GPG doesn't get a lot love because it has a lot of backwards compatibility with algorithms that shouldn't be used any more and the APIs and CLI tools are a mess of UX.
The second part is completely mitigated by using pass - you get a simple, clear CLI interface that is almost impossible to mis-use. The first part is partially on you: if you create a gpg key with very weak encryption, you've got a problem. But if you create a modern GPG key, you're perfectly fine. The cryptography of modern algorithms in GPG is not part of that debate as far as I know. On 8/29/19 11:24 AM, Sylvia Gough wrote: > First, I'd like to thank Jason for all the amazing crypto work he's > been doing. > > Now to my question. I'm considering using pass as my password manager, > and security is obviously a top concern for this roll. I know that > pass is using GPG under the hood, and as far as I can see GPG doesn't > get much love among cryptographers[1][2]. > > What's your opinion about this? > > [1]: https://latacora.micro.blog/2019/07/16/the-pgp-problem.html > [2]: https://blog.filippo.io/giving-up-on-long-term-pgp/ > > _______________________________________________ > Password-Store mailing list > [email protected] > https://lists.zx2c4.com/mailman/listinfo/password-store
_______________________________________________ Password-Store mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/password-store
