Differences

This shows you the differences between two versions of the page.

--- pgpfan:forward_secrecy [2022/03/19 21:50] – Redundant, poorly worded. b.walzer
+++ pgpfan:forward_secrecy [2025/11/04 12:17] (current) – Entirely new argument. b.walzer
@@ Line 16: / Line 16: @@
 Reduced to the essence: forward secrecy is where you delete the encryption key protecting some encrypted data to prevent that key from falling into the possession of an attacker that already has that encrypted data. There is nothing preventing any system from doing that, even something based on the OpenPGP standard. For a practical demonstration see: [[pgpfan:gpgburn|A Demonstration of Message Burning Through Encryption using GnuPG]].
+Forward secrecy when applied to encrypted messaging often leads to less local security after the message is received. When a PGP message is received, it stays encrypted. It is only decrypted when the user wants to see it and the decrypted message is forgotten immediately after that. I have dubbed this feature: [[pgpfan:encryptonce|encrypt once]]. In a system using some forward secrecy scheme, once the message arrives the key will eventually be forgotten. So it must be decrypted at that point in time. In common practice that means that the message will //stay// decrypted and will be accessible to anyone with access to the device. Sometimes a system will have some kind of local password lock but that pretty much always ends up with an easy to crack password. With PGP your old messages are always protected with the full strength of the system used to transfer the message in the first place.
 Hardly anyone ever does forward secrecy with OpenPGP. Why not? It's easy to do in a technical sense and would not cause your correspondents to have to reverify your identity.