A usable idea for PGP keys with a passphrase


#1

Right now we have the problem that DeltaChat can not use PGP keys with a passphrase. It’s a good UI decision, because we don’t want users to enter their passphrase every time they want to read or send a chat message. This is a no-go for a messenger.

Many people have pointed out that PGP keys should be protected by device encryption anyway, not by file encryption (what a PGP key passphrase basically is). This is unfortunately not possible with every Android device, especially old ones or with some custom ROMs.

The messenger Briar solves this by having a passphrase encrypt the app database. You type it in once, when you start the app. Then the app is running in the background, passphrase in the RAM, and is able to send and receive messages in a way where the user does not have to enter it again.

Many users, especially if they use the same e-mail address with DeltaChat and for “normal” mail, too, have an old PGP key with a passphrase. They also don’t want to get rid of it. I personally have 2 PGP keys because of that, and sometimes end up with unreadable messages if I don’t have my second device at hand. It also leads to confusion with more experienced PGP users sometimes.

If we would use the PGP key passphrase to encrypt the deltachat database though, we could kill two birds with one stone:

  1. Protect our database while the device is turned off (useful, e.g. for the attack model “police confiscates unencrypted phone and extracts storage”)
  2. Being able to import PGP keys with a passphrase, e.g. per Autocrypt Setup Message (which is buggy af right now, especially from Enigmail).
  3. Keeping our user-friendly way of readable messages. They may even feel more secure when they have to enter a passphrase at device startup (I do with Briar).

What do you think?


#2

Maybe there are two things to consider separately:

  1. importing a passphrase-protected key
  2. encrypting DeltaChat’s database with a passphrase

I don’t think that mixing the two is helpful – latest when you import a second PGP key with a passphrase it poses problems. For 2. we could aim to use sqlcipher instead of sqlite.


#3

I agree, they don’t have to be tied.

Nonetheless, I would say that importing a passphrase-protected PGP key into the database should only be possible if the feature to protect your app with a passphrase is easily available. It should be recommended to protect the app with a passphrase when you try to import a PGP key with a passphrase. So we’d need to implement the sqlcipher feature first.

Afterwards we could remove the passphrase from passphrase-protected keys at the import with clean conscience. Better forget them at all, so there is no passphrase laying around if the attacker manages to bruteforce the app passphrase.