hko, 7 days ago (edited 7 days ago) to rust

Meet oct-git, a new #OpenPGP signing and verification tool for use with the #Git distributed version control system:

https://crates.io/crates/openpgp-card-tool-git 🦀

oct-git focuses exclusively on ergonomic use with OpenPGP card-based signing keys

It is designed to be easy to set up, standalone (no long running processes), and entirely hands-off to use (no repeated PIN entry required, by default). It comes with desktop notifications for touch confirmation (if required)

#RustLang #PGP #GnuPG #gpg #Nitrokey #YubiKey

hko, 13 days ago (edited 13 days ago) to rust

I just released version 0.3.1 of https://crates.io/crates/rsop, a stateless #OpenPGP ("sop") card tool based on #rPGP.
rsop natively supports OpenPGP card (hardware cryptography) devices

SOP is a standardized, vendor agnostic, CLI interface for the most common OpenPGP operations.
See https://datatracker.ietf.org/doc/draft-dkg-openpgp-stateless-cli/ for more on SOP.

rsop is featured in the "OpenPGP interoperability test suite" at https://tests.sequoia-pgp.org/ (under "rpgpie", which is rsop's high level OpenPGP library).

#PGP #GPG #GnuPG #rustlang

chris_spackman, 15 days ago to linux

I spent a lot of time today trying to figure out #GNUPG / #GPG to encrypt and sign backups. I've used it occasionally for literally decades, but still struggle with it. I know if I used it more, I would get used to it and feel more comfortable, but I don't have the time or the need to use it more.

Is there another good open source program to symmetrically encrypt a file? But, for signing, you would still need to use key pairs, right?

Any good how-tos out there?

#linux #cli #privacy #security

hko, 18 days ago to rust

I just released version 0.10.1 of https://crates.io/crates/openpgp-card-tools, the general purpose "oct" #OpenPGP card tool.

This release adds the "oct admin signing-pin-validity" subcommand, to configure if a card requires User PIN presentation for each signature operation, or if User PIN presentation is valid for the full duration of a connection to the card.

(#GnuPG calls this flag "forcesig")

#rustlang #PGP #gpg

blueghost, 19 days ago to email

Proton Mail automatically encrypts/decrypts messages between Proton Mail accounts via OpenPGP/PGP.

Proton Mail supports automatically encrypting/decrypting messages between Proton Mail accounts and external email accounts that support OpenPGP/PGP or GnuPG/GPG.

Instructions: https://proton.me/support/how-to-use-pgp
GnuPG: https://mastodon.online/@blueghost/111974048270035570

Website: https://proton.me
Mastodon: @protonprivacy

#Proton #ProtonMail #ProtonPrivacy #OpenPGP #PGP #GnuPG #GPG #Email #Encryption #E2EE #InfoSec #Privacy

stafwag, 22 days ago to debian

Use a GPG smartcard with Thunderbird. Part 1: setup GnuPG

https://stafwag.github.io/blog/blog/2024/04/21/use-a-gpg-smartcard-with-thunderbird-part_1-setup-gpg/

I moved to a Thinkpad w541 with coreboot so I needed to set up my email encryption on Thunderbird again.

It took me more time to reconfigure it again - as usual - so I decided to take notes this time and create a blog post about it. As this might be useful for somebody else … or me in the future :-)

#debian #email #gpg #gnupg #linux #pgp #security #thunderbird

#stafwag @stafwag

blueghost, 27 days ago to infosec

LibreOffice supports digital signatures via GnuPG for OpenDocument Format (ODF) files.

Digital Signature: https://en.wikipedia.org/wiki/Digital_signature
GnuPG: https://mastodon.online/@blueghost/111974048270035570
ODF: https://mastodon.online/@blueghost/111936020896554127

Select: File > Digital Signatures > Digital Signatures > Sign Document > Select Certificate > Sign > Enter Password > OK > Close

A banner will appear stating the document is digitally signed.

Website: https://www.libreoffice.org
Mastodon: @libreoffice

#LibreOffice #DigitalSignature #GnuPG #GPG #InfoSec #ODF

blueghost, 1 month ago to KDE

KGpg is a frontend for GnuPG.

GnuPG: https://mastodon.online/@blueghost/111974048270035570

The default configuration in Plasma is to open in the system tray with the icon hidden.

Open: Application Launcher > KGpg > Show Hidden Icons (located next to the digital clock) > KGpg.

Close: File > Quit.
Selecting Close (the X icon in the title bar) does not close KGpg, it closes the window.

Open/Close options: https://discuss.kde.org/t/kgpg-open-close/13894

Website: https://apps.kde.org/kgpg
Mastodon: @kde

#KDE #KGpg #GnuPG #GPG #Plasma #Encryption

villares, 1 month ago to random

Looks like I can't just keep my keys on #GnuPG (seahorse) and use them on #Thunderbird :((
https://forum.manjaro.org/t/using-gnupg-with-thunderbird/156800/1

hko, 1 month ago to linux

The new "Simple standalone #SSH Agent for #OpenPGP cards" (https://crates.io/crates/openpgp-card-ssh-agent) is now available as a package for #Arch Linux, by the way :arch: 😏

This agent offers a frictionless UX when using ssh with keys that are stored on OpenPGP card devices: No more ongoing PIN entry required! 🚀

@dvzrv has once again done amazing packaging and documentation work! 🥳 Thank you 😃

See https://wiki.archlinux.org/title/SSH_keys#OpenPGP_card_ssh-agent for details.

#rustlang #rust #openssh #hsm #pgp #gpg #gnupg #archlinux #linux

hko, 1 month ago to linux

I just released https://crates.io/crates/openpgp-card-ssh-agent version 0.3.0, a new #SSH agent for #OpenPGP card users.

This agent makes ssh with OpenPGP card devices friction-less: No more ongoing PIN entry!

This release adds full support for Windows, based on amazing work by @wiktor 🥳

This version supports #Linux, #MacOS and #Windows equally.

If anyone with a background in MacOS or Windows packaging is interested in packaging this, we'd love to hear from you!

#rustlang #rust #openssh #hsm #pgp #gpg #gnupg

hko, 1 month ago to rust

I just released https://crates.io/crates/openpgp-card-ssh-agent version 0.2.4, a new #SSH agent for #OpenPGP card users.

This version comes with substantial updates to the openpgp-card-state dependency (which handles User PIN storage for OpenPGP card devices, see https://codeberg.org/openpgp-card/state).
It now supports selecting different PIN storage backends, including one to store the User PIN directly in the config file.

PIN verification error cases are now handled more defensively

#rustlang #rust #openssh #hsm #pgp #gpg #gnupg

scy, 1 month ago to random German

Ich hab vorhin mal unter https://pgp.governikus.de/ meinen #OpenPGP-Schlüssel "vom Staat™" signieren lassen.

Sie rufen von deinem e-Perso den Namen ab, du lädst deinen Public Key hoch, wählst eine der User-IDs des Keys aus (wenn du mehrere hast), und wenn der Name der UID mit dem Namen auf dem Perso übereinstimmt, bekommst du an die Mailadresse in der UID eine Signatur von 0xA4BF43D7 "Governikus OpenPGP Signaturservice (Neuer Personalausweis)".

Ging schnell und einfach.

[1/2]

#GnuPG #GPG

orhun, 1 month ago to rust

Released the new version of one of my TUI projects! 🚀

🔐 gpg-tui: Manage your GnuPG keys with ease!

🚀 View, edit, export, sign your GPG keys with an easy-to-use interface.

🦀 Written in Rust & built with @ratatui_rs

⭐ GitHub: https://github.com/orhun/gpg-tui

#rustlang #ratatui #tui #gpg #gnupg #terminal #interface

video/mp4

scy, 2 months ago to github

I think it's telling that #GitHub, #GitLab, and even #Forgejo all don't have a workflow for "renew an #OpenPGP key", i.e. extend its validity before (or after) expiry. On all of them, you have to delete and re-add the key. It's as if nobody is following OpenPGP best practices and everyone is using keys without an expiry date.

#GPG #GnuPG

hko, 2 months ago (edited 2 months ago) to rust

I just released version 0.0.1 of the new crate https://crates.io/crates/openpgp-card-state

This crate paves the way for convenient handling of #OpenPGP card User PINs, for users whose threat model allows persisting the PIN locally on the host computer.

If a User PIN is stored, applications can obtain it via this crate, and perform cryptographic operations without prompting the user for PIN entry.

Currently org.freedesktop.Secret is supported for storage.

Thoughts are welcome!

#rust #rustlang #pgp #gnupg #gpg

meejah, 3 months ago to random

What the hell happened when #GnuPG changed their disk format? Nothing works anymore without using a bunch of options (like --keyring).
Is this Debian's fault? GnuPG's? There's no date on the 2.1 release announcement, and the manpage claims it "silently migrates" keys, which is clearly not the case....

nwalfield, 3 months ago to random

My #FOSDEM talk "Sequoia PGP: Rethinking OpenPGP Tooling" including an Ode to Werner (@DD9JN) and #GnuPG (@GnuPG) has been released. I'm happy to receive constructive feedback, both positive and negative! #openpgp https://fosdem.org/2024/schedule/event/fosdem-2024-3297-sequoia-pgp-rethinking-openpgp-tooling/

p0nt1ff, 3 months ago to emacs

Recently released #GnuPG version (2.4.4) finally fixes #Emacs’ bug related to saving encrypted files (no more hanging on save, thus no more workarounds like falling back to previous GnuPG versions or sketchy settings leading to data loss).

https://dev.gnupg.org/T6481#171399

DD9JN, 3 months ago to random

Folks who created a #Smartcard or #Yubikey on the command line with #GnuPG 2.4.2, 2.4.3, or 2.2.42 please read:

https://gnupg.org/blog/20240125-smartcard-backup-key.html

dfncert, 3 months ago to random

Security advisory for #GnuPG created smartcard keys: Smartcard generation keeps an unprotected backup key on disk

https://gnupg.org/blog/20240125-smartcard-backup-key.html

dpecos, 3 months ago to random

Are you attending a #PGP / #GnuPG #signing-party? I've written a small post on how to best prepare and get ready!

Super useful as a checklist to not to forget anything!

https://danielpecos.com/2024/01/23/attending-a-pgp-gnupg-signing-party/

usul, 3 months ago to random French

Coming to fosdem this year? Do you use #gnupg? Want to #sign your key? Good news, I'm organizing a key signing party (https://en.wikipedia.org/wiki/Key_signing_party).

details are at https://ludovic.hirlimann.net/2024/01/key-signing-party-at-fosdem-2024.html

please boost or share, so people come and attend.

#fosdem

usul, 3 months ago to privacy French

Coming to fosdem this year? you use #gnupg? Want to sign your key? Good news, I'm organizing a key signing party (https://en.wikipedia.org/wiki/Key_signing_party).

details are at https://ludovic.hirlimann.net/2024/01/key-signing-party-at-fosdem-2024.html

please boost or share, so people come and attend.
#privacy #email #security #gpg #fosdem2024

eighthave, 4 months ago to debian

Just migrated my #offline #gnupg and #ssh key setup to a new #smartcard. This only took about 8 hours whereas when I last did this in 2015, it took much longer. I guess this is a sign of process! But these things are still too painful. At least now, the software just works right out of #Debian.