PGP is dead. What's next?

Email encryption has gone through many iterations. Today, PGP is dead, and it’s time for something new.

In this blog, we’ll analyze a divisive topic in communication security: Is PGP dead? At Skiff, we take an authoritative position that PGP is no longer useful, long outdated by better encryption protocols, encumbered by unneeded complexity, and hard to use even from the start.

What is PGP?

PGP (Pretty Good Privacy) is a form of encryption that is used to protect the confidentiality of digital messages and documents. PGP uses a combination of public-key and symmetric-key encryption to secure the contents of a message or document, ensuring that only the intended recipient can read it.PGP was first developed in 1991 by Phil Zimmermann, a computer security expert who was concerned about the increasing amount of surveillance and privacy invasions being carried out by governments and other organizations. PGP was designed to be easy to use, making it accessible to individuals and organizations who may not have the technical expertise to use more complex encryption methods.The basic process of using PGP involves generating a pair of keys: a public key and a private key. The public key is used to encrypt a message or document, while the private key is used to decrypt it. The public key can be shared with anyone, while the private key must be kept secret and only shared with the intended recipient of the encrypted message.When a sender wants to send an encrypted message to a recipient, they use the recipient's public key to encrypt the message. This creates a digital "lock" that can only be opened by the recipient's private key. The encrypted message is then sent to the recipient, who uses their private key to decrypt it and read the contents of the message.One of the key advantages of PGP is that it allows for the authentication of the sender of a message. This is done through the use of digital signatures, which are created using the sender's private key. When the recipient receives the encrypted message, they can use the sender's public key to verify the digital signature and confirm that the message was indeed sent by the claimed sender.In addition to providing confidentiality and authentication, PGP also offers non-repudiation, which means that the sender of a message cannot later deny having sent it. This is because the digital signature is created using the sender's private key, which only they have access to. If the sender later denies having sent the message, this can be proven by using their public key to verify the digital signature.PGP rose to popularity among journalists, cybersecurity experts, and others who have a need for secure communication. However, as PGP is a proprietary term, the OpenPGP standard evolved to control a standard for PGP-based communications. From there, GPG (or GNUPG) implemented the OpenPGP standards to be open-source and non proprietary. This helped bring the PGP framework and functionality to a wider audience and to make the crypto more extensible, with compatibility for more cryptography algorithms.

Why is PGP dying?

First, PGP uses symmetric key encryption, which means that the same key is used to encrypt and decrypt a message. This means that if someone gains access to the key, they can easily read the encrypted messages. To address this issue, PGP also uses public key encryption, which involves the use of two keys: a public key that is shared with others, and a private key that is kept secret by the user. However, this system is not foolproof, and there have been instances of public keys being hacked or stolen.Another issue with PGP is that it can be difficult to use. The protocol requires users to exchange PGP keys with each other, and this can be a time-consuming and complicated process. Additionally, PGP can be difficult to integrate with other programs, such as email clients, which can make it inconvenient to use on a regular basis. Some early users tried to set up keyservers that listed or shared other users’ keys. However, this can be extremely costly and mistake-prone, and the consequences of compromised keyservers are extremely high.Finally, PGP has been criticized for its lack of forward secrecy. Forward secrecy is a property of a cryptographic system that ensures that the confidentiality of past messages is not compromised if a key is compromised in the future. PGP does not offer forward secrecy, which means that if a private key is compromised at some point in the future, the confidentiality of all past messages encrypted with that key could be at risk.Overall, while PGP is a useful tool for encrypting messages, it has a number of limitations and drawbacks that have led to criticisms from security experts and users alike.

Limited usability

In the last few years, several usability issues that have been identified with PGP that make it more difficult to use for encrypted email. By introducing more complexity into the user experience, PGP also introduces additional friction and possible mistakes, thereby introducing additional potential security issues.One of the major usability issues with PGP is its complexity. In order to use PGP, users must first generate a public/private key pair, which can be a complicated and time-consuming process for those who are not familiar with cryptography. Additionally, using PGP to encrypt and decrypt messages requires the use of specialized software and can be difficult for non-technical users to understand.Another usability issue with PGP is its lack of interoperability. PGP is not supported by all email clients, and users may have difficulty sending encrypted messages to recipients who are using different software. This can make it difficult for users to securely communicate with a wide range of people.Another usability issue with PGP is its susceptibility to attack. While PGP is generally considered to be secure, there have been instances where PGP implementations have been successfully attacked by hackers. This can leave users' communications vulnerable to interception and decryption.Overall, while PGP is a powerful tool for securing email communications, its complexity and potential vulnerabilities make it difficult for some users to effectively use.

The EFAIL exploit

The efail exploit is a security vulnerability that affects certain implementations of PGP (Pretty Good Privacy) and S/MIME (Secure/Multipurpose Internet Mail Extensions), two popular encryption standards used for securing email communications. The exploit was first discovered in May 2018 by a group of researchers from several universities and security firms.The efail exploit takes advantage of a weakness in the way that PGP and S/MIME handle encrypted messages. Specifically, it allows attackers to insert malicious code into encrypted messages that, when decrypted, can be used to exfiltrate the plaintext of the original message. This can be done without the user's knowledge or consent, and it can compromise the confidentiality of the message.There are several ways that attackers can exploit the efail vulnerability. For example, they can use it to inject code into encrypted messages that, when opened, automatically sends the plaintext of the message to a remote server controlled by the attacker. They can also use it to trick users into revealing their private keys, which would allow the attacker to read all of their past and future encrypted messages.The efail exploit has been widely criticized by security experts, who have called it a serious threat to the confidentiality of email communications. In response to the discovery of the exploit, many email clients and encryption programs have released updates and patches to address the vulnerability. However, it is still important for users to be cautious and take steps to protect themselves from the efail exploit. This can include disabling the use of HTML in email messages, avoiding opening suspicious or unexpected messages, and keeping their email client and encryption software up-to-date with the latest security patches.

What comes after PGP?

The Signal ProtocolThe Signal protocol is a widely used encryption method for secure communication. It is used by the Signal messaging app, as well as by other applications such as WhatsApp and Facebook Messenger.The Signal protocol is considered to be highly secure, making it an attractive option for individuals and organizations that need to protect their communications from interception and decryption. The protocol uses state-of-the-art cryptographic techniques to encrypt messages end-to-end, meaning that only the sender and recipient can access the content of the messages.One of the key strengths of the Signal protocol is its simplicity. Unlike many other encryption methods, the Signal protocol is easy to use and does not require users to have any technical knowledge. This makes it accessible to a wide range of users, including those who may not be familiar with cryptography. The Signal Protocol now powers Signal on iOS, Android, and other platforms, as well as the encryption algorithms inside WhatsApp and other messaging protocols.Other forms of end-to-end encryptionEnd-to-end encryption is a type of encryption that is used to protect the confidentiality of digital communications. It encrypts messages on the sender's device and decrypts them on the recipient's device, using a shared secret key that is known only to the sender and recipient. This means that only the sender and recipient can access the content of the messages, preventing intermediaries such as internet service providers or hackers from being able to read or tamper with the messages.End-to-end encryption is widely used to protect the privacy of sensitive information, such as financial transactions or private messages, and is considered to be one of the most secure encryption methods available.Skiff Mail is an end-to-end encrypted, privacy-first email client. Skiff protects the content and subjects of your messages and integrates with Calendar, Drive, and Pages apps for collaboration and workspace features. If you’re looking to replace an outdated or overly complex PGP workflow, Skiff Mail is a great place to start.

Conclusion

With only a few thousand users and major usability issues, it’s time for PGP to end. More sophisticated encryption protocols, privacy protections (such as forward secrecy), and client applications have made the protocol obsolete and impossible to use.