I've started using GPG again, albeit in a minimal sense.

I've started using pass as my password manager, having exported the database from KeepassX. Pass is basically a wrapper around GPG for the purposes of securing your passwords. The files are plain GPG encrypted files which means no weird database format to worry about. Additionally I am using a GPG smartcard as the store for the private keys so that physically needs to be plugged into my computer to do anything password related.

I'm not so bothered about using GPG for email purposes, still to date the number of emails from Facebook that were GPG encrypted is much larger than the sum of all other GPG mail I have received (and probably sent for that matter). So I'm going to use it opportunistically. My public key is available if folk want to help me beat Facebook.


Ditching GPG

I've been a user of GPG for over a decade if I recall. Been through some trials and tribulations with keychain issues (admittedly mostly PEBKAC) and even switched to using a hardware token for storing my keys on to increase security.

The issue is, the folk I am primarily in contact with don't use GPG. One friend maintains a keychain himself but our communications are over Telegram for the most part. I have had more encrypted emails from Facebook than all other contacts put together. Say what you will about other communications systems and their cryptography (or lack thereof) but they just get out of the way and let me get my messages out to people.

So I am thinking I will ditch the use of GPG. I see no utility in keeping a keychain up to date with subkeys and expiries and moving things to the token etc for one person I don't communicate with on that medium.

If anyone has a really good reason for me to expend effort in maintaining my keychain then please contact me, ideally using GPG. Otherwise I will likely revoke my keys some point this week.