Glenn Greenwald almost missed the Snowden story because he found PGP / GPG too expensive to set up. GPG, so the alleged reproaches, is complicated, not user-friendly and no longer up-to-date. The obvious solution: PGP in simple and straightforward. It is with this goal in mind that Pep (Pretty Easy Privacy) wants to radically simplify email encryption.
I tried them out and found that instead of living up to their goal, open source encryption software complicates everything, asking GPG users not less but more know-how and undermining hard-won security.
I have been using GPG since my schooldays and daily. I persuaded friends and acquaintances to use GPG, held workshops, and introduced people to the use of GPG. Every update that I install is checked by GPG using a signature. In short: I am a friend of GPG. However, I did not become a friend of Pep.
Simple chaos
When I first got an encrypted email from a friend a few months ago, whose subject was simply “p≡p” , I was already angry. The friend had flattened his computer, reinstalling Thunderbird and Enigmail, and replaying his GPG keys manually via Enigmail. Since it was already too late: Enigmail ran in junior mode and took over control with Pep. For the established e-mail accounts GPG keys were generated completely automated and without any demand – without password, without expiration date, without everything. After importing the original and self-generated key, Enigmail just kept using the Pep key – and brought the named friend pretty easy to despair.
Pep undermines security
A similar problem also had a club whose club mail address is managed by several people with the same key. Again, the Thunderbird / Enigmail installations of individual users themselves began to generate and use Pep keys for the club email address. The Pep keys were appended to each email sent, after which some recipients began to encrypt their replies to the club with just those Pep keys. The encrypted mails could only read one person at best. In the unfavorable case of another reinstalling, no member of the club was able to approach the contents. The shared encryption of the mail address was gone.
That Enigmail ran after the reinstallation in junior mode and thus automatically herumpfuscht in their security settings, the software did not tell the club members. They first had to find out what was going on. The deactivation of Pep was at least under Ubuntu anything but easy.
In the Enigmail settings, the junior mode and thus Pep can be deactivated, but under Ubuntu the users are the design settings for the fatal. The individual recruitment riders are not recognizable as such. Only when the tab “Compatibility” has been discovered and the selection of “Automatically decide whether to use junior mode” has been changed to the setting “Use of S / MIME and Enigmail” can GPG be used as usual. Why users have to look for it in the options remains unclear. Many Thunderbird / Enigmail users were also unclear on what each of the options, conspiratorially phrased, meant.
But that’s not all: Pep also handles the complete key management. In a test, I could cheer Pep any keys.
Trolls with Pep
In order to make e-mail encryption particularly easy for users, Pep takes over the complete key management. Each e-mail sent will be automatically attached to the generated peg key. If the recipient also uses the software, Pep answers automatically with his key. The automatic key exchange is called Pep Handshake. However, not only these handshake keys are accepted, but every key attached to an e-mail.
I generate GPG keys for different email addresses with different domain endings and send them as an email attachment to a Thunderbird installation with Enigmail in junior mode. There I open the emails and see – nothing. Unusually, Thunderbird does not even show me that the emails contain an attachment. The keys are literally hidden from the user, but then appear – fully automatically – in the key management of Enigmail and in the key memory of GPG. Even a key for the recipient account, for which Pep has already created keys, is accepted without being asked.
If an encrypted email address has already been communicated and a handshake or key exchange has been carried out, Pep will store my underlined keys, but will not use them. For all email addresses that do not, the underlined keys are used. Be it because no key exchange has taken place or because the email address in question does not support encryption with GPG. The user automatically sends unreadable e-mails – encrypted with my keys – to these e-mail addresses.
To a security problem, it may come here only in individual cases, however, Pep is wonderful to troll people.
However, this automatism can lead to security problems elsewhere: GPG is not only used for encrypting e-mails, but also for signing software. For example, using the signatures before installing a Nextcloud or the Tor browser, you can check whether the software has been infected with a Trojan on the way. Via Pep, users could be subject to fake keys from Nextcloud, the Tor project, or other software projects. If the downloaded software is changed along the way and signed with the fake keys, users could catch malware – even if they have reviewed the software.
Users want to be asked
Key exchange is always a critical point of public-key cryptography, which can be used for example in man-in-the-middle (MitM) attacks. With these, the keys are intercepted and exchanged by both communication partners. Pep does not solve this central problem, but automates it.
In the end, Pep takes a lot of control out of their hand and hardly asks questions. Do you want to use Pep? Do you want to import this key? Pep should ask these questions to users instead of hiding the entire encryption process from them.
In the end, Pep does not even reach his original goal. The various operating modes and automatisms do not simplify the life of the user. On the contrary, it confuses them, undermining their choices and thus their safety. In my environment, Pep has done one thing above all: To annoy and unsettle. The joy was usually greatest when the option to disable Pep was found. I have not yet received an intentionally encrypted email with Pep.