Modern Alternatives to PGP
Did your last Yubikey just break? Perhaps you forgot an offline backup password. Maybe you're just tired of living like a spy and never using smartphones. Whatever it is, you're here, and you're finally ready to give up on PGP. That's great!
No one was sending you encrypted emails anyway, so that's easy enough. But the most widespread uses of PGP are machine-oriented, for needs like package signing and local file encryption. I recently got into this again on a thread that mentioned deprecating Go's OpenPGP package and people always ask the same question: if not PGP, then what?
The thing is, there can't be a direct modern alternative to PGP. It's a do-everything design that predates modern cryptographic engineering and hasn't worked out well. The "modern alternative" is to use a much more specific and much less configurable solution to your problem.
Here are the most common uses of PGP and their modern, focused alternatives.
Signatures for OS or package updates
Original need: Linux distributions and many other software update mechanisms use PGP signatures to prevent malicious mirrors or network attackers from altering the contents of their packages.
Modern alternative: a lightweight signing tool like OpenBSD's signify or minisign, either of which you could quickly build in Go using x/crypto/ed25519. I wrote one as a party trick last month – it's less than 200 lines of code and that includes some silly key parsing tricks.
These tools are extremely simple and robust because they only support one algorithm, lack state or any notion of a keyring, and are usually decoupled from complex messaging formats (which should be a separate concern from your signature cryptography). As a bonus they're mostly compatible with each other because the keys are all EdDSA keys. Need I even mention that EdDSA is much, much faster than RSA?
If you're a maintainer of self-serve packaging infrastructure or otherwise have more complex needs, you should take a look at TUF. It's a modern toolkit meant to resist all kinds of update-related attacks that PGP signatures simply don't address. For an idea of how it works in practice, check out the designs for Python's package infrastructure (PEP 458, PEP 480). The Notary project is a productionized and audited implementation.
Encrypting data blobs
Original need: You want to store individual pieces of data without making their contents accessible to anyone else on your system. For some reason this isn't built into operating systems yet, so programs like pass use PGP.
Modern alternative: nacl/box and nacl/secretbox. These are general-purpose replacements for encrypting any kind of data. They support public-key and secret-key encryption, respectively, and both use secure modern modes and ciphers.
Keybase made a very solid attempt to specify nacl in a storable message format with saltpack, which has a good Go implementation using the above x/crypto package. It works as a nearly drop-in replacement anywhere you were using ASCII-armored PGP data.
Sending files securely
Original need: You have files that you want to send to another person, but you don't want the data to be visible in transit or stored in the cloud. For this, folks often attach an encrypted ZIP file to an email.
Modern alternative: magic-wormhole. If you need to send files to another person securely, use this. It's based on a modern cryptographic technique called PAKE, which basically means it keeps your data safe in transit while giving an attacker no chance to crack the password. It generates those passwords for you, and they're short, one-time-use combinations of three English words – all your recipient needs to do is enter the words. There's nothing to remember long-term and no account information to lose in a data breach. Wormhole also works through firewalls and optionally supports Tor.
We live in the future. There are better options than emailing encrypted files around.
What's your lingering use case for PGP? Hit me up on Twitter or send me an email and let's talk about getting you off PGP for good.