It’s Time To Drop PGP

“Email is no longer a secure communication medium” — Sebastian Schinzel

On early Monday morning, news spread quickly around the interwebs about a critical flaw in PGP that rendered encrypted emails readable to hackers. The flaw was dubbed EFAIL and it even exposed the contents of secure emails which were sent in the past. The vulnerability was discovered by Sebastian Schinzel, a professor of computer security with Münster University of Applied Sciences. Upon discovering it Schinzel took to twitter immediately and announced his findings.

In a very defining statement to Süddeutsche Zeitung, Sebastian Schinzel said “Email is no longer a secure communication medium” — an assertion that undoubtedly resonates with cypherpunks and privacy enthusiasts who for long have been arguing this. To drive the point further, the Electronic Frontier Foundation (EFF), a non-profit that defends civil liberties in the digital spectrum, suggested that everyone must stop using PGP and as an alternative they should use Signal, a secure messaging app. Suprisingly, they didn’t even recommend ProtonMail, the Swiss secure email company that got a whole lot more popular after the Cambridge Analytica debacle, which, by the way, is an actual email platform. Why is that? Well, the answer is simple: ProtonMail uses PGP, and the EFF was careful in suggesting an alternative that wasn’t PGP-based. In other words, they couldn’t recommend an email platform that could guarantee users’ privacy, so they had to resort to recommending a messaging app. That, in of itself, is incredible because, the fact is, when it comes to end-to-end email encryption, every service out there uses PGP.

Now, besides the point that “there is no secure, vetted replacement for PGP in email”, the EFF recommended Signal and not any other secure messaging app, and that’s because Signal doesn’t use PGP. Instead, it boasts the coveted Signal Encryption Protocol, which has earned it Snowden’s seal of approval. Later during that day it was clarified that the vulnerability actually came from a wrongful implementation of PGP in some email clients. This meant that certain email clients such as Outlook, Thunderbird and Apple Mail were affected, but not all of PGP was a loss. However, that didn’t stop people from voicing their “I told you so” arguments about why PGP is not the best solution for end-to-end email encryption. So, let’s dive deeper into what’s wrong with PGP and then try to understand why everyone from Snowden to the EFF is swearing by Signal.

So, What’s PGP?

PGP was invented almost 30 years ago by Phil Zimmerman and ever since it has remained the de facto encryption protocol for email.

Although there are encrypted email services that use PGP such as ProtonMail and Husmail, traditionally, PGP encryption is installed as an add-on for existing email clients. For example, there’s Encryptomatic for Outlook, Enigmail for Thunderbird, and GPG for Apple Mail. While installing the encryption ad-on is easy, making use of the PGP encryption is really tedious and complex. This is how the process works:

1. You have to generate your own private and public keys and store them by setting a password. A 30 character password is usually recommended.
2. Then you must enter your 30 character password in order to generate revocation certificate. This is so that you can revoke your keys in case your device is lost or compromised.
3. Before sending your encrypted email you must enter the recipient’s public key, which you must get directly from them. This is typically a 40 character combination of alphanumerical digits called “key fingerprint”. You usually see reporters posting their PGP key fingerprints publicly on their Twitter profiles.
4. Finally, to encrypt the email you must enter again your 30 character password in order to access your private key and cypher the email.

As if email wasn’t complicated enough, PGP makes it even more painful to use. But don’t think the complexity ends there because you still have to consider “key management”. Remember, for every new person you email you have to repeat step 3 which is cumbersome and prone to human error. With that comes the possibility that your recipient may have changed their public key, which means that if you’re emailing a person who you’ve already emailed before, you still have to verify with them to see that their key hasn’t changed. This is reminiscent of Blackberry Messenger, when a person changed devices, hence their BBM PIN, and you wouldn’t know unless they told you so.

Besides the complex setup and usage, PGP’s biggest pitfall is its lack of ‘forward secrecy’. This terms refers to the ability to limit the extent that a compromised key can affect the confidentiality of your emails. Well, PGP doesn’t ensure forward secrecy. This means that if someone gains access to your private key, then they would be able to decrypt, not just the emails you send, but also all the emails in your inbox, including those you’ve sent in the past.

This and many other more technical downsides of PGP have lead people to adopt newer, more robust encryptions protocols such as Signal. So, let’s see what the rage is about with Signal.

The Signal Alternative

Signal arises in 2013 from the frustration of its creator Moxie Marlinspike over the clunkiness of PGP as well as his desire to build something that was truly private, yet easy to use. It was no easy task as in the cybersecurity world there’s a well known inverse relationship between security and ease of use: the more secure the product, the more difficult it is to use. Most cyberpunks and privacy enthusiasts have become comfortable with this compromise and have therefore stopped pushing the envelope. But that’s not the case of Moxie. He knew that it was no use building a more robust encryption protocol if its complexity meant no one would use it.

Signal is a barebones, easy to use secure messaging app available on mobile and desktop that guarantees users’ privacy beyond PGP sans the complexity. It’s based on the Signal encryption protocol and though it relies on similar principles as PGP, it’s much, much better. The Signal encryption bears forward secrecy thanks to its Double Ratchet algorithm, whereby keys for each new message are continuously derived from the previous keys. The cleverness of this solution lies in that, while you can derive new keys from old keys, you can't derive an old key based on the new key. This implies that if one of your keys is ever compromised, only the message tied to that key will be compromised, as opposed to your entire inbox. What’s more, there is no key management nor passwords and best of all you don’t need to know the recipient’s public key in order to communicate with them. The app does all the heavy lifting automatically, which results in an experience so simple and easy you forget you’re using the world’s most secure messaging app.

In 2016 WhatsApp became the first mainstream communication tool to integrate Signal encryption as a standard. This made WhatsApp, the most popular messaging app in the world, also the most secure. As a proof of concept of their algorithm, Moxie and his crew launched a Signal messenger app (now named Signal) which provided an example of the implementation of the protocol. But what was merely an example has now become the most highly regarded secure messaging app in the world. It has garnered worldwide praise from renowned security experts and privacy advocates like Edward Snowden among others. And 2018 seems to be their biggest year yet with a fresh funding of $50m by WhatsApp cofounder Brian Acton, Skype integrating Signal encryption and journalists praising Signal’s security. Heck, even cryptocurrencies, such as MobileCoin, are being built on top of Signal encryption.

The Future Of Secure Email

We are certain that if it ever came the time to move on from PGP, it is now. The simplicity and security of the Signal protocol, marks a stark contrast compared to the old and dated PGP. Monday’s discovery of the PGP vulnerability put the world on notice about the need for an evolution in email security. Moreover, as recent events involving data breaches and user privacy breaches continue to plague the world, it’s not just journalists and cypherpunks that are conscious about protecting their privacy, but the general public is as well. Perhaps it’s time that email took a page from messaging and started implementing Signal encryption instead of PGP. Unless this happens, Sebastian Schinzel will continue to be 100% right when he says that “Email is no longer a secure communication medium”.

We encourage you to try Signal for yourself, and imagine how great it would be if we had this kind of security and privacy as standard in our inboxes. This would truly be the evolution of email.

This story is written in collaboration with Gianni Carlo, CTO Criptext.