PGP is amazing, it’s the WWW of encryption. An interoperable, backwards-compatible, defacto-governed, resilient, fire-tested, time-tested collection of software for every used platform that just keeps on kicking and evolving, despite many challenges.
It has too many confusing features, and you don’t have to use any of them if you don’t want to. The core of public keys, signatures, and both symmetric and asymmetric encryption are solid. Just like if I write simple HTML, it will work in 20 years worth of browsers.
Few technologies can boast this type of lindyness, and I appreciate them a lot, especially when I can actually make use of them.
Do you mean GnuPG? I'm not sure if PGP (the software) still exists.
I agree that the world is definitely better with widespread OpenPGP support in it, and I'm grateful for the role GnuPG played in that, but gpg could definitely use some fresh paint in terms of usability.
I'm using "PGP" to refer to the entire ecosystem which uses "BEGIN PGP..." headers, including GnuPG, OpenPGP, and the variety of software packages and libraries available for just about every platform and language.
Not supported by gnupg, who decided to do their own thing, see librepgp.org. gnupg is slowly but surely fading itself out of the open source ecosystem, focusing more on enterprise (i.e. German government) use cases.
If you are wondering how to openpgp these days, many use cases are well covered by SOP, which is a simple stateless interface specification with multiple mostly drop-in swappable implementations: https://wiki.archlinux.org/title/Stateless_OpenPGP
The standard is quite new but there are already libs with full support (e.g. the pure Rust OpenPGP: https://fosstodon.org/@hko/113198947595455844).
One interesting thing is that there's a test suite checking implementations developed alongside the spec (https://sequoia-pgp.gitlab.io/openpgp-interoperability-test-...) so it's easy to see the conformance status.
PGP is amazing, it’s the WWW of encryption. An interoperable, backwards-compatible, defacto-governed, resilient, fire-tested, time-tested collection of software for every used platform that just keeps on kicking and evolving, despite many challenges.
It has too many confusing features, and you don’t have to use any of them if you don’t want to. The core of public keys, signatures, and both symmetric and asymmetric encryption are solid. Just like if I write simple HTML, it will work in 20 years worth of browsers.
Few technologies can boast this type of lindyness, and I appreciate them a lot, especially when I can actually make use of them.
Do you mean GnuPG? I'm not sure if PGP (the software) still exists.
I agree that the world is definitely better with widespread OpenPGP support in it, and I'm grateful for the role GnuPG played in that, but gpg could definitely use some fresh paint in terms of usability.
I'm using "PGP" to refer to the entire ecosystem which uses "BEGIN PGP..." headers, including GnuPG, OpenPGP, and the variety of software packages and libraries available for just about every platform and language.
Not supported by gnupg, who decided to do their own thing, see librepgp.org. gnupg is slowly but surely fading itself out of the open source ecosystem, focusing more on enterprise (i.e. German government) use cases.
If you are wondering how to openpgp these days, many use cases are well covered by SOP, which is a simple stateless interface specification with multiple mostly drop-in swappable implementations: https://wiki.archlinux.org/title/Stateless_OpenPGP
Oh wow, I didn't realize LibrePGP was a thing.
I suppose after nailing UX, forking the specification was the only thing left to do for GnuPG...
(2022) Discussion 2 months ago (77 points, 38 comments) https://news.ycombinator.com/item?id=41213442
> (2022)
No, it's "Published: July 2024".
> https://news.ycombinator.com/item?id=41213442
That's RFC 9180: Hybrid Public Key Encryption.