Standardizing Secure PGP Private Key Sync

We've recently updated our specification for private key sync after some discussions with other PGP vendors. The goal of this spec is to formalize and hopefully standardize a very simple protocol that allows interoperability between mail user agents.

To recap: Our current spec proposes encryption of the user's private key using a standard symmetric key encrypted OpenPGP message and a high entropy passphrase that is generated for the user. This passphrase or backup code is meant to be written down or stored in a user’s password manager. The encrypted PGP key is then stored on the mail server in a dedicated IMAP folder so that multiple mail user agents can access it. The goal here is to be able to read your encrypted messages on all of your devices and from all types of mail clients.

Read the full spec here

Getting Feedback from the Community

We presented the first version of our spec at OpenPGP summit in April 2015. There we got invaluable feedback from Werner Koch of GPG, Koto of Google, and Thomas of Mailvelope. Their feedback helped shape the current version of the spec and simplified the work required by implementors to add support for key sync.

Since then we've stayed in contact with Mailvelope and developers from 1&1 who have already implemented the protocol's storage format. Mailvelope is used by many webmail providers such as Deutsche Telekom, 1&1, Web.de and GMX.

We also posted the proposal on multiple outlets including the GnuPG mailing list, the OpenPGP.js mailing list, as well as the Google End-to-End GitHub repository.

First of all thank you for your feedback so far. There are some open issues regarding storage of private subkeys (which has been added to the spec) as well as syncing the user's local public key ring (which is out of scope and should be specified in a separate spec). All in all though it seems the first round of feedback is quite positive as people see the need for such a standard.

Next Steps

Our goal is to standardize the proposal as an RFC once at least two vendors have a working implementation out in the wild. This is a similar to how web standards are developed, as crucial feedback from implementers is needed before standardizing.

We will also present the current version of our spec at the upcoming OpenPGP summit and discuss our experience implementing and using the standard in production.

We hope to see support for encrypted key sync in all major implementations of OpenPGP such as GnuPG, Thunderbird+Enigmail, GPGTools for Mac, Gpg4win, Mailvelope, Mailpile, Google/Yahoo End-to-End and of course our very own Whiteout Mail.

P.S. if I forgot anyone in the list above and you’re interested in implementing the spec, just drop me a line at [email protected]. Thanks!