From a place slightly to the side of the more popular path https://articles.59.ca/ Tue, 07 Apr 2026 20:20:56 +0000 FeedCreator 1.8 https://articles.59.ca/lib/exe/fetch.php?media=wiki:logo.png https://articles.59.ca/ https://articles.59.ca/doku.php?id=pgpfan:2048 2048 Bit RSA Keys Since the creation of this article, there is now a much more detailed discussion of these issues available: 2048 Bit RSA and the Year 2030 If you generate a public/private keypair with a recent version of GnuPG you get a 2048 bit RSA key by default . That fact generates a surprising amount of angst. anonymous@undisclosed.example.com (Anonymous) Wed, 04 Oct 2023 13:07:31 +0000 https://articles.59.ca/doku.php?id=pgpfan:agevspgp Could Age Replace OpenPGP? Age is a utility and library to do public key and symmetrical encryption/decryption in a simple and straightforward way. The idea that age could replace OpenPGP comes up from time to time. OpenPGP based systems are used for multiple purposes anonymous@undisclosed.example.com (Anonymous) Tue, 06 Aug 2024 20:53:38 +0000 https://articles.59.ca/doku.php?id=pgpfan:anonymous Anonymous Encrypted Messages If you want to send an anonymous message using an OpenPGP based system then you don't sign it. That is it. That is the whole thing. It is conceptually the same as omitting a signature from a paper document. Simple and intuitive anonymous@undisclosed.example.com (Anonymous) Wed, 26 May 2021 00:19:38 +0000 https://articles.59.ca/doku.php?id=pgpfan:authenticated Authenticated Encryption It is sometimes said OpenPGP does not support a feature called authenticated encryption (AE). AE is often seen in the case of stateful connected protocols such as TLS. Typically a shared secret key is first negotiated: The authentication is usually established by applying a cryptographic signature to the components involved in the negotiation. At the end of this process each end of the connection has a copy of a shared secret key that the entities involved can be s… anonymous@undisclosed.example.com (Anonymous) Tue, 28 Feb 2023 16:46:00 +0000 https://articles.59.ca/doku.php?id=pgpfan:certifyonce Certify Once OpenPGP embodies a certify once scheme for messaging. The certification here is when someone determines that the OpenPGP identity they have is the one you originally created. Here are some examples of how that might happen: * You give them your identity in person. anonymous@undisclosed.example.com (Anonymous) Wed, 02 Jun 2021 15:54:11 +0000 https://articles.59.ca/doku.php?id=pgpfan:cipherfeedback Cipher Feedback; a Paean A method called cipher feedback (CFB) is used in OpenPGP to prevent data leakage and make modification more difficult. It seems appropriate here to discuss the advantages of this method. OpenPGP, like most other systems, uses a something called a block cipher to encrypt things. You start with a fixed block of data (usually 16 bytes), run it through the block cipher encryption function, and end up with an encrypted block of data of the same length. To get back the origi… anonymous@undisclosed.example.com (Anonymous) Mon, 09 May 2022 17:05:27 +0000 https://articles.59.ca/doku.php?id=pgpfan:cryptodoom The Cryptographic Doom Principle: Some Observations The article to be discussed: * The Cryptographic Doom Principle The Principle: "If you have to perform any cryptographic operation before verifying the MAC on a message you've received, it will somehow inevitably lead to doom. anonymous@undisclosed.example.com (Anonymous) Thu, 25 May 2023 19:31:11 +0000 https://articles.59.ca/doku.php?id=pgpfan:downgrade Downgrade Attack Immunity It is sometimes assumed that because PGP supports older cryptographic methods that it must be at risk of something called a downgrade attack. The basic idea is that if you can't break a particular type of encryption then you trick the system into switching to something you can break. That might be no encryption at all. anonymous@undisclosed.example.com (Anonymous) Sat, 11 Jul 2020 15:05:05 +0000 https://articles.59.ca/doku.php?id=pgpfan:efail The EFAIL Hoax In 2018 a security issue dubbed EFAIL was all over the technical media and even leaked into the regular media. Many of those articles were misleading or incorrect. Some gave dangerous advice. Here is an example of a particularly hyperbolic headline: anonymous@undisclosed.example.com (Anonymous) Mon, 16 May 2022 21:17:34 +0000 https://articles.59.ca/doku.php?id=pgpfan:email_clients Email Clients Encrypting your emails with PGP can end up being pointless if your email client leaks information or allows your end device to be attacked. If someone sends you a physical letter and you would prefer that the contents remain private then you would find a private place to open it. You won't open it in a busy place full of curious people. If you would like to hide the fact that you have received and read the letter then you would need to find a place where you can be sure you will … anonymous@undisclosed.example.com (Anonymous) Mon, 22 Jun 2020 16:24:40 +0000 https://articles.59.ca/doku.php?id=pgpfan:encryptonce Encrypt Once OpenPGP embodies an encrypt once, decrypt many times, scheme for messaging. That means that a message is created, encrypted and is only decrypted when the intended recipient wants to look at it. It can never be found unencrypted at any other time. anonymous@undisclosed.example.com (Anonymous) Mon, 09 Feb 2026 22:24:48 +0000 https://articles.59.ca/doku.php?id=pgpfan:expire PGP Key Expiry is a Usability Nightmare I convinced a friend to try out PGP over XMPP. It was an interesting experiment. The lack of system state meant that things just worked when they worked and it was reasonably easy to figure out what was going on when they didn't. Then after a couple of years of use everything suddenly broke in a very obscure way. More on that later but first some background discussion anonymous@undisclosed.example.com (Anonymous) Tue, 10 Mar 2026 19:06:47 +0000 https://articles.59.ca/doku.php?id=pgpfan:forwarding Surreptitious Forwarding This article is a discussion and criticism of various approaches to encryption and signing: * Defective Sign & Encrypt in S/MIME, PKCS#7, MOSS, PEM, PGP, and XML I will only discuss the article to the extent it applies to OpenPGP over email. This article was originally presented as a paper 20 years ago (2021). I have not been able to find any examples of this attack being used in anger. Since the article does not present a demonstration, it is entirely possible that … anonymous@undisclosed.example.com (Anonymous) Mon, 26 Jun 2023 15:31:29 +0000 https://articles.59.ca/doku.php?id=pgpfan:forward_secrecy Forward Secrecy The PGP protocol is sometimes criticized because it lacks a feature called forward secrecy. Forward secrecy is intended to reduce or eliminate the effects of an attack that goes like this: * Some adversary records your encrypted messages and creates an archive of then without your knowledge or consent. anonymous@undisclosed.example.com (Anonymous) Tue, 04 Nov 2025 12:17:09 +0000 https://articles.59.ca/doku.php?id=pgpfan:gdpr When the GDPR Seems to Prevent an Entire Technology "Only a Sith deals in absolutes." Obi-Wan Kenobi, Star Wars: Episode III -- Revenge of the Sith The GDPR (General Data Protection Regulation) is the current EU (European Union) privacy regulation. It has spawned an intellectual exercise where some provision of the GDPR is used to prove that the GDPR makes some system effectively illegal. Some examples: anonymous@undisclosed.example.com (Anonymous) Sat, 21 Mar 2026 17:33:55 +0000 https://articles.59.ca/doku.php?id=pgpfan:gpgburn A Demonstration of Message Burning Through Encryption using GnuPG This can be taken as a practical example for Message Burning in Encrypted Messaging. It also serves as a standalone example of how forward secrecy could work in an OpenPGP context. You might consider doing something like this if you have encrypted messages you would like to burn where they: anonymous@undisclosed.example.com (Anonymous) Mon, 06 Dec 2021 12:10:31 +0000 https://articles.59.ca/doku.php?id=pgpfan:identstruct OpenPGP Identity Structure An OpenPGP identity contains the information that you give to others to allow them to verify signed messages/files from you and encrypt messages/files to you. It often comes in the form of file. It more or less looks like this: anonymous@undisclosed.example.com (Anonymous) Sat, 05 Jun 2021 00:39:16 +0000 https://articles.59.ca/doku.php?id=pgpfan:index PGP FAN PGP FAN RSS Feed A completely partisan pro-PGP series of articles. * I am a PGP FAN (Meta) * 2048 bit RSA Keys * PGP is a Form of Minimalism * Forward Secrecy * Off the Record * Deniability * The MD5 Story * Downgrade Attack Immunity * Oracle Attack Immunity * The EFAIL Hoax * Email Clients * Authenticated Encryption * The OpenPGP Modification Detection Code is Actually Good * Could Age Replace OpenPGP? * Anonymous Encrypted Messages * Signed Anonymous … anonymous@undisclosed.example.com (Anonymous) Tue, 10 Mar 2026 19:47:25 +0000 https://articles.59.ca/doku.php?id=pgpfan:interop Proposed New OpenPGP Cipher Block Modes Could Cause an Interoperability Disaster There are currently 2 block cipher modes in the OpenPGP standard. There are serious proposals out there for 4 more which could bring the total to 6. Those interested in the details can refer to my editorial/rant: anonymous@undisclosed.example.com (Anonymous) Fri, 11 Oct 2024 15:38:34 +0000 https://articles.59.ca/doku.php?id=pgpfan:intptxt On the Use of Theoretical Cryptography Jargon in Casual Conversation OK, this is a PGP advocacy article in that it uses an argument against the current OpenPGP encryption mode seen in the wild but the ideas here are generic and apply whenever theoretical cryptography concepts appear outside of the normal context for such things. anonymous@undisclosed.example.com (Anonymous) Tue, 05 Dec 2023 16:45:16 +0000 https://articles.59.ca/doku.php?id=pgpfan:ledowngrade Legacy Encryption Downgrade Attacks against LibrePGP and CMS: Some Comments Understanding parts of this discussion require knowledge of how PGP does authentication. There is an article for that: The Why of PGP Authentication. This is the paper under discussion here: * Legacy Encryption Downgrade Attacks against LibrePGP and CMS What is discussed in the paper is not the sort of thing someone familiar with, say, TLS would consider a downgrade attack. That would involve some sort of trickery … anonymous@undisclosed.example.com (Anonymous) Mon, 23 Mar 2026 19:12:02 +0000 https://articles.59.ca/doku.php?id=pgpfan:legends Misleading Legends Caused by EFAIL I discuss the security of the OpenPGP standard and implementations more than most. As a result I run across certain unhelpful ideas more than most. I am reasonably certain at this point that these ideas originally came from a hard to follow section of the paper describing a vulnerability called EFAIL anonymous@undisclosed.example.com (Anonymous) Sun, 02 Jun 2024 14:33:25 +0000 https://articles.59.ca/doku.php?id=pgpfan:md5 The MD5 Story MD5 is a cryptographic hash function. For some applications, such things can cause problems if they are found to not have a property called “collision resistance”. MD5 is known to have very poor collision resistance. When MD5 was first discovered to have poor collision resistance it was widely recommended to switch away from MD5 for all applications, even those that were not affected. It was generally assumed that MD5 would be soon discovered to be unsuitable for more classes of … anonymous@undisclosed.example.com (Anonymous) Tue, 09 Jun 2020 01:17:57 +0000 https://articles.59.ca/doku.php?id=pgpfan:mdc The OpenPGP Modification Detection Code is Actually Good A more detailed (and technical) article covering the same ground as this one exists: Principles of the OpenPGP SEIP (OCFB-MDC) and SE (OCFB) Block Cipher Modes. I once worked for a company that had a strange and intriguing dilemma. They had a popular Product. Marketing determined that the popularity was due to the fact that the Product lasted significantly longer than competing products. No one in the company had the faintest idea why th… anonymous@undisclosed.example.com (Anonymous) Sat, 29 Jun 2024 21:25:23 +0000 https://articles.59.ca/doku.php?id=pgpfan:minimalist PGP is a Form of Minimalism As a protocol, PGP is surprising simple. Here is what happens if you want to use it to securely send a message to someone: * You get from them a PGP identity (public key). How you do that is entirely up to you. * Your PGP program uses that identity to perform a single public key encryption of a message key. anonymous@undisclosed.example.com (Anonymous) Tue, 15 Jun 2021 19:50:19 +0000 https://articles.59.ca/doku.php?id=pgpfan:noae_shame Problems caused by new OpenPGP authenticated encryption modes A list of instances of problems caused by the introduction of new block cipher modes. This list is an editorial against the introduction of such modes simply by existing... * <https://old.reddit.com/r/GnuPG/comments/16pvc3m/unattended_gnupg_decryption_on_windows_is_a/> * <https://stackoverflow.com/questions/72145785/pgp-bouncycastle-kleopatra-decryption-unknown-packet-type-20> (4 instances) anonymous@undisclosed.example.com (Anonymous) Mon, 09 Sep 2024 19:02:20 +0000 https://articles.59.ca/doku.php?id=pgpfan:no_new_ae Replacing the OpenPGP Encryption Mode is Harmful and Pointless So... I have spent significant time writing PGP advocacy articles. The process involves digging into an old system in an attempt to figure out how it works. I apparently do things like that now. As my knowledge grew the articles evolved from spin to solid argument. It turned out that there was a lot of wisdom embedded in OpenPGP. I have recently discovered that the encryption framework used in OpenPGP (OCFB-MDC) is good and appropri… anonymous@undisclosed.example.com (Anonymous) Mon, 29 Jan 2024 13:21:05 +0000 https://articles.59.ca/doku.php?id=pgpfan:ocfb OpenPGP's Improved Cipher Feedback Mode (OCFB) OpenPGP uses something called the cipher feedback block encryption mode . It prevents some particular types of data leakage and imposes a penalty for unauthorized modifications of the protected messages/files. anonymous@undisclosed.example.com (Anonymous) Tue, 27 Dec 2022 22:56:12 +0000 https://articles.59.ca/doku.php?id=pgpfan:off_the_record Off the Record The Off the Record instant message privacy protocol is interesting in a PGP context because it introduced forward secrecy and Deniability as desirable features. The provocatively titled proposal provides the rationale for these features: * Off-the-Record Communication, or, Why Not To Use PGP The basic idea is that it could be possible to have a conversation over the internet that only exists in the minds of the participants after it is complete. Any sort of cryptography, inc… anonymous@undisclosed.example.com (Anonymous) Tue, 03 Nov 2020 11:27:13 +0000 https://articles.59.ca/doku.php?id=pgpfan:oracle Oracle Attack Immunity An oracle attack is a powerful technique used to discover information about the internal state of some system. The system is tested in some way, usually repetitively, and the response is analyzed. My single point here is that when PGP is used in a unidirectional application like email, oracle attacks are impossible simply because there is no response available. I suppose in theory the attacker could try to get the recipient to manually send back the error messages, but … anonymous@undisclosed.example.com (Anonymous) Mon, 07 Nov 2022 21:35:50 +0000 https://articles.59.ca/doku.php?id=pgpfan:pgpauth The Why of PGP Authentication There seems to be an ongoing misunderstanding of how PGP actually does authentication. That ends up being important in various discussions. Let's dig into perhaps the more interesting question of why PGP does the things it does and pick up the anonymous@undisclosed.example.com (Anonymous) Sat, 01 Nov 2025 11:57:11 +0000 https://articles.59.ca/doku.php?id=pgpfan:pgpfan I am a PGP FAN This is about how I became a fan of PGP. By PGP I mean things compliant with the OpenPGP standard and the standard itself, not necessarily the corporation of the same name. Recently (2020) there have been some articles about how PGP is a bad idea. They tend to show up whenever someone mentions PGP, even in passing. This one is often referenced: anonymous@undisclosed.example.com (Anonymous) Fri, 12 Mar 2021 18:25:12 +0000 https://articles.59.ca/doku.php?id=pgpfan:pubkey -----BEGIN PGP PUBLIC KEY BLOCK----- mQENBF7VXVMBCACrk3E+zj4dX3wOh2jKpC8ggxwQQAaKL7LgxZskxDLSIbmuOeGn OtoSlDi4oJb87mibegcnhpdn2uK9tNWWLdQSHY28OnaHwuRCoqiroK5Y80OWKP5w mNON8hYer7hNyMtevgKwiKlYht5jrM2VjA0wpbQZfEOlRFNzHWM+c3WY3mq5dZS6 6KBFq25AGd4FRWCsmbd2ZbuK4XyzjfN3DYIizVf/IW/ooUuyHe6plenUPtOMYhkK NLHDk+KblfcZK5NaCqdhRMC6fkRM0wOrSNMqxgdmY55RJBMZen1R7CatBwW6raHT CQLmY7iNtxGJ1IvKhqMaKnokRRynidtb5Yt5ABEBAAG0GFBHUCBGQU4gPGFydGlj bGVzQDU5LmNhPokBTgQTAQgAOAIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYh BBW0jlz… anonymous@undisclosed.example.com (Anonymous) Fri, 25 Aug 2023 23:54:50 +0000 https://articles.59.ca/doku.php?id=pgpfan:repudiability Deniability Deniability is also known as repudiability or plausible deniability. As far as I can determine, the idea came out of nowhere. It wasn't really an issue anyone worried about and then it was a feature. I will use PGP as the practical example anonymous@undisclosed.example.com (Anonymous) Sat, 05 Jun 2021 01:10:24 +0000 https://articles.59.ca/doku.php?id=pgpfan:rsabad Seriously, stop using RSA: comments This article criticizes the use of the RSA encryption and signature system: * Seriously, stop using RSA Basically the argument here is that RSA is too simple and straightforward. Therefore there is a temptation to implement it and make bonehead errors while doing so. The claim is made that other, more complicated, schemes are better because a potential implementer would become discouraged and would seek out a library. Presumably the implementer would then… anonymous@undisclosed.example.com (Anonymous) Wed, 31 Jul 2024 20:12:42 +0000 https://articles.59.ca/doku.php?id=pgpfan:schism About the "OpenPGP Schism" (2023 Dec) There has been a recent article about a disagreement in the OpenPGP standards process: A schism in the OpenPGP world That article has sparked some discussion. A perfect excuse to throw my own comments into the void... The politics here as I perceived them: anonymous@undisclosed.example.com (Anonymous) Sun, 06 Oct 2024 05:36:25 +0000 https://articles.59.ca/doku.php?id=pgpfan:seip Principles of the OpenPGP SEIP (OCFB-MDC) and SE (OCFB) Block Cipher Modes The SEIP (Symmetrically Encrypted Integrity Protected) block cipher mode is important because it is in the OpenPGP standard. It has been in use for a quarter of a century now. There are ongoing efforts to add another block cipher mode to the OpenPGP standard but even if a new mode becomes popular enough to be usable, because OpenPGP is used mostly for applications where the encrypted data stays around indefinitely, the c… anonymous@undisclosed.example.com (Anonymous) Sat, 14 Mar 2026 17:55:54 +0000 https://articles.59.ca/doku.php?id=pgpfan:signedanon Signed Anonymous Messages Normally you would send a message encrypted but with no signature when you want to go anonymous with OpenPGP. Sometimes you might want to send a series of anonymous messages tied together with the same identity. That is a bit more work but is quite doable using OpenPGP. anonymous@undisclosed.example.com (Anonymous) Thu, 27 May 2021 23:26:38 +0000 https://articles.59.ca/doku.php?id=pgpfan:starttls SMTP STARTTLS When an email server sends an email to another email server it can negotiate a secure encrypted connection using a process called STARTTLS. STARTTLS is a way to set up a TLS encrypted connection between two entities on the network on a catch as catch can basis. TLS is more famously used to secure the connections between web browsers and web servers. anonymous@undisclosed.example.com (Anonymous) Tue, 23 Nov 2021 12:56:56 +0000 https://articles.59.ca/doku.php?id=pgpfan:subject The Envelope Subject Encrypted email normally sends the “Subject:” line unencrypted. The disadvantage is obvious. The advantages less so. Back in the age of paper based messaging a message was represented as a physical object. That works well because people are good at manipulating objects (even thin sheets of paper) and because they are good at identifying objects. A person can easily pick out a particular message from a stack by riffling through them and triggering on the overall appearance … anonymous@undisclosed.example.com (Anonymous) Tue, 02 Nov 2021 13:21:53 +0000 https://articles.59.ca/doku.php?id=pgpfan:tpp The PGP Problem: A Critique You can read the revision of this article before the general rewrite but you should read this one instead. It is better. The anti-PGP rant in question can be found here: * The PGP Problem This is a pretty good rant. I feel like I am attacking a work of art with an axe here, but the rant promotes misconceptions that need to be addressed. anonymous@undisclosed.example.com (Anonymous) Thu, 02 May 2024 13:39:36 +0000 https://articles.59.ca/doku.php?id=pgpfan:wtmwp What’s the matter with PGP? ― Some Comments This is somewhat older blog post (2014), but it shows up in internet discussions from time to time, usually posted without context. I have some observations... The post in question: * What’s the matter with PGP? "PGP keys suck anonymous@undisclosed.example.com (Anonymous) Fri, 28 Jan 2022 17:48:35 +0000