Giving Up on PGP

Six years ago I bought a hardware security token (Yubikey 4 neo, at EUR 60 a hefty price for a small piece of plastic) to use as second factor through the FIDO U2F specification and for holding my GPG encryption keys. Wanting to do things “properly” I decided to have a master key stored offline and separate, dedicated and detached subkeys for encryption and signing stored on the Yubikey. I opted to have the subkeys be valid for 1 year and set a calendar reminder to rotate these keys, which conveniently fell into the winter holiday season. Perfectly planned security best practices!

I then set up my desktop and mobile mail clients to be able to encrypt and sign messages with the keys stored on the hardware token, uploaded the key to my website (but not to public keyservers, because I felt this would leak to many personally identifiable data). Then rarely used any of this but for a few occasions.

After that first year elapsed, and my key were close to expire I first had to refresh my memory around the process I used to generate the keys (which I had not documented). Turns out I even went to the effort to airgap the machine used to generate the master keys. So I got my master key from storage and went on to rotate my subkeys (as this is the only way the have some form of forward secrecy with PGP). However, when I was reading how to do this (you have to sign a document stating that the keys are rotated with both the old key and the new key and post this in a public space. You also ‘lose’ the web-of-trust bonus of key signatures as these are attached to the subkey not the master key. Unless you get that one signed, impractical when it is in storage). Then I realised, that if I removed the old keys from my keyring, I would not be able to decrypt the messages that I received that were signed with the old keys. So I decided not to rotate my keys (screw security best practices). And since I did not wanted to go through this ordeal every year I simply extended the validity of my keys by 5 years.

Which brings us to today. The keys have again expired a few days ago. And I have decided to quit using PGP/GPG.

A lot has been said about the UI challenges of GnuPG and associated tools (see the opinion from the creator of Signal). And there was some panic a while back when a flaw was discovered when PGP was used in html emails (I immediately switched my mail client to text based emails only). While the theoretical foundations behind PGP still stand (I think, and remember it was also positively mentioned during the Snowden revelations), I am not really using it, also because there are few people with the technical capabilities to use it with me. And while I did use it for a while with my colleagues it is clumsy to use. First I encrypted all emails including the subject line, to leak as little information as possible, which made it impossible to find a past email thread in the email client whithout opening every single encrypted message. Then I started only encrypting the content of the email, which results in that content not being indexed. This makes is hard to find information from a past message. You have to first remember the subject line (made more challenging when buried deep into a thread of RE: replies), then decrypt the emails that could potentially contain the information which includes a delay due to the decryption (and me having to press the key on the hardware token). Not a joy to use when one wants to retrieve information from past emails.

So as of today I am removing my public key from my website and will not renew my expired keys. I do still use my hardware token for U2F (and might get a newer one if the new FIDO2 authentication becomes more widespread) but not for PGP anymore.