10+ reasons why PGP sucks

November 6, 2013

I happened to stumble upon these OpenPGP Best Practices the other day. Opposite to the intentions of that article, it made me realise PGP sucks, and in fact for several reasons.

The main problem with PGP (and GPG) is that it is a total usability nightmare. Not because by default these are command-line tools: there are GUIs for them and plugins that integrate them in email clients. No, the problem is that they do not help the user in making the right (read: secure) decisions. There is no default secure configuration. There are a gazillion configuration options, and any random combination is bound to make the system insecure.

For example, in terms of key management, the user has to remember to regularly update his local key ring. He has to remember not to use a popular but broken key server. When generating a key, he has to pick the right parameters to get the most secure setup. This include understanding and using sub keys. He should not forget to set an expiration date, and should remember to generate a revocation certificate. And that's not all.…

This is a nightmare. We really need to design something better.

Update 15-9-2014: Matt Green wrote a much longer and much more detailed argument why PGP must die.

In case you spot any errors on this page, please notify me!
Or, leave a comment.
, 2013-11-19 11:10:52

I completely agree. And would like to add that all this starts with terminology. It might be witty and funny to call a tool for managing your PGP-keys GPG, but please: can we make it /less/ confusing? It might be technically correct to talk about public-private keypairs, RSA, DSA, X509, SSL and whatnot.

In my day to day mailing, I want only two things, all are somewhat covered in GPG, and made a little easier with seahorse, the Gnome/Ubuntu GUI for managing keys:

  • Prove that I am am, who I say I am. (signature)
  • Secure the contents of a message. (encryption)

All the rest is cruft. The terminology is bloated and sprinkled with concepts only the few familiar with crytography can grok. The GUI’s translating these terminologies are bloated: nine out of ten features they offer are not needed to achieve above. That PGP /can/ be used to encrypt drives, or files is nice; that you can choose between a gazillion servers to publish to, adds to your freedom, sure; that you can choose several encryption algoryths is good for future-security. Yet all this is irrelevant for someone who just wants to email someone secure and encrypted.

, 2014-01-13 18:53:12

So you made clear what’s wrong - btw, I disagree with the assertions made, since it’s possible to get tech-noobs to use PGP encryption without problem once they acknowledge that there is a problem with sending “electronic postcards” - what do you suggest, though?

@berkes: actually the diagram on Wikipedia makes things pretty clear. What’s difficult isn’t the encryption or the signing, it’s that keys can be signed, what a public key server is, what public keys are and how they relate to the private keys etc. I didn’t have to teach my mom or my significant other any technical terms other than what the https://en.wikipedia.org/wiki/File:PGP_diagram.svg describes and to assure them that as long as certain breakthroughs aren’t made, the contents of the encrypted emails and files is secure from the mathematical background.

I still don’t understand that we expect people to make a driver’s license to drive a car, but they can simply dive into the new technologies and endanger everybody with their recklessness. Not every problem can be solved by technology.

The more you simplify the processes, the more opaque the process becomes and the less the tech-savvy users will trust them. However, the tech-noobs may love that sense of (false) security.

Google gaat PGP voor Gmail ondersteunen. Wat betekent dit precies? // Jaap-Henk Hoepman
, 2014-06-06 13:16:49

[…] en ingeschakeld is. De keuze voor PGP is enigszins verrassend. (Eerder beschreef ik al eens waarom PGP eigenlijk waardeloos is.) Misschien dat End-to-End de gebruikersvriendelijke schil om PGP kan worden die PGP nodig heeft. […]