Well, this is just great. The only good end to end encryption system for email that’s been proven and vetted is now suspect. This is due to bad plugins, and a failure to enforce integrity checking, and embedding encrypted text into an html message designed to take advantage of your mail parsers html renderer to exfiltrate the text your mail client has decrypted to another destination.
Another issue has to do with the fact that PGP uses underlying primitives from SHA-1, which are known to be no longer secure. Because of this, the security of PGP begins to break down with a 4096 bit key. Thus a 2048 bit key is more secure. If the first 4640 bytes of a message are known, the 160 byte key be determined, and thus the state of your random number generator predicted, allowing the attacker to potentially regenerate the 512 bytes that created your 4096 bit key. This doesn’t happen at 2048 bit key size. Of course, a 2048 bit key is not secure for long term usage anymore, due to the increased available computing power for your average attacker.
PGP should really move to an AES base, and have mandatory enforced integrity checking, which plugins should follow as well. This will not prevent someone from attacking cyphertext embedded in cleartext html that your email client then decrypts, so email clients should refuse to decrypt said text within the html contents, but should do so in a sandbox that the potentially malicious html in the clients html renderer can not access. Better yet, PGP mail plugins should refuse mixed media messages where the cypher text is embedded in another document medium other than plain text.
Also, you should keep in mind, even if your email client plugin is not vulnerable to exfiltration attacks, it doesn’t mean the clients of all the people you communicate with are not. So for now, PGP really shouldn’t be used with an automated pgp decryption plugin in the email client, but rather the cypher text should be extracted and manually decrypted from the command line by all parties. Since you can’t enforce that, you should not use PGP for encrypted email communications until at least the major email platforms are patched to prevent such an exploit.
At this time, I wouldn’t recommend PGP as a main form of end to end encryption either. Until the underlying cryptographic primitives are upgraded, and even then, I would have a strict anti-legacy PGP protocol policy in place. Really, in it’s current form, I would not use PGP for anything more than signature verification. Thankfully that aspect is still secure.
Currently, there are no suitable alternatives to PGP that are verified and secured to replace it for email communications. This is a major blow to secure email communications, and it will take time to fix PGP or to vette an appropriate replacement. Don’t even get me started on S/MIME, that ship has even more vagrant leaks than the titanic after it hit the iceberg. In the mean time, keep your head up, and keep your eyes open.