them? signing keys and publishing my signatures to keyservers? it's difficult for me to remember to do this. so far, I'm pretty sure I have signed fewer than a dozen other people's keys.
- confirming keys in general? I do basic checking, but I don't know how much is enough.
- maintaining my key properly? who knows, honestly. I have not had a religious policy for subkey creation, deletion, and renewal. nor do I really know what is the
optimalpractice for maintaining my key.
- refreshing and maintaining my keyring? a while ago, I found a safer way to do this but I have never ended up using it. furthermore, I have made very little effort to remove invalid keys from my keyring.
here are some issues I have seen with others' use as well as when I have been trying to use PGP with others:
- first off, this is really on my side: I use elliptic-curve subkeys for signing and encryption, but I also have RSA 4096 subkeys when communicating with older PGP implementations. there are a few issues I have run into with this, such as not really knowing which subkeys I'm using since I let programs handle this automatically, as well as possible delivery errors because my recipient has no support for ECC algorithms. it's all very opaque to me and I tend to dismiss errors as
their issue, not minewhile in hindsight that might not have actually been the case.
- I have seen many people, especially on Tor, try to be smart and reveal as little detail about them in their key metadata. this is straight-up the wrong way to use PGP especially over E-mail. your address is not
firstname.lastname@example.org, stop making your key more difficult to use. create separate keys for separate purposes and use them appropriately.
- since there is no
right wayof using PGP, we end up with people using all kinds of algorithms, all kinds of expiry policies, all kinds of renewal policies. some people properly renew their keys, others create new keys to replace the old ones (and I was guilty of this). some people's keys expire never, others' expire next week. I know some of this is a personal threat model consideration, but still, I believe too many people set unrealistic, unsafe expiries on their keys.
and lastly, usability and interface issues. it feels like XMPP all over again, what with all the different clients and none of them implementing the full standard in a correct and easy-to-use manner. there are practically no full-featured GUI frontends for PGP, and the GnuPG commandline implementation discourages newbies (and even people like me) from figuring out how to correctly maintain personal keypairs and a full keyring. I use keys for different purposes (some for E-mail, others for download signing) and it isn't immediately obvious that I could probably have two or more keyrings for that. also, is it possible to attach metadata to PGP keys (such as your XMPP account, website, or anything else that could possibly help verify people)? if it's possible, I surely don't know how to do it, nor do I know where I can search for more information.
so, my suboptimal use of PGP is everyone's fault. and if you use PGP, you're probably using it suboptimally as well. I don't want to bash PGP outright for being a poor standard – I mean, come on, it has been around for decades, and it's still suggested by security professionals. but over those decades, very little has been done to change the state of affairs, and it's so easy to use it wrong.
as always, I accept E-mail replies to my posts, but I especially want to hear readers' thoughts on this. I want to gauge how others use PGP, and I want to see what others believe should be the
correct way of using it.