kzimmermann, 6 days ago to random

Ayy looks like #gpg borked in #Devuan unstable (silently, too. No apt warnings). I now can't validate the signatures of the packages anymore which means apt upgrade stopped working. Oops? :devuannew: :blobfoxpat:

tallship, 17 days ago to privacy

#e2ee is a goal, not a promise. As far back as I can remember, forums like those supporting #Enigmail and #gpg were staffed with volunteers from the privacy community who repeatedly insisted on answering questions, like, "Is <this> (whatever this might be) totally secure?" with stock questions like, "What is it that you consider 'totally secure?" or answers such as, "Secure is a relative term, nothing is completely secure, how secure do you need your mission's communications to be?"

Phrases such as, reasonably secure should be indicators of how ridiculous it is to assume that any secure platform is EVER completely, and totally secure.

That begs the question, "Exactly how secure do you require your communications to be?" The answer is always, ... relative.

Which means that you should always believe Ellen Ripley when she says, "Be afraid. Be very afraid!"

https://www.city-journal.org/article/signals-katherine-maher-problem

#tallship #encryption #PGP #secure_communication #Privacy #FOSS

⛵

.

hko, 18 days ago (edited 18 days ago) to rust

Meet oct-git, a new #OpenPGP signing and verification tool for use with the #Git distributed version control system:

https://crates.io/crates/openpgp-card-tool-git 🦀

oct-git focuses exclusively on ergonomic use with OpenPGP card-based signing keys

It is designed to be easy to set up, standalone (no long running processes), and entirely hands-off to use (no repeated PIN entry required, by default). It comes with desktop notifications for touch confirmation (if required)

#RustLang #PGP #GnuPG #gpg #Nitrokey #YubiKey

rince, 22 days ago to random

Ich überlege gerade ernsthaft, für meine 3 #GPG-Keys (potentiell mehr) ein #HSM2 von #NitroKey zu besorgen... wie gut ist das unter GnuPG nutzbar? Wie sind Eure Erfahrungen?

hko, 25 days ago (edited 25 days ago) to rust

I just released version 0.3.1 of https://crates.io/crates/rsop, a stateless #OpenPGP ("sop") card tool based on #rPGP.
rsop natively supports OpenPGP card (hardware cryptography) devices

SOP is a standardized, vendor agnostic, CLI interface for the most common OpenPGP operations.
See https://datatracker.ietf.org/doc/draft-dkg-openpgp-stateless-cli/ for more on SOP.

rsop is featured in the "OpenPGP interoperability test suite" at https://tests.sequoia-pgp.org/ (under "rpgpie", which is rsop's high level OpenPGP library).

#PGP #GPG #GnuPG #rustlang

oliklee, 26 days ago (edited 26 days ago) to ubuntu

I have upgraded two systems to #Ubuntu 24.04 now and also tried #Thunderbird as snap (which is the default for Ubuntu 24.04) on another machine.

The system upgrades were incredibly smooth. Thunderbird in general also works fine, but it doesn't support #GPG with private keys on a #YubiKey yet (which is my usecase). (Yes,there is a workaround, although clunky.)

So it looks like I'll stay on 23.10 a bit longer on my main machine.

https://bugs.launchpad.net/ubuntu/+source/thunderbird/+bug/2009825

chris_spackman, 27 days ago to linux

I spent a lot of time today trying to figure out #GNUPG / #GPG to encrypt and sign backups. I've used it occasionally for literally decades, but still struggle with it. I know if I used it more, I would get used to it and feel more comfortable, but I don't have the time or the need to use it more.

Is there another good open source program to symmetrically encrypt a file? But, for signing, you would still need to use key pairs, right?

Any good how-tos out there?

#linux #cli #privacy #security

rhys, 27 days ago to llm

My first troublesome hallucination with a #LLM in a while: #Claude3 #Opus (200k context) insisting that I can configure my existing #Yubikey #GPG keys to work with PKINIT with #Kerberos and helping me for a couple of hours to try to do so — before realising that GPG keys aren't supported for this use case. Whoops.

No real bother other than some wasted time, but a bit painful and disappointing.

Now to start looking at PIV instead.

#AI #Anthropic #Claude

hko, 29 days ago to rust

I just released version 0.10.1 of https://crates.io/crates/openpgp-card-tools, the general purpose "oct" #OpenPGP card tool.

This release adds the "oct admin signing-pin-validity" subcommand, to configure if a card requires User PIN presentation for each signature operation, or if User PIN presentation is valid for the full duration of a connection to the card.

(#GnuPG calls this flag "forcesig")

#rustlang #PGP #gpg

blueghost, 1 month ago to email

Proton Mail automatically encrypts/decrypts messages between Proton Mail accounts via OpenPGP/PGP.

Proton Mail supports automatically encrypting/decrypting messages between Proton Mail accounts and external email accounts that support OpenPGP/PGP or GnuPG/GPG.

Instructions: https://proton.me/support/how-to-use-pgp
GnuPG: https://mastodon.online/@blueghost/111974048270035570

Website: https://proton.me
Mastodon: @protonprivacy

#Proton #ProtonMail #ProtonPrivacy #OpenPGP #PGP #GnuPG #GPG #Email #Encryption #E2EE #InfoSec #Privacy

stafwag, 1 month ago to debian

Use a GPG smartcard with Thunderbird. Part 1: setup GnuPG

https://stafwag.github.io/blog/blog/2024/04/21/use-a-gpg-smartcard-with-thunderbird-part_1-setup-gpg/

I moved to a Thinkpad w541 with coreboot so I needed to set up my email encryption on Thunderbird again.

It took me more time to reconfigure it again - as usual - so I decided to take notes this time and create a blog post about it. As this might be useful for somebody else … or me in the future :-)

#debian #email #gpg #gnupg #linux #pgp #security #thunderbird

#stafwag @stafwag

blueghost, 1 month ago to infosec

LibreOffice supports digital signatures via GnuPG for OpenDocument Format (ODF) files.

Digital Signature: https://en.wikipedia.org/wiki/Digital_signature
GnuPG: https://mastodon.online/@blueghost/111974048270035570
ODF: https://mastodon.online/@blueghost/111936020896554127

Select: File > Digital Signatures > Digital Signatures > Sign Document > Select Certificate > Sign > Enter Password > OK > Close

A banner will appear stating the document is digitally signed.

Website: https://www.libreoffice.org
Mastodon: @libreoffice

#LibreOffice #DigitalSignature #GnuPG #GPG #InfoSec #ODF

blueghost, 1 month ago to KDE

KGpg is a frontend for GnuPG.

GnuPG: https://mastodon.online/@blueghost/111974048270035570

The default configuration in Plasma is to open in the system tray with the icon hidden.

Open: Application Launcher > KGpg > Show Hidden Icons (located next to the digital clock) > KGpg.

Close: File > Quit.
Selecting Close (the X icon in the title bar) does not close KGpg, it closes the window.

Open/Close options: https://discuss.kde.org/t/kgpg-open-close/13894

Website: https://apps.kde.org/kgpg
Mastodon: @kde

#KDE #KGpg #GnuPG #GPG #Plasma #Encryption

vbatts, 1 month ago to random

PSA: now more than ever, sign your #git commits.

Either git commit -sS every commit; or git config commit.gpgSign 1 in a project; or git config --global commit.gpgSign 1

Use #GPG or even your existing #SSH key.

More info:

• https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key
• https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work

hko, 1 month ago to linux

I just released https://crates.io/crates/openpgp-card-ssh-agent version 0.3.0, a new #SSH agent for #OpenPGP card users.

This agent makes ssh with OpenPGP card devices friction-less: No more ongoing PIN entry!

This release adds full support for Windows, based on amazing work by @wiktor 🥳

This version supports #Linux, #MacOS and #Windows equally.

If anyone with a background in MacOS or Windows packaging is interested in packaging this, we'd love to hear from you!

#rustlang #rust #openssh #hsm #pgp #gpg #gnupg

hko, 2 months ago to rust

I just released https://crates.io/crates/openpgp-card-ssh-agent version 0.2.4, a new #SSH agent for #OpenPGP card users.

This version comes with substantial updates to the openpgp-card-state dependency (which handles User PIN storage for OpenPGP card devices, see https://codeberg.org/openpgp-card/state).
It now supports selecting different PIN storage backends, including one to store the User PIN directly in the config file.

PIN verification error cases are now handled more defensively

#rustlang #rust #openssh #hsm #pgp #gpg #gnupg

scy, 2 months ago to random German

Ich hab vorhin mal unter https://pgp.governikus.de/ meinen #OpenPGP-Schlüssel "vom Staat™" signieren lassen.

Sie rufen von deinem e-Perso den Namen ab, du lädst deinen Public Key hoch, wählst eine der User-IDs des Keys aus (wenn du mehrere hast), und wenn der Name der UID mit dem Namen auf dem Perso übereinstimmt, bekommst du an die Mailadresse in der UID eine Signatur von 0xA4BF43D7 "Governikus OpenPGP Signaturservice (Neuer Personalausweis)".

Ging schnell und einfach.

[1/2]

#GnuPG #GPG

orhun, 2 months ago to rust

Released the new version of one of my TUI projects! 🚀

🔐 gpg-tui: Manage your GnuPG keys with ease!

🚀 View, edit, export, sign your GPG keys with an easy-to-use interface.

🦀 Written in Rust & built with @ratatui_rs

⭐ GitHub: https://github.com/orhun/gpg-tui

#rustlang #ratatui #tui #gpg #gnupg #terminal #interface

video/mp4

fsf, 2 months ago to random

Did someone say encryption? Encryption helps protect the privacy of people you communicate with, and makes life difficult for bulk surveillance systems. Learn more with our Email Self Defense guide: https://u.fsf.org/1df #GPG #PGP #E2E #encryption

scy, 2 months ago to github

I think it's telling that #GitHub, #GitLab, and even #Forgejo all don't have a workflow for "renew an #OpenPGP key", i.e. extend its validity before (or after) expiry. On all of them, you have to delete and re-add the key. It's as if nobody is following OpenPGP best practices and everyone is using keys without an expiry date.

#GPG #GnuPG

hko, 3 months ago (edited 3 months ago) to rust

I just released version 0.0.1 of the new crate https://crates.io/crates/openpgp-card-state

This crate paves the way for convenient handling of #OpenPGP card User PINs, for users whose threat model allows persisting the PIN locally on the host computer.

If a User PIN is stored, applications can obtain it via this crate, and perform cryptographic operations without prompting the user for PIN entry.

Currently org.freedesktop.Secret is supported for storage.

Thoughts are welcome!

#rust #rustlang #pgp #gnupg #gpg

fsf, 3 months ago to random

Did someone say encryption? Encryption helps protect the privacy of people you communicate with, and makes life difficult for bulk surveillance systems. Learn more with our Email Self Defense guide: https://u.fsf.org/1df #GPG #PGP #E2E #encryption

kubikpixel, 3 months ago (edited 3 months ago) to Bulgaria German

«Ende-zu-Ende-Verschlüsselung (E2EE) durch Urteil EU-weit geschützt»
– @tarnkappeinfo

Mal eine positive Nachricht was die #EU und #IT angeht. Die #E2EE ist geschützt und eingesehen das #Privatsphare wichtig ist. Jetzt müssen nur noch die Firmen und Behörden die #Verschlusselung ihrer #Kommunikation, wie zB #EMail mit #GPG, noch konsequent umsetzen. Ich hoffe, die #Schweiz zieht dem nach.

🔐 https://tarnkappe.info/artikel/netzpolitik/ende-zu-ende-verschluesselung-durch-urteil-eu-weit-geschuetzt-289301.html
🔐 https://gnupg.org

freemo, 3 months ago to security

It was a very very long weekend preparing Yubikeys with pgp keys.

#yubikey #pgp #gpg #security #OpenPGP

todd_a_jacobs, 3 months ago to iOS

This is more of a security question, but I currently know way more people on ruby.social than infosec.exchange. I want to use a #Yubikey for #SMIME or #GPG signing on #iOS & #iPadOS, but can't find:

1. Any documentation about how to integrate it with Apple Mail.

2. Anyplace that offers #x509 certificates for S/MIME at zero or minimal cost the way @letsencrypt offers free #SSL certs.

Self-signed S/MIME certs are a non-starter, and there are no full-featured #OpenPGP apps on iOS. Suggestions?