In the world of private encryption, there are few words more apocalyptic than “I gave away my private key.” It is rule number one of PGP security – never reveal your private key to anyone else.
Unfortunately, in a maddening and completely avoidable blunder, the Adobe security team posted their private PGP key publicly on their blog.
This is a miserable mistake for Adobe. Over the last few years, the company has been the butt of a number of major incidents, mostly concerning Adobe Flash (which was most recently compromised in order to deliver malware known as FinSpy). By regularly communicating with the public via its Product Security Incident Response Team (PSIRT), Adobe was trying to restore public trust in its security measures. Whoops?
Once we’re all done pointing and laughing, let’s remember that PGP encryption – while worthy of our respect as a time-honored form of secure communication – is rather hopelessly outdated. In fact, the format of PGP makes sharing a private key into a rather easy mistake. What went wrong with Adobe’s PGP implementation – and is it time for a change?
What’s So Bad About Sharing Your Private Key?
Here’s a brief explanation of PGP, which should make it easy to understand why sharing your private key is a pretty bad idea.
Let’s say that you want to send a message to your colleague, without any way for a third party to read that message if it’s intercepted.
Standard cryptography uses something called symmetric key encryption. In this case, the same key is used to both encrypt and decrypt protected data. This works well enough for data at rest, but if you want to send data somewhere else, you also need to send the recipient a means of decryption. If an attacker intercepts that key, they can read and steal all your files.
PGP lets end users put decryption keys out in public without incurring risk from attackers. PGP uses a public key to encrypt data, but a private key to decrypt data. As long as no one has your private key, no one can read the messages that you send in public.
Image via Introduction to Cryptography in the PGP 6.5.1 documentation. Copyright © 1990-1999 Network Associates, Inc. and its Affiliated Companies. All Rights Reserved.
Why PGP Makes Sharing a Private Key into an Easy Mistake
PGP was developed in the early 90s, back when email was still a relative novelty. The way that we send an email has changed between now and then, as well as the frequency of email use – and PGP no longer quite fits the bill.
- Key management is poorly implemented. There’s no good way to sort public keys so that different keys belong to different groups of people.
- Poor mobile device implementation – the founder of PGP, Philip Zimmerman, doesn’t even use PGP on his smartphone.
- Attachments are hard to handle. It’s possible to send attachments with PGP, because encryption expands their file size. If an encrypted attachment is over a client’s email attachment size limit, it may be impossible to share it securely via PGP.
- It’s hard to encrypt email subject lines, and impossible to encrypt email addresses – attackers can still learn who you’re talking to, and make guesses about subject matter.
In the case of Adobe, it became clear that someone had output a PGP key from a popular email extension, clicked the wrong button, and copy-pasted both the public and private key to the Adobe blog. Who among us hasn’t copied and pasted the wrong thing? If breaking PGP security is that easy, maybe it’s time we tried something else.
It’s Time to Replace PGP with Safe-T
Are you interested in our email security system that automatically applies encryption – with no risk of accidentally exposing your secure communications? Safe-T’s Software-Defined Access Solution, lets users implement secure, auditable, and encrypted emails across desktops, mobile devices, and home computers. Don’t make mistakes – make yourself safe. For more information, contact Safe-T for a free trial today.