======PGP is a Form of Minimalism====== As a protocol, PGP is surprising simple. Here is what happens if you want to use it to securely send a message to someone: - You get from them a PGP identity (public key). How you do that is entirely up to you. - Your PGP program uses that identity to perform a single public key encryption of a message key. - Then the message key is used to encrypt the message which is added to the encrypted message key to make the encrypted message. - Your correspondent does the opposite operations to get the message. If you want to sign your message then you: - Hash the message. - Do a public key signature operation on the hash and attach the result to the message. - Your correspondent checks the signature from your PGP identity, which they have acquired somehow. The simple key handling is where the minimalism comes from. It is why PGP can be used in so many non-email contexts. As a contrast, consider the Signal Protocol for instant messaging. I will not attempt to describe Signal in any detail as I would get parts of it wrong. It would also make for a pointlessly long article. There is a high level description of the Signal protocol [[https://signal.org/docs/|here]]. None of the following comments are intended to be critical, they are intended to give an idea of the level of complexity of the protocol in total: * Signal has at least 2 systems for creating [[pgpfan:forward_secrecy|forward secrecy]]. Each system requires a system to deal with loss of synchronization. * A Signal session requires the storage and maintenance of a lot of state information. * Signal normally uses a server based "prekey" system to deal with the case where a client is offline and thus is unable to negotiate. * Signal achieves partial [[pgpfan:repudiability|deniability]] with a triple Diffie-Hellman key exchange. OpenPGP achieves [[pgpfan:anonymous|complete deniability]] by not signing the message in the first place. * Supporting the Signal protocol in practice requires a separate system to store and protect past messages((Currently (2021) this invokes an entire database system (SQLite) with an encryption extension to protect the secrecy of the old messages.)). Since this is at odds with [[forward_secrecy|forward secrecy]] such a system will end up with a system to delete old messages. The Signal Protocol is built on ideas from the [[pgpfan:off_the_record|Off the Record]] (OTR) protocol. Interestingly enough, OTR was intended to improve PGP by adding extra functionality. Signal adds functionality on top of the OTR functionality. So Signal could be considered the result of an attempt to improve something by making it more complex. I believe that reliability and security are best achieved with simple systems. OpenPGP is a standard that describes such a system. [[pgpfan:index|PGP FAN index]]