oct-git focuses exclusively on ergonomic use with OpenPGP card-based signing keys
It is designed to be easy to set up, standalone (no long running processes), and entirely hands-off to use (no repeated PIN entry required, by default). It comes with desktop notifications for touch confirmation (if required)
Ich überlege gerade ernsthaft, für meine 3 #GPG-Keys (potentiell mehr) ein #HSM2 von #NitroKey zu besorgen... wie gut ist das unter GnuPG nutzbar? Wie sind Eure Erfahrungen?
Laptop died yesterday but thanks to the #Librem5, the Baseus Dock, an HDMI Screen, a USB keyboard and #Phosh's docked mode I have access to most of the things via my phone.
#nitrokey helps a lot as that means I have my ssh keys available by just plugging it in.
Took me about 15min to notice that I didn't even plug a mouse in.
I moved to a Thinkpad w541 with coreboot so I needed to set up my email encryption on Thunderbird again.
It took me more time to reconfigure it again - as usual - so I decided to take notes this time and create a blog post about it. As this might be useful for somebody else … or me in the future :-)
@adamsdesk For the fsf europe fellowship card I don't know. I got my card 8 year ago from floss-shop.de. (I live in Europe/Belgium BTW ) You can check with them if they ship to Canada.
But the setup should work with any GPG compatible smartcard. I'm also looking at #nitrokey Not sure if nitrokey is available on your side of the ocean 🙂
This release should fix build issues (the previous version didn't build on mac).
However, we're still exploring how secret storage works on non-Linux platforms. Expect a bumpy ride if you try it.
(If you do delve into debugging on mac or windows, we'd love to hear from you!)
❤️ Happy Valentine's Day from your Nitrokey team! We even have a present for you! ❤️
📣 Nitrokey is giving you the privacy screen protetor and the protective case for your NitroPhone 3a in our Valentine's Bundle! Let us give you a present and start your safe smartphone use without any worries. 😍
Sobald Passkeys offiziell für KeePassXC (Desktop) und/oder KeePassDX (Android) verfügbar ist - nicht als Beta, sondern als Stable - wird es einen Beitrag dazu geben. 🔒
In light of the news that Authy is discontinuing their desktop app in August of 2024, we want to let everyone know that Tuta supports all major authenticator apps & U2F keys. 🔐
No need to worry about compatibility when making the jump to a new authenticator app.🤹
@tedzanzibar I would actually urge you to disable to auto update for the #bitwarden extension. Looks like @bitwarden implemented #passkey support in a way that makes it unable to login using hardware tokens like the #yubikey or #nitrokey . If you already use those as passkeys, updating the extension will effectively lock you out of services where you need a passkey to login. Tested on #chromium, but I assume #firefox will behave the same.
Eventuell habe ich die Verwendung von #YubiKey oder #NitroKey missverstanden. Aber unter #Linux ist das nicht für die alltägliche Benutzung geeignet.
Meine Vorstellung an diese Key's: Login mittels MFA, damit ich diese #MFA Codes nicht mehr eingeben muss sowohl am #Smartphone und #Comupter - einfach an tippen und fertig, dachte ich. Die Realität sieht anders aus.
Welches Thema interessiert euch im Bereich #Sicherheit und #Datenschutz besonders? Gibt es einen Wunsch für ein Tutorial? Dann nutzt die Gelegenheit und macht Vorschläge. Diese bespreche ich dann mit @rufposten und wir schauen, ob und welche Themen wir näher beleuchten. 🔎
Furthermore: why FIDO2 does have some advantages compared to passkeys when #security is more important than convenience. Passkeys leaks your private key to the #cloud provider.
They're reselling white-label hardware keys and selling modded ThinkPads and Pixel phones at a significant markup-- the NitroKey 3 Pro is just a Pixel 7 Pro with a custom ROM and an almost $600 markup.
I'd bet the certificates in their keys, just like my Thetis key (see attached & alt text), will tell you the original manufacturer of those keys.
No, smartphones with #Qualcomm chip don’t “secretly share private information with US chip-maker”. Here’s a good analysis of the #Nitrokey lame marketing:
The author of the article has found that the device connects to izatcloud.net and instead of doing the logical thing and opening izatcloud.net in a browser they do a whois request and then figure out it’s from Qualcomm. They also proceed to contact Qualcomm lawyers instead of following the link on this page. The webpage hosted on this domain does conveniently explain who owns the domain and what it’s purpose is and it’s associated privacy policy. But that doesn’t sound nearly as spooky. The next section makes the claim that this traffic is HTTP traffic and is not encrypted. It proceeds to not show the contents of this HTTP request because it would show that it’s not at all interesting. It does not contain any private data. It’s just downloading an GPS almanac from Qualcomm for A-GPS.