OpenPGP is a legacy ass protocol. It lacks forward secrecy.
We need something newer and better. (Signal, for example).
The idea of an overlay encoding for social media is good, but we can do much better than OpenPGP!
Thank you for the feedback!
I believe GPG is a legacy, but far from obsolete. There are definitely new protocols and developments, but this extension does not intend to be a full messenger.
As you said, it is an overlay encoding for social media. The tool was designed to not make online transactions like negotiating keys. It is designed to be simple, light and do everything locally.
I am willing to implement other functionalities and evolve the tool, but as a first version, I think it is safe enough to solve the problem of exchanging private messages on Twitter (and other social media soon)
reply
The problem is that openpgp has a massive footprint and supports many legacy key formats. It is from a time of “cryptoagility”, which is an anti goal today. You don’t want to be using RSA keys in 2024.
have a look at saltpack
reply
I recommend using ECC 25519 in README because of RSA's massive and slow keys. It is secure, fast, and widely used today.
GPG is not 'anti-goal'. It is about security and anti-surveillance.
reply
You misunderstand me — “cryptoagility” is an anti-goal today. OpenPGP was designed for “cryptoagility”, so it runs against modern cryptographic engineering principals. This is yet another reason why OpenPGP is bad.
I agree curve25519/ed25519 is what you want to use, that’s why I recommended a modern cryptography library like NaCl and Saltpack for encoding. Not OpenPGP.
It’s not enough to not recommend RSA, a good cryptosystem doesn’t support bad algorithms. Really you shouldn’t recommend anything, because users have no clue. You simply abstract sensible params for the user.
reply
Then maybe you should do it?
reply
No can do, contractual obligations, sorry
reply