Private email's evolution: From Pretty Good Privacy to wallets

How private email has evolved from Pretty Good Privacy (PGP) encryption to built-in key exchange and crypto wallet integrations.

Sixty years ago, when email was first used to transmit scientific information among collaborators distributed around the world, few could imagine that it will become the backbone of global, communication. Every day, email delivers billions of messages between governments, family members, and multinational corporations. As email became a standard way to communicate, hundreds of millions of consumers adopted email products: Yahoo! Mail was released in 1997, and Gmail seven years later in 2004.Email providers began to compete for consumer attention with more storage space, mobile experiences, and more. Gmail famously launched with 1 GB of inbox storage space - a true luxury in 2004. Today, there are estimated to be over four billion email users, more than half of the global population and the largest communication network connecting the globe.Naturally, email security has become top of mind for individuals, businesses, and governments. In particular, email encryption protects email content from unwanted One of the most enduring and popular ways has been the PGP protocol.

Introducing Pretty Good Privacy (PGP)

PGP – an abbreviation for Pretty Good Privacy - was first launched in 1991. It represents a relatively straightforward way to protect personal information or communication, including emails messages and other data, such as attachments.The encryption scheme utilized in Pretty Good Privacy is a relatively straightforward asymmetric encryption protocol, wherein every party who wants to send or receive encrypted messages maintains a PGP keypair, including a private key (kept secret), and a public key (shared widely online, in person with other people, or in key registries).As in an asymmetric protocol, the sender encrypts a message with the recipient’s public key. In some cases, the sender may encrypt additional encryption keys, such as one symmetric encryption key for every file. To learn more about how a symmetric encryption scheme could be used with an asymmetric one - thereby creating a hybrid encryption scheme - check out Skiff’s technical whitepaper.In addition to this protocol, PGP also defines standardized encoding and decoding for public and private keys. For example, here is a PGP public key:
`-----BEGIN PGP PUBLIC KEY BLOCK-----Version: Keybase OpenPGP v1.0.0Comment: https://keybase.io/cryptoxm8EYyaSSBMFK4EEACIDAwRmbe9L vMlFKMwznWLyZcCHRfVb7LOLjxXJn7uzWpqoCNb8hnTZdXJZq/42W/ZrLdPMiutYVEpEXb8dP aBlQHeHia5YcYUQ05IQL8w/mJz4…OIch4coBf01VYVxW+9x7kKNp5SDEh44m8fsdFMXiVrAjJcn9/1/q3YRImgU3I/1QPy9m1BqtqA==-----END PGP PUBLIC KEY BLOCK-----

PGP adoption

PGP was generally made compatible across multiple email providers, command line tools, and even software providers like GitHub. For example, you can sign all of your code commits on GitHub using a GPG public key, which represents a similar encryption scheme but with slight variationsAlthough PGP represents one of the simplest, most easily understood, and oldest email encryption schemes, adoption is weak. While some estimate that around 50,000 PGP keys are widely in use today, encrypted messaging apps, such as Signal Messenger, are used by hundreds of millions of people every month. In total contrast to PGP, wherein individuals may need to take charge of their own encryption keys, Signal uses an open source protocol - the Signal Protocol - to exchange keys, encrypt messages, and keep sender and recipient information ephemeral and private. To learn more about the Signal Protocol, we recommend reviewing Signal’s technical documentation or open source code.As new cryptographic protocols, including elliptic curve cryptography, have become more popular, computer scientists and cryptographers have also started to criticize PGP’s technical limitations, such as a lack of forward secrecy (unlike the Signal Protocol), over complexity (designed to be a “swiss army knife”), and outdated implementations.

Skiff’s approach

Skiff has chosen an approach based on ease of use, simplicity to understand, and complete technical reliability. More like Signal than PGP, Skiff makes it easy to sign in, generate and share keys, and communicate with total privacy. To ensure total trustworthiness of users public keys and the protocol, all of Skiff’s encryption code is open-source, Skiff Mail is completely open sourced, and users are able to verify and remember other users’ public keys, just like marking users as verified on Signal.

What about crypto wallets?

Over the last year, Skiff has launched integrations with multiple crypto wallets, including MetaMask, Brave Wallet, and more. Behind the scenes, a crypto wallet functions quite similarly to a private messaging app or a password manager: It stores private keys for each of your Ethereum addresses, Solana addresses, or other public keys needed for owning tokens or other assets.Furthermore, crypto wallets have exploded in popularity; MetaMask alone has reached over thirty million monthly active users, an enormous multiple on the supposed adoption of PGP worldwide. As a result, instead of using PGP, which requires users to exchange unwieldy keys and safeguard secrets, using crypto wallets to store keys needed for secure, end-to-end encrypted communication is a technically groundbreaking but surprisingly simple solution to ensure widespread adoption.To log into Skiff with a crypto wallet, visit https://app.skiff.com or https://app.skiff.com/signup. For more information on Skiff’s technical model, visit our GitHub, blog, or whitepaper.