Tom Ptacek on PGP/GPG alternatives

The high bit of the right answer to this question is that you don’t want to replace PGP; one of the things we’ve learned in 29 years is that you don’t want a single tool to do lots of different cryptographic things, because different applications have different cryptographic needs.

For package signing: use something in the signify/minisign family.

To encrypt a network transport, use WireGuard.

To protect a web transaction on the wire, TLS 1.3.

For transferring files: use Magic Wormhole.

For backups: use something like Tarsnap or restic.

For messaging: use something that does Signal Protocol.

To protect files at rest, use encrypted DMGs (or your OS’s equivalent, like encrypted loop mounts).

To encrypt individual files — a niche ask — use Filippo’s ungooglable “age”.

From an HN thread: https://news.ycombinator.com/item?id=27430624

#pgp #gpg #gnupg #encryption #cryptography #pki #signing #privacy #dataSecurity #TomPtacek #tptacek