Here you can find many details about the design and implementation of NeoPG, and the challenges along the way.

SigSpoof 3: Breaking signature verification in pass (Simple Password Store) (CVE-2018-12356)

This attack on GnuPG signature verification is specific to pass, the Simple Password Store. It can give the attacker access to passwords and remote code execution.

SigSpoof 2: More ways to spoof signatures in GnuPG (CVE-2018-12019)

This is another attack to spoof digital signatures specific to Enigmail.

SigSpoof: Spoofing signatures in GnuPG, Enigmail, GPGTools and python-gnupg (CVE-2018-12020)

GnuPG, Enigmail, GPGTools and potentially other applications using GnuPG can be attacked with in-band signaling similar to phreaking phone lines in the 1970s (“Cap’n Crunch”). We demonstrate this by creating messages that appear to be signed by arbitrary keys.

Not everything that looks encrypted, is encrypted

I found out that it is possible to create a message that looks encrypted in GnuPG and many email clients, but where the plaintext is actually not protected at all.


A group of researchers at the University of Applied Sciences Münster under the lead of Sebastian Schinzel have uncovered a bunch of problems in email encryption, specifically S/MIME and OpenPGP. The results should be a wake-up call for the OpenPGP community.

No ad hoc parser in NeoPG

NeoPG uses formal grammars even for parsing trivial data structures, down to individual bytes. This article explains why.

C++ as a migration path for legacy C code

NeoPG is written in C++, while GnuPG is written in C. This article explains why.

34c3 Retrospective

I gave a lightning talk about NeoPG at the 34c3 and talked to some people in the community.

No daemons in NeoPG

NeoPG will not have long-running daemons. This article explains why.

Why a single binary is the right thing for NeoPG

NeoPG only provides a single binary for everything, while GnuPG is split up into many binaries. This article explains why.