Daniel Micay (Lead developer of GraphineOS) decided to use
signify instead of
gpg because of many issues associated with
gpg and the OpenPGP standard, including:
- PGP Certificate Flooding attacks
gpgis very hard to use
signifyis far simpler than the
OpenPGPspec; it’s less vulnerable to (keychain) exploits, the code is shorter, and has a lower attack surface
gpgimplementation bugs permitting DOS attacks on keyrings are long-standing and not being addressed in a timely manner by its developers
It’s overly complex with far too much attack surface and has egregiously bad usability and security. It’s only suitable for usage as a case study in how not to design and implement software. Rather than changing the instructions to work around GPG deficiencies, it won’t be used.
It’s a systemic issue, not a specific problem. GPG is vulnerable to a severe denial of service (permanently bricking the keyring) when importing public keys through multiple weaknesses. The public keyservers make the situation worse, but the issues with the GPG implementation are still relevant even without keyservers.
GPG also has a lot more wrong with it than this. I’ve been phasing it out over time for my own usage and had previously talked about my plans to phase it out for GrapheneOS too. OpenPGP is a overly complex and poorly designed legacy standard, and GPG is a low quality implementation of it.
The thing that finally pushed me to prioritize fixing this was the terrible responses of the GPG developers to the issue summarized well by Hanno Böck: https://twitter.com/hanno/status/1145597144373575680.
Look through my recent tweets / replies and retweets about GPG, or my previous threads about it in May.
These are the opinions of Daniel, not my own. Of course I think signing with PGP is better than not signing at all (or where signature verification requires you to use a tool that cannot itself be obtained securely), which is the absurd reality of most Android ROMs.