Right now we have the problem that DeltaChat can not use PGP keys with a passphrase. It’s a good UI decision, because we don’t want users to enter their passphrase every time they want to read or send a chat message. This is a no-go for a messenger.
Many people have pointed out that PGP keys should be protected by device encryption anyway, not by file encryption (what a PGP key passphrase basically is). This is unfortunately not possible with every Android device, especially old ones or with some custom ROMs.
The messenger Briar solves this by having a passphrase encrypt the app database. You type it in once, when you start the app. Then the app is running in the background, passphrase in the RAM, and is able to send and receive messages in a way where the user does not have to enter it again.
Many users, especially if they use the same e-mail address with DeltaChat and for “normal” mail, too, have an old PGP key with a passphrase. They also don’t want to get rid of it. I personally have 2 PGP keys because of that, and sometimes end up with unreadable messages if I don’t have my second device at hand. It also leads to confusion with more experienced PGP users sometimes.
If we would use the PGP key passphrase to encrypt the deltachat database though, we could kill two birds with one stone:
- Protect our database while the device is turned off (useful, e.g. for the attack model “police confiscates unencrypted phone and extracts storage”)
- Being able to import PGP keys with a passphrase, e.g. per Autocrypt Setup Message (which is buggy af right now, especially from Enigmail).
- Keeping our user-friendly way of readable messages. They may even feel more secure when they have to enter a passphrase at device startup (I do with Briar).
What do you think?