I am a PGP FAN
This is about how I became a fan of PGP. By PGP I mean things compliant with the OpenPGP standard and the standard itself, not necessarily the corporation of the same name.
Recently (2020) there have been some articles about how PGP is a bad idea. They tend to show up whenever someone mentions PGP, even in passing. This one is often referenced:
It seemed remarkable to me that anyone would bother to take the trouble to write anti-PGP articles in this day and age. It isn't really anything most people give much thought to, even those that actually use it. PGP was something I had not thought about for at least 30 years and the articles caused me to wonder what the current state of the PGP ecosystem was here in the 21st century.
The rabbit hole was remarkably deep. I ended up with these somewhat surprising insights:
- OpenPGP is actually a fairly good standard.
- GnuPG is a fairly good implementation of the standard.
- In terms of technical complexity, it is one of the simplest systems you can actually use for practical work with public key cryptography.
This is directly at odds with the sort of things you read about PGP in the technical press. It occurred to me that if PGP can have anti-fans it can also have fans. These PGP advocacy articles are the result. I must extend thanks to the author of the previously mentioned article for the motivation. I am not being sarcastic; I have come to understand the value of a good rant.
The terminology that applies to encrypted messaging is not that well standardized. In this series of articles, when I use the word “identity” I mean the thing that uniquely identifies a particular entity using a particular system. For example, a PGP identity is the public key used for verifying a PGP signature.