I wanted to start a discussion about recent vulnerabilities discovered in GnuPG, the most widely used implementation of OpenPGP. Some of these flaws allow modifying the plaintext shown when verifying a signature or altering local files, which raises questions about the security of encrypted email practices [*].
While OpenPGP remains a mature standard for email encryption, these issues highlight its limitations for modern security needs:
No forward secrecy (if a key is compromised, all past messages are at risk).
Complex key management for average users.
Vulnerable to some future threats, like post-quantum attacks.
Misaligned with modern messaging practices, which are often asynchronous and more secure, like Signal.
This raises the question: for email providers using OpenPGP, like ProtonMail or similar services, what are the potential impacts on user security? How can these providers mitigate the limitations of PGP/OpenPGP?
Additionally, are there better ways to secure email content while staying within the email ecosystem (without moving fully to secure messaging apps)? For example, approaches like server-side encryption, forward secrecy, or emerging standards like Autocrypt.
Of course, email is not ideal for all sensitive communications, but it remains widely used, and improved protections could help reduce risks.
I’d love to hear your thoughts, experiences, or practical advice on good email encryption practices!
It’s a huge hassle and there are many steps where you can make a mistake. It’s much easier and better to handle things on Signal, for example. And if people say it’s supposedly difficult to install…
edit. I didn’t really know about those messages sent inside. It just reminded me of all the trouble with PGP before I decided I couldn’t trust it if it was so hard even for me.
How you mean huge hassle and many steps. It’s as simple as two people having a Proton or a Tuta account to ensure the privacy and security they provide. No?
Is the quality of encryption, privacy, and security better with Proton to Proton, Tuta to Tuta, or on Signal?
I don’t use OpenPGP for email. In the few cases I used OpenPGP for email, the contacts I communicated with made mistakes that leaked the contents of emails. I’d estimate the success rate of my OpenPGP email use as 40% inspite of not making a single mistake myself. OpenPGP email is extremely too prone to failure. Purpose-built end-to-end encryption like Signal should be used instead for secure communication.
However I still use GnuPG to encrypt, decrypt, sign and verify data, particularly downloaded software. Thus I still worry about GnuPG’s and OpenPGP’s vulnerabilities. I should consider switching to Sequoia PGP, age/minisign etc but I haven’tyet.
Aside from end-to-end encryption, one major pro of Proton to Proton and Tuta to Tuta that I suspect exists is those emails don’t leave their servers. Is that correct? But this is not thanks to OpenPGP anyway.
FYI GnuPG stopped following OpenPGP (standard, website), and now follows the fork called LibrePGP (standard, website). I made a post containing a brief background of OpenPGP vs LibrePGP here.
As far as I can tell by glossing over the code for the web client and various FAQs and blogposts, Proton-to-Proton emails are still just PGP. The main benefit is that it’s less of a hassle for non-technical users.
Tuta doesn’t use PGP, but I wouldn’t really expect they win many points regardless. I am by no means an expert and would defer to Soatok’s recent blogpost on email encryption. But my understanding is, even though Tuta and Proton can reduce some of the issues, the biggest issues are the fact that it’s possible to send cleartext emails at all and that email inherently requires a fair bit of metadata to be sent in cleartext.
My answer would be that between the three, Signal is the best. It isn’t held back by the requirements of email.
If I could get by without an email at all, I probably would. But unfortunately, email is something of a requirement for many parts of modern life, simply because it established itself.