Bert Johnson » Blog »

OpaqueMail 2.2.0 Adds PGP Support

When I first created OpaqueMail, I faced the difficult choice between S/MIME and PGP as the standard for encryption.

The advantages for S/MIME were:

  1. A lower barrier of entry due to supporting libraries pre-installed with Windows.
  2. Greater familiarity and ease of use for developers used to public key infrastructure.
  3. Lower complexity of managing, securing, and choosing keys.

S/MIME adoption has grown, partly thanks to the usability of OpaqueMail, but it remains prohibitively complex for many scenarios.

Email is being increasingly secured through PGP. I don’t have reliable data, but PGP seems to enjoy wider adoption and awareness from the general public. I’ve wanted to support both for a while now, but needed a good reason to embark on the PGP path.

A tipping point for me this month has been Facebook’s new support for publishing PGP keys. Finally, there is a public, (largely) trusted database where users can share keys. Instead of the traditional “web of trust”, I expect key databases (like to foster increased adoption.

With that background, I’ve started adding PGP support to OpaqueMail, now available to test in the 2.2.0 release. For the first time, OpaqueMail now has a dependency on another open source library: BouncyCastle. PGP is far too complex to implement from scratch and thankfully BouncyCastle provides secure, high-performance, and complete libraries for cryptography. The Legion of the Bouncy Castle dates back to the 1990s and their code has been scrutinized by tens of thousands of developers.

OpaqueMail 2.2.0 features PGP decryption and signature verification only. Encryption and signature creation is planned for a future release.

Beyond that, I may start another project to streamline public key discovery from Facebook and other federated sources.