For over two decades, the prevailing utility for sending and receiving encrypted files was PGP (Pretty Good Privacy) – including the popular free and open-source implementation GNU Privacy Guard (GPG). In order to use PGP, you needed to use a software tool to create at least one pair of encryption keys: one public (which you give away freely) and one private (which you guard very carefully). People use your public key to encrypt something and then send it to you via email or whatever. You then use your closely-guarded private key to decrypt it.
The problem, though, is that PGP is complicated and normal people just don’t have the patience for it. It’s also tricky to integrate PGP into things like email clients, especially web-based clients. And having to manage these keys is a real pain – they’re quite large and ugly. Here, for example, is one of my PGP public keys:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - https://gpgtools.org
-----END PGP PUBLIC KEY BLOCK-----
If the computer that stores my private key dies, then I can no longer decrypt anything that was sent to me. Worse yet, if that computer is lost or stolen, then anything ever encrypted with it is vulnerable.
There’s a new kid on the block called miniLock which has three very important improvements over PGP:
- The private key is generated using an email address and a long passphrase. You no longer have to worry about storing and potentially losing your private key, you recreate it as needed from something you can easily remember.
- The public key is much, much shorter – only 44 characters long. This may seem bad since we know that shorter keys make for weaker encryption, but miniLock uses a different form of cryptography that can use smaller keys with the same level of security.
- Under the covers, miniLock uses a new(er) type of encryption called elliptic curve cryptography which allows for much smaller keys.
For comparison, here is my public miniLock key (or “miniLock ID”):
That’s it! These keys are so short that you can easily send them to others, even tweet them.
This tool is brand new and hasn’t even officially been released yet, let alone fully vetted by the crypto experts. But it’s got a lot of potential and may finally allow regular people to use truly-secure, end-to-end encryption for all sorts of communication.
Until encryption is easy and built in to everything, it won’t be used. We have to find ways to make it much more accessible – and miniLock is a valiant attempt.