Setting up autocrypt
software, security, pgp
Today I decided to try to setup Autocrypt for my email address. I use both Thunderbird and K9 email as clients, both support Autocrypt. The marketing of Autocrypt sounds great: automatic PGP encryption with any contacts that support it. This post documents my effort of setting up the clients so far. Neither client offers something like a ‘setup autocrypt’ button, I reckon setting up PGP first will unlock some options regarding Autocrypt.
- After installing the addon, it offers to install gnupg4win (this is on Windows) and I did.
- Continue with Enigmail setup (standard): a key is already present (how it got there: not stated).
- If you select this key (because I assumed either Enigmail or the GnuPG installer must have generated as an attempt to improve the UX for newbies) the next dialog requests a passphrase to protect the key.
- The following dialog generates a key anyway, so I am still unclear what the intially present key was. Perhaps it was an ‘identity’ (name + emailadres combo to which PGP keys are linked).
- Then you can save the revocation key (it is not explained how that is different from the private key, which is not explained either, nor is it explained wether or not that recovation key file will be protected by the passphrase entered previously.)
- Windows Firewall pops up with
dirmngr.exewanting access. No publisher, no other info. It’s 2018, your installer can add firewall rules just like in Linux, people!
- The last dialog of the wizard reports success, but no option to close or otherwise end Enigmail setup. Closing the windows gives a ‘do you want to abort’ modal. The dialog contains a link to more documentation (click) but clicking pops up a window with a ‘Server not found’ message.
As I can’t seem to continue, I aborted the attempt. I use Thunderbird 60, the latest versions Gnu Privacy Guard and Enigmail available as of today.
Setting up on K9 was not hasslefree either.
- Configuration page just says no providers present, does not suggest any solutions.
- K9 website mentions
OpenKeychain. F-droid has
OpenKeychain: Easy PGP. Anyone trained to be security-safe flinches here: subtle naming differences are a sure way to install spyware crap on commercial webstores. I took a chance and it is the correct program, but beforehand it is confusing precisely because you have to turn off behaviour that is otherwise essential (do not install similar named apps).
- During key generation crash, but key appears to be there. After trying to delete and revoke I deduce key upload probably failed (it is not on
keyserver.ubuntu.com, which isn’t listed anywhere either but appears in the errorlog when you wait a while on the key screen and a key import error appears.) Manually checking the keyserver URL reveiled that it was down. Fifteen minutes later it was up. There appears to be no way to publish the public key manually.
- In K9 I set OpenKeychain as OpenPGP app. No Autocrypt options appeared.
- Although OpenKeychain asked Contact-access, it does not reveal for which contacts keys were found. Also in K9 there is no feedback beforehand. A contact whom I know has a key published on
pgp.mit.eduwas listed as not supporting encryption.
You can feel where this is going: a resounding downvote for the entire process. Although I’d like to believe I’m not clueless, I did not manage to setup PGP email encryption, and I do blame the software for being obtuse. I suppose it is entirely geared towards people working in organizations (formal or not) already intimately familiar with PGP. I also suppose I must have hit a bug in Thunderbird. The fact that the setup procedure has bugs in both pieces of software does not leave the impression of solidity however, and it feels a lot like the early Linux-days, where having the time and skill to troubleshoot was essential and seen as a rite of passage. Today I expect something different, and I now know why PGP has next to no adoption: only those who really care (for either personal safety or authentication reasons) can manage. I am proud to have converted my closest family to Signal, and I chose Autocrypt so that I might have a chance with them too, without forcing them to switch to third party providers (Tutanota, Protonmail, etc.). That is not going to happen however, because this is a process that even I cannot tolerate.
Since the third parties mentioned are all siloed and/or require that you trust them because they hold your private keys, I don’t see any good way forward. Custom domains, which I think is an important component to being independently secure, cost money with all of them, and good amounts too. Only Tutanota has a reasonable price of 1 EUR/month where I could hook up my domain and send non-Tutanota contacts links to my encrypted message, which is fine on occasion but untenable as a matter of course.
So, I think I’ll check in on Enigmail with a new release to see if things were fixed. Until then I’ll continue to do what I’ve done so far:
- Assume email is compromised. Just accept it: even if I am secure, 99% of my contacts will not be, and will use hosters that not to be trusted.
- Have a custom domain, so that options remain open
- Avoid hosters in US jurisdictions (
- Do not use the hoster for email storage, so that data mining or trawling by state actors will result in little data. That is: I save important emails to disk (which I prefer anyway, I store them in my regular document file hierarchy) and delete email that’s read and has no lasting value (which is nearly all email). Every now and then I cleanup by selected all mail older than N months and delete it all.
- Use any of the secure third parties for disposable purposes, they’re better protected than the mainstream options.