A partial replacement for PGP/GPG
Command Line – Modern File Encryption
Age, a modern encryption tool, could soon replace PGP and GPG when it comes to file encryption.
If you encrypt, you are probably familiar with Pretty Good Privacy (PGP) [1] or its clone GNU Privacy Guard (GPG). Most likely, you have used one of these tools to generate public and private keys and to encrypt email and files. The Free Software Foundation explains these tools in its Email Self-Defense Guide as a first step towards privacy [2]. However, despite PGP and GPS being ubiquitous when it comes to privacy, some people believe that these tools are counter-productive and little more effective than the feeble default protection available for PDF files when it comes to modern computing. Ironically, as PGP and GPG become more widely used, some security experts are advocating for their replacement with Actual Good Encryption (age), at least for file encryption [3].
Why do some security experts claim that PGP and GPG are obsolete? To begin with, PGP and GPG have long public keys that can be difficult to work with when space is limited, and copying them accurately by hand is difficult. In particular, they can be difficult to configure, even when the simple configuration wizard is used (Figure 1). When generating a key, PGP and GPG require numerous choices, including the encryption method, the key size, and how long the key is valid. Even a moderately skilled user can be hard-pressed to answer such questions intelligently. As a result, users may simply fall back on the defaults, although ignorance and security are hardly compatible. Many users, too, complain about having to move the cursor around to generate sufficient randomness – and, the longer the key, the longer it takes to generate the randomness. To further add to the confusion, PGP and GPG do too many things, such as signing services and key management, that many users have no interest in, which can add to the confusion.
Even more important, PGP and GPG were first written in 1991, and they are showing their age. They come from an era in which cryptography was in its infancy. The Latacora corporate blog [4] complains about the "absurd complexity" that includes eight different ways of encoding the length of a packet and three different compression formats, as well as "keys and subkeys. Key IDs and key servers and key signatures. Sign-only and encrypt-only. Multiple 'key rings'. Revocation certificates." Likening PGP and GPG to a Swiss army knife that has multiple functions but does few of them well, the blog states baldly, "No competent crypto engineer would design a system that looked like PGP today, nor tolerate most of its defects in any other design. Serious cryptographers have largely given up on PGP and don't spend much time publishing on it anymore (…). Well-understood problems in PGP have gone unaddressed for over a decade because of this." Because of all these problems, PGP and GPG most likely lack what cryptography experts called "forward secrecy" – the ability to function today in the way in which they were originally intended. In fact, John Hopkins cryptographer Matthew Green declared as early as 2014 that "It's time for PGP to die" [5].
Age is designed as a partial replacement for PGP and GPG. It is not a complete replacement, because it lacks a wizard and does not manage keyrings or many other aspects of encryption. Rather, in keeping with the Unix philosophy that a command should do one thing very well, age only creates keys and encrypts files. Age offers a few other advantages:
- Functions are kept simple by using only default configurations
- Small keys
- No configuration options to understand
- Public and private key pairs and passwords, with multiple recipients
- The option for encrypted identity files
- Encryption via PEM-encoded, ASCII-armored format (the current industry standard) [6]
- Encryption for SSH keys, including GitHub
.keys
support
The result is a simpler, easier to understand approach to encryption that meets the highest modern standards.
Using Age
Age is available in most modern distributions. Compared to PGP, it is radically simple, with no options for key size or choice of algorithms (Figure 2). Before using age, all you must do is create a public and private key. The keys can be stored in a plain text file, but you should, of course, add a passphrase to the file, or else you have compromised the keys from the beginning. To do this, enter:
age-keygen | age -p > KEY-FILE.age
If you choose an auto-generated passphrase, age provides an xkcd-style passphrase [7] consisting of a series of randomly generated words, which is easier to remember than a random set of upper and lowercase letters, numerals, and special characters.
Each file to encrypt can be given its own xkcd-style passphrase. However, to avoid unnecessary complication, you only reference the file that the key is stored in. To add the key for a recipient who has your public key, the file to be encrypted, and the name of the output file, enter:
age -r RECIPIENT-KEY INPUT-FILE OUTPUT-FILE.age
All these elements must be present for the command to function. To send to more than one recipient, add multiple -r
options or else store a list of recipients in a file and add the path to the file using the -R
option if you are using a recent version of age. Note that the -R
option may not be available in some distributions' repositories.
Similarly, to decrypt a file, enter:
age -d -i KEY-FILE.txt -o OUTPUT-FILE ENCRYPTED-FILE
Age does not support ssh-agent
, but it does work with sh-rsa
and ssh-ed25519
SSH public keys. Using curl
and a key listed in a GitHub profile, age can also send an encrypted file to a GitHub user, as follows:
$ curl https://github.com/benjojo.keys | age -R - example.jpg > example.jpg.age
A Payload Without a Delivery System
In its current state, age might be compared to a missile, whose payload is ready, but whose delivery system is still in development. Age offers a simple and advanced means of encryption, but it remains largely unknown and unused. This state of affairs is very obvious: When you make a mistake, age responds with "Did age not do what you expected? Could an error be more useful? Tell us: https://filippo.io/age/report." Moreover, current documentation is minimal, and age leaves the location of key files and the entry of recipients up to users to decide. In addition, it does not yet provide any key management.
Another obstacle to age's adoption is that while its advantages are well-known to many cryptographers, desktop and distribution developers are still focused on making PGP accessible to average users. This basic disconnect among developers still needs to be bridged.
For this reason, if you choose to use age, you need to be prepared to work out the delivery system by yourself. While not difficult, this approach is a little rough and ready, so if you want modern and secure encryption, be prepared. When using age, you are using a command still in rapid development.
Infos
- PGP: https://en.wikipedia.org/wiki/Pretty_Good_Privacy
- Email Self-Defense Guide: https://emailselfdefense.fsf.org/en/?pk_campaign=fsfhome
- age: https://github.com/FiloSottile/age
- Latacora blog: https://latacora.singles/2019/07/16/the-pgp-problem.html
- Mathew Green: https://blog.cryptographyengineering.com/2014/08/13/whats-matter-with-pgp/
- age: https://github.com/C2SP/C2SP/blob/main/age.md
- xkcd passwords: https://xkcd.com/936/
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Latest Cinnamon Desktop Releases with a Bold New Look
Just in time for the holidays, the developer of the Cinnamon desktop has shipped a new release to help spice up your eggnog with new features and a new look.
-
Armbian 24.11 Released with Expanded Hardware Support
If you've been waiting for Armbian to support OrangePi 5 Max and Radxa ROCK 5B+, the wait is over.
-
SUSE Renames Several Products for Better Name Recognition
SUSE has been a very powerful player in the European market, but it knows it must branch out to gain serious traction. Will a name change do the trick?
-
ESET Discovers New Linux Malware
WolfsBane is an all-in-one malware that has hit the Linux operating system and includes a dropper, a launcher, and a backdoor.
-
New Linux Kernel Patch Allows Forcing a CPU Mitigation
Even when CPU mitigations can consume precious CPU cycles, it might not be a bad idea to allow users to enable them, even if your machine isn't vulnerable.
-
Red Hat Enterprise Linux 9.5 Released
Notify your friends, loved ones, and colleagues that the latest version of RHEL is available with plenty of enhancements.
-
Linux Sees Massive Performance Increase from a Single Line of Code
With one line of code, Intel was able to increase the performance of the Linux kernel by 4,000 percent.
-
Fedora KDE Approved as an Official Spin
If you prefer the Plasma desktop environment and the Fedora distribution, you're in luck because there's now an official spin that is listed on the same level as the Fedora Workstation edition.
-
New Steam Client Ups the Ante for Linux
The latest release from Steam has some pretty cool tricks up its sleeve.
-
Gnome OS Transitioning Toward a General-Purpose Distro
If you're looking for the perfectly vanilla take on the Gnome desktop, Gnome OS might be for you.