The handling of PGP keys is not optimal

The use of encryption products and keys is a sign of discipline and education.

  • You don’t store secret keys in folders, and you don’t import them into software that hasn’t passed a security audit. I don’t want to say anything bad about Typescript. I don’t need to tell you that there are dedicated software for it, and they provide software apis for just as applications as Deltachat so that they can use the keys without coming into contact with them. WITHOUT COMING INTO CONTACT WITH THEM.

  • You don’t import keys into software that renames and modifies those keys. You have to delete a key over a hundred times to be sure it is deleted. Even then, it’s not entirely certain that you can’t recover it. This is just a simple example, there is no point in debating it.

  • Private keys are your own personal identity and security. And you don’t treat your own identity flaxily. When you create a key you have to make backup copies, and you have to tell the user the fingerprint, and give him checksums, passphrases, expiration dates … etc … including revocation certificates etc . You can’t have a third person’s private key at your disposal. That is almost punishable by law.

  • And then comes the fist in the face. You call this mess Autocrypt. By golly, Autocrypt is a standard. You can’t interpret a standard the way you want. In fact, you should strongly advise against the use of this software. You would have to sign oaths and promise never to use the computer again.

At the beginning I liked the idea of the messenger, but when I saw the realization, I threw up. Never in my dreams would I have thought that you would write a key management software.

rPGP and Delta Chat passed security audits. TypeScript is not used to handle the keys in Delta Chat. On Android there is a dedicated Keystore system, but it is not intended for handling OpenPGP keys, for example it does not support Ed25519 keys that Delta Chat uses. Delta Chat Android has an experimental option to store SQLCipher passphrase in the Keystore, but the OpenPGP key has to be used outside the hardware security module. We don’t attempt to “shred” any files on disk by overwriting it and recommend using full disk encryption which is available on all operating systems Delta Chat supports. PRAGMA secure_delete=on is used in SQLCipher though. Not talking about the keys in the UI is a deliberate decision. The keys generated by Delta Chat do not have an expiration date on purpose. Autocrypt standard was deleloped in large part by the same team as Delta Chat itself.

The forum already has a very similar topic:


Not talking about the keys in the UI is a deliberate decision.

This is the opposite of what I expected. I want to be able to decide which of my keys is used to write a text, and I want to be able to check my keys for integrity.
OpenKeychain on the computer and Cleopatra on the desktop should be the only key receivers on the computer. Under no circumstances should the Android Key System be used.

Okay, and now I’ve criticized enough :))
All in all, the program is nice. Since I’ve been using it, the amount of spam has increased 50 times :)) because I’ve probably been sending read receipts all over the world. But you probably don’t care about that. They’re my emails. Not yours.

Handling the keys in OpenKeychain and GnuPG (Kleopatra) is not necessarily more secure, they are ordinary applications with the same level of privileges as Delta Chat itself.

There are existing requests to integrate with OpenKeychain and GnuPG:

While it may be possible to handle your own keys in an external program, contact public keys are handled differently from the “Web of Trust” model implemented in OpenKeychain and GnuPG. Delta Chat implements verified contacts and verified chats, and there are ongoing developments in this area focusing on tracking the chain of trust (how this contact got verified? who, when and in which chat introduced this contact?) rather than classical PGP levels of trust. If public keys come from external sources such as GnuPG or web key directories, we cannot handle them neither as Autocrypt keys nor as verified keys. So the benefits of integration are limited to own key management.

Internal key management can indeed be improved. A separate screen with a list of keys where it is possible to inspect, import, export and renew the keys would be nice if it stands out of the way. But it is still more likely to be implemented in the Delta Chat core rather than as integration to external tools because otherwise we have to maintain integrations for Android, iOS, Windows, macOS and Linux (GnuPG): Using third-party key management (at least on android/mobile)


I don’t just encrypt, I sign a lot, and I want all my documents that I sign to come from my key. Including my emails, and I want to use my key if I’m going to use Deltachat for the serious part of the communication, and I want to be sure that no key swapping takes place because that can cause potential customers to drop out and business to be lost.
For this I need to have full control. Have a good night.