Changes to Secure Bugmail on

There’s a big change coming on May 16th, 2018:

We’ve replaced the encryption code for secure bugmail.
All OpenPGP-formatted bugmail will be encrypted using the openpgp.js library.
There are no changes to the S/MIME encryption, and if you’re already using S/MIME my recommendation is to continue using it.

There are upsides (such as a new feature and several bugfixes) and only a single downside to this change.


  • Feature: Messages may be encrypted using the Elliptic curves P-256, P-384, P-521, SECP-256k1, Curve25519, and Ed25519 (You can generate ECC keys with the command gpg --expert --full-gen-key and choosing option 9)
  • Fix Bug 790487: Messages will be encrypted to subkeys when possible.
  • Fix Bug 1190749: Messages will be encrypted using AES256, instead of CAST 5
  • Fix Bug 1256321: Messages will not be encrypted with expired keys.

Future Upsides

In addition to these changes, future work may allow:

  • Generating and receiving wild card key IDs in public-key encrypted session key packets.
  • Experimental opt-in authenticated encryption (AES-EAX, OCB, or GCM) based on the IETF proposal

The Downside

There are a few users whose keys will not work for various reasons.
If you’re one of those users, you can expect an email today (May 11th) explaining your options.


In anticipation of questions that may be asked, here are some answers.

Why OpenPGP.js?

  • Using gpg is difficult because its API is based on executing processes and communicating over 4 (or perhaps more) file descriptors.
  • Using gpg is also stateful because it must maintain its own key database.
  • Our existing OpenPGP library, while considered the second-most-complete OpenPGP implementation, hasn’t been actively maintained in a while. ProtonMail is actively maintaining OpenPGP.js since 2016, and this inspires confidence.
  • OpenPGP.js has undergone two complete security audits from Cure53. The first audit is available for review.

Will my GPG key work?

Probably. If not, you’ll be hearing from me.

If you would like to check your own key, you can use this baroque single page app to see what keys OpenPGP.js supports.