PGP (and its de facto reference implementation in GnuPG) is not the main player in this space, unless you define the space down to a point so small and idiosyncratic that it doesn't really have meaning in an broad discussion.
It's both. GnuPG has very poor UX and it's also so old and so well-known that it kills a lot of the "unknown upstarts". I think on balance GnuPG reduces the security of network communications and the appeal of a web of trust PKI because it's presented as "the main player", people try to use it, realize that the UX is garbage, and become disillusioned in the technology behind it.
Eh, it's pretty new, and new cryptosystems are often more likely to have vulnerabilities. It's still safer than PGP, but that's not a high bar. Hopefully over the coming years it will become more widely used and scrutinized with few vulnerabilities reported, in which case it will then be more clearly safe to rely on.
I also have never heard of Age. Then again, I don’t actively keep up-to-date with the world of cryptography (other than from a PKI/X.509/TLS perspective) . As a system administrator, I only use GnuPG to check the signatures of software packages and to exchange passwords with other sysadmins.
This thread has been both interesting and educational.
Serious question: how read into work on cryptography engineering and secure messaging do you feel you are? I'm trying to get a gauge of what it means to be "brand new" for you. What cipher constructions are OK? The CAESAR finalists? The AEADs Rogaway surveys in his papers? The ones GnuPG supports?
It seems weird to me to gauge someone’s understanding of “brand new” for cryptography software by measuring against primitives and constructions. To me at least, those are not the same thing. Even if a piece of software contains cryptography I will still also evaluate its age as a piece of software simply as a proxy for maturity and stability of the feature set.
No it was a comment trying to indicate that I found your question odd, and ask why you think your question is useful? Do you believe there is a single notion of brand new that can be applied across all categories? Is the age for brand new milk the same as for software or for scientific results or items of clothing? Or do you believe that for the categories of software and cryptographic theory the notion of brand new is equivalent?
Frankly in my reading of your question you come across as very arrogant, where you use the guise of a “serious question” to show off your knowledge cryptography.
I also agree with adament. It may not be responsive to your question but your question doesn't read in good faith and many of your other comments in this thread read as pitiless war against an opponent you've decided is your enemy.
There have been many articles written that push back against the narrative a small cohort of security people push that GnuPG and OpenPGP by extension should be avoided at all costs. Personally, I find it has stood the test of time admirably and that its "multi-tool" functionality unlocks features I use almost every day like a web of trust in Keybase and using it as an ssh agent. I actually don't want another tiny tool in age. With Sequoia the future of PGP looks bright.
You're trying to tell us that software from 2019 isn't new? The majority of the software that I use on a daily basis is minimum a decade old, and I don't think I'm alone.
Yeah, and it is supposedly a software related to cryptography. Has it been audited at least? They are promoting it so much, but GnuPG has been around for a while now and loads of people have used it. What about Age? I feel more comfortable with GnuPG.
I am sure audits could help Age either way. :) I am just saying that it is still fresh as opposed to GnuPG. This is what people typically call "battle-tested", when the software has been used by a zillion of people for some time. Of course I cannot speak about Age much, this is the first time I heard about it.
Hell, I have shirts older than the language it's written in.
In 20 years, I might not even be able to find a working compiler to build it, after the shiny-object crowd moves on to something else.
You know what I'll still be able to decrypt? An ASCII-armored, GPG encrypted, TAR archive.
Personally, I am not interested in the latest evolutionary improvements on file formats. Evolution produces a lot of interesting things; most of them are dead ends. What I want is the cockroach of file formats. The coelacanth.
You will be able to decrypt a file produced by age. All the cryptography there is standard, you'll have a compatible library in whatever language you'll use in 20 years, if you think the first party Go and Rust implementations won't survive.
Using common libraries, I can create a python program to decrypt a file produced by age in a few hours, I think.
No. Brand new means completely new. Something that's going on 3 years old isn't brand new anymore.
A more appropriately term is relatively new. Civilization is relatively new compared to the age of the universe. Age is relatively new compared to modern computers.
So don't use WhatsApp. That's a reasonable decision to make! I don't ever opt into it or recommend it to people (though I'd happily use it in preference to PGP email, which is doubtlessly the most risky secure messaging implementation on the Internet, arguably even more dangerous than simply using ordinary plaintext email with Google Mail).
It didn't try to do what you put on that list. It didn't do messaging; messaging programs used it. It didn't do backups; backup programs used it.
It's just a foundation-sort of program that does encryption and signing of arbitrary data, using one format for keys, and allowing working with those keys whether they're in the same computer or in a smartcard/hsm. That simplifies key management, since it allows you to have one Yubikey with your PGP key on it and do basically anything crypto related.
But what I believe someguydave was referring to was stuff like smartcard/Yubikey support, not different uses of encryption and signing.
age can't sign, though. It's not as useful. You can't use it for authentication, for instance. You need a separate program with a separate key and its own separate yubikey support.
I was more thinking of the extensive support GPG has in many email clients on many platforms for supporting encryption and signing use cases, as well as key management.
Thank you! I was unfamiliar with both age and Cwtch. From what I can tell, Cwtch is also a linear messaging system. Are you aware of any software offering secure non-linear (hopefully threaded) messaging, i.e. a secure e-mail replacement? It does not have to be MIME, SMTP, IMAP based like PGP, but preferably support for similar branching conversations and archiving and hopefully with support for multiple users. I love Signal but I find that finding old messages, or groups with more than a few people and branching conversations is a lot less pleasant than e-mail. And thus Signal is not currently a replacement for e-mail for me but a great addition.
>Encrypted backups: age + a Reed-Solomon encoder for catching flipped bits
I fear that I might of caused this idea. I have as a result added the following footnote to the article that I suspect is the cause[1]:
>Please note that the single flipped bit here is not a realistic example and that in practice damage tends to encompass one or more media blocks. Such blocks tend to be multiples of 512 bytes.
I am afraid that someone might actually implement this...
