E-Fail attack against GPGTools

Another day another attack against GnuPGP tools. I have long believed that the complicated integration mechanism that¬†GPGTools use to integrate with the Mail client are vulnerable to attack. Not too long ago Internet Explorer browser extensions were the attack vector into Windows PC’s.

https://it.slashdot.org/story/18/05/25/189253/in-apple-mail-theres-no-protecting-pgp-encrypted-messages

Remember with NouveauPG, the entire app is sandboxed. The only way to get data in or out is by selecting a file using the system file dialog box, or using the clipboard. No internet access, third party plug-ins or anything. The only reason encryption is not ubiquitous by now is the trade-off between usability. More ‘convenient’ schemes always seem to backfire. NouveauPG is as simple as I know how to make it.