Hello community of #Thunderbird#OpenPGP users. I'd like to know if some of you are still stuck at Thunderbird version 68 and the old #Enigmail Add-on. Is there any missing functionality in Thunderbird 115 that is still preventing you from migrating? #PGP#GPG#GnuPG@thunderbird
I'm unsure if signing my #Git commits is the best idea. When my #GPG key expires, commits will show on #Github as unverified. Should I stop signing my commits? I'm aware you can renew keys. However, if you no longer have access to the key, then it can't be renewed.
If a GPG key could no longer be retrieved, all commits signed with that key would appear as unverified, from what I understand.
Perhaps #boost for more visibility? :blobcatshrug:
I haven't been very good with posting/writing about what I'm working on, so here's a 1,200+ word post about how we replaced[1] the GPG code backed by a library aptly called "pretty-bad-protocol" with a Rust library named after trees, Sequoia-OpenPGP.
This is the first written-here Rust code that will be shipped by SecureDrop \o/
Did someone say encryption? Encryption helps protect the privacy of people you communicate with, and makes life difficult for bulk surveillance systems. Learn more with our Email Self Defense guide: https://u.fsf.org/1df#GPG#PGP#E2E#encryption
After getting my laptop reinstalled, I needed to Migrate my GPG keys to a new machine. Only done this once and thought I should write it down for myself and others.
If you use #GnuPG#GPG, and you would like to ensure interoperability with Thunderbird, you might consider to disable the use of #LibrePGP features, by using option --rfc4880 in your configuration (e.g. by adding a line with the word "rfc4880" to your gpg.conf file.)
At this time it is undecided whether future Thunderbird versions will support LibrePGP or the upcoming refresh of the #IETF#OpenPGP specification, or both, or none of them. Hopefully we'll eventually see a new universal standard.
I spent a lot of time today trying to figure out #GNUPG / #GPG to encrypt and sign backups. I've used it occasionally for literally decades, but still struggle with it. I know if I used it more, I would get used to it and feel more comfortable, but I don't have the time or the need to use it more.
Is there another good open source program to symmetrically encrypt a file? But, for signing, you would still need to use key pairs, right?
Anyone willing to sign gpg Keys @fosdem 2024 ? Shall we meet with papers in front of the infodesk Sunday around 12:00? Let me know so I print before coming
Did someone say encryption? Encryption helps protect the privacy of people you communicate with, and makes life difficult for bulk surveillance systems. Learn more with our Email Self Defense guide: https://u.fsf.org/1df#GPG#PGP#E2E#encryption
oct-git focuses exclusively on ergonomic use with OpenPGP card-based signing keys
It is designed to be easy to set up, standalone (no long running processes), and entirely hands-off to use (no repeated PIN entry required, by default). It comes with desktop notifications for touch confirmation (if required)
This crate paves the way for convenient handling of #OpenPGP card User PINs, for users whose threat model allows persisting the PIN locally on the host computer.
If a User PIN is stored, applications can obtain it via this crate, and perform cryptographic operations without prompting the user for PIN entry.
Currently org.freedesktop.Secret is supported for storage.
I think it's telling that #GitHub, #GitLab, and even #Forgejo all don't have a workflow for "renew an #OpenPGP key", i.e. extend its validity before (or after) expiry. On all of them, you have to delete and re-add the key. It's as if nobody is following OpenPGP best practices and everyone is using keys without an expiry date.
Did someone say encryption? Encryption helps protect the privacy of people you communicate with, and makes life difficult for bulk surveillance systems. Learn more with our Email Self Defense guide: https://u.fsf.org/1df#GPG#PGP#E2E#encryption
Ich überlege gerade ernsthaft, für meine 3 #GPG-Keys (potentiell mehr) ein #HSM2 von #NitroKey zu besorgen... wie gut ist das unter GnuPG nutzbar? Wie sind Eure Erfahrungen?
#e2ee is a goal, not a promise. As far back as I can remember, forums like those supporting #Enigmail and #gpg were staffed with volunteers from the privacy community who repeatedly insisted on answering questions, like, "Is <this> (whatever this might be) totally secure?" with stock questions like, "What is it that you consider 'totally secure?" or answers such as, "Secure is a relative term, nothing is completely secure, how secure do you need your mission's communications to be?"
Phrases such as, reasonably secure should be indicators of how ridiculous it is to assume that any secure platform isEVERcompletely, and totally secure.
That begs the question, "Exactly how secure do you require your communications to be?" The answer is always, ... relative.
Which means that you should always believe Ellen Ripley when she says, "Be afraid. Be very afraid!"
Does anyone have suggestions that can do #cryptographic signature verification of streaming data (as in a pipe)? The problem with #gpg in this case is that it will emit all the data out the pipe, only indicating with an exit code if the signature was good - at which point most of the data may have been processed. #SequoiaPGP is slightly better, withholding the last 25MB until things are fully verified.
I suspect I need something that signs blocks of the input. Does it exist? #askFedi
This is more of a security question, but I currently know way more people on ruby.social than infosec.exchange. I want to use a #Yubikey for #SMIME or #GPG signing on #iOS & #iPadOS, but can't find:
Any documentation about how to integrate it with Apple Mail.
Anyplace that offers #x509 certificates for S/MIME at zero or minimal cost the way @letsencrypt offers free #SSL certs.
Self-signed S/MIME certs are a non-starter, and there are no full-featured #OpenPGP apps on iOS. Suggestions?