Switching from GPG to Age

Original Article ↗ Hacker News Discussion ↗

Scope: what age does vs what GPG/PGP does

  • age is praised as “super clean” because it only does file encryption; some see this narrow scope as its main virtue.
  • Multiple commenters argue that calling this “switching from GPG” is misleading unless it explicitly means “for file encryption only.”
  • GPG/PGP are described as multi‑purpose: encryption, signing, key management, web of trust, email integration, smartcard use, SSH auth, commit signing, release signing, multiple recipients, revocation, etc.
  • age does not cover signing, identity, web-of-trust, or key discovery; minisign/signify only cover signing. None are viewed as full PGP replacements, just simpler subsets.

Who actually uses PGP, and for what

  • One camp claims almost everyone outside a small niche only ever used GPG for one-off file encryption, so age is sufficient and more adoptable.
  • Another camp argues PGP is still foundational: used by Linux distributions and critical infrastructure for package signing, by security teams for disclosures, and by serious engineers for commit signing, reviews, SSH, passwords, etc.
  • There’s disagreement over how often PGP is actually used in bug bounties and disclosures; some say PGP-encrypted reports are rare and not correlated with severity, others say they are rare but high quality and important.

Identity, public keys, and “security theater”

  • A workflow where admins demand a public key before sending credentials via Slack is debated.
  • Critics argue this is “security theater” if the key is not authenticated; it doesn’t solve identity verification.
  • Defenders note that PGP provides mechanisms (fingerprints, web of trust, key signing, Keyoxide-style proofs), but admit the specific described workflow omits them.
  • There’s broad agreement that identity verification is orthogonal to the crypto primitive; without independent key verification, any scheme is weak.

PGP as “digital passport” vs overcomplex relic

  • Advocates frame PGP as the only broadly standardized decentralized cryptographic identity layer (“internet passport”) and emphasize smartcards, long-lived keychains, backup, rotation, discovery, and revocation.
  • They highlight modern tooling (e.g., keyfork, AirgapOS, smartcards, Keyoxide, WKD, new keyservers) as mitigating old UX and keyserver problems.
  • Critics argue PGP/OpenPGP itself is a 1990s design with deep architectural issues, not just bad implementations like GnuPG. They liken it to OpenSSL used for everything and say most competent modern systems prefer more purpose-built tools.
  • A recurring tension: PGP’s “Swiss Army knife” nature vs the modern preference for small, composable tools (age, minisign, SSH signing).

SSH keys, signing, and supply-chain security

  • Some use SSH keys for Git tag and binary signing (with GitHub’s verification UI) and find this much easier to deploy than PGP.
  • Others call SSH signing an abuse: SSH keys were meant for session auth, not long-lived signatures; using one key for multiple roles complicates rotation and revocation.
  • There’s debate whether identity management and key discovery should live inside the cryptosystem (PGP-style) or in higher-level, domain-specific layers.

Agents, password managers, and web auth

  • gpg-agent is valued for SSH-agent functionality and letting tools like pass keep secrets encrypted at rest; this is a sticking point for some considering migration.
  • Others complain GPG’s smartcard behavior (e.g., lack of PIV/PKCS#11 support) interferes with other applications and prefer to remove it.
  • Several age-based password managers and agents are mentioned as alternatives, with people reporting successful real-world switches.
  • There is curiosity (but no clear answer) about using gpg-agent/gpgme-json for WebAuthn/passkeys; capabilities here remain unclear in the thread.

Post-quantum concerns

  • Some question whether age is “post-quantum.”
  • Discussion notes: age uses a symmetric file key plus public-key wrapping; symmetric keys are 128-bit, and current public-key algorithms are not PQ.
  • One comment (citing the age author) claims 128-bit symmetric keys are sufficient for PQ security and that PQ public-key integration is blocked in standards bodies; others still recommend waiting for fully PQ-safe public keys before migrating for long-term archives.
  • There is general unease about adopting new non-PQ schemes in 2025 for long-lived backups, though opinions differ on urgency.

Adoption, complexity, and philosophy

  • age is seen as far easier to introduce into teams than GPG, which many consider a non-starter due to UX and conceptual overhead.
  • Pro-PGP participants argue that the complexity reflects real requirements (backups, rotation, non-centralized trust) and that lighter tools ignore these and set users up for future failures.
  • Opponents counter that most real-world users don’t need or use those features, and that PGP’s complexity and poor ergonomics have prevented it from fulfilling its own ambitions outside a small, specialized community.