Posts  / #POST-211187
REDDIT

Why Do People Continue to Use GPG Despite Simpler Alternatives (minisign, age, or signify)

F
Aug 10, 2025 · 16:39

I have heard of several complaints about the difficulty of using PGP including Matt Green's blog:


[https://blog.cryptographyengineering.com/2014/08/13/whats-matter-with-pgp/](https://blog.cryptographyengineering.com/2014/08/13/whats-matter-with-pgp/)


And yet critical projects for privacy such as Tor continue to sign releases of their code using GNUPG.


In a report on:

"Advanced Instructions on Using GNUPG" (https://www.gnupg.org/ftp/people/neal/an-advanced-introduction-to-gnupg/an-advanced-introduction-to-gnupg.pdf)

the CISO of the Organized Crime and CorruptionReport Project (OCCRP) admits

journalists would not be safe without it.


Why is it that developers, journalists, and whisteblowers continue to use GNUPG if it is

difficult to handle properly and has suffered security vulnerabilities.

Post image