OpenPGP really works
or it’s more sexy to create the next secure chat applications than improving existing RFCs
By Alexandre Dulaunoy
Jan 2 2017
In the past years, I have seen many articles, publications or blog posts mentioning that PGP is dead or has been replaced by the next-generation chat applications. We are obviously shifting our communication channels towards ephemeral communication schemes and the OpenPGP standard is maybe not the best suited protocol. Already in 2005, the well-known paper “Why Johnny Can’t Encrypt” was already pinpointing the shortcoming of the user-interface and experience in PGP. So I decided to track one day of my activities relying on PGP and especially to list where the OpenPGP standards play a significant role and especially its GnuPG free software implementation.
My day-to-day work is in the field of information security and especially incident handling, analysis and response. A significant volume of sensitive information is exchanged, handled, stored, processed and distributed when you perform incident response. Ensuring integrity, authentication and confidentiality is a key factor. So I installed snoopy for a day to look how many times GnuPG or a related library is started and used on my laptop running a recent Ubuntu GNU/Linux distribution.
The output of snoopy looks like this: