30 years ago today, #PGP 2.6 was released via MIT.
Up to this point, two major issues had been unresolved: The legal status of the use of RSA in PGP, and export of the software from the US to the rest of the world.
With the release of PGP 2.6, the first of these two issues was resolved.
oct-git focuses exclusively on ergonomic use with OpenPGP card-based signing keys
It is designed to be easy to set up, standalone (no long running processes), and entirely hands-off to use (no repeated PIN entry required, by default). It comes with desktop notifications for touch confirmation (if required)
I just released version 0.3.1 of https://crates.io/crates/rsop, a stateless #OpenPGP ("sop") card tool based on #rPGP.
rsop natively supports OpenPGP card (hardware cryptography) devices
rsop is featured in the "OpenPGP interoperability test suite" at https://tests.sequoia-pgp.org/ (under "rpgpie", which is rsop's high level OpenPGP library).
I spent a lot of time today trying to figure out #GNUPG / #GPG to encrypt and sign backups. I've used it occasionally for literally decades, but still struggle with it. I know if I used it more, I would get used to it and feel more comfortable, but I don't have the time or the need to use it more.
Is there another good open source program to symmetrically encrypt a file? But, for signing, you would still need to use key pairs, right?
This release adds the "oct admin signing-pin-validity" subcommand, to configure if a card requires User PIN presentation for each signature operation, or if User PIN presentation is valid for the full duration of a connection to the card.
FWIW, I am skeptical of the usefulness of "per-signature PIN presentation" on modern OpenPGP card devices.
This mode made sense with actual Smart Cards, when used in a reader with a physical pin pad.
However, with modern USB devices, I'd say that "touch confirmation" serves a similar goal, but is more fit for purpose.
Mechanisms that move authorization for signing operations outside the host computer add some defense in depth. Repeated PIN presentation from the host computer, less so.
Proton Mail automatically encrypts/decrypts messages between Proton Mail accounts via OpenPGP/PGP.
Proton Mail supports automatically encrypting/decrypting messages between Proton Mail accounts and external email accounts that support OpenPGP/PGP or GnuPG/GPG.
@protonprivacy@blueghost (can be) true, buuut, theres one thing wich mess people up - many takes writing from/to proton mail users as something wich will be encrypted "by default" without any knowledge of how pgp keys works + it just about trust that proton does not read messages when storing secret key themselves...
@iuvi@blueghost Note that Proton Mail servers don't hold your private master key directly — it is always stored encrypted with your account password. And we don't have access to your account password.
I moved to a Thinkpad w541 with coreboot so I needed to set up my email encryption on Thunderbird again.
It took me more time to reconfigure it again - as usual - so I decided to take notes this time and create a blog post about it. As this might be useful for somebody else … or me in the future :-)
@adamsdesk For the fsf europe fellowship card I don't know. I got my card 8 year ago from floss-shop.de. (I live in Europe/Belgium BTW ) You can check with them if they ship to Canada.
But the setup should work with any GPG compatible smartcard. I'm also looking at #nitrokey Not sure if nitrokey is available on your side of the ocean 🙂
@hko@wiktor I could help with the Windows installer. I've almost 25 years experience with Windows Installer and was previously the Visual Studio architect on the new installer, and worked on WiX (the original) for many years. I also wrote and maintain installers for PowerShell, OpenSSH for Windows, etc. al. I've also helped publish those to winget, chocolatey, and scoop.
Does the agent run as a service using the Service Control Manager on Windows, or just a loose exe with no recovery? Systray?
This version comes with substantial updates to the openpgp-card-state dependency (which handles User PIN storage for OpenPGP card devices, see https://codeberg.org/openpgp-card/state).
It now supports selecting different PIN storage backends, including one to store the User PIN directly in the config file.
PIN verification error cases are now handled more defensively
A card can be configured to use "direct" PIN storage in the config file by editing its configuration (in ~/.config/openpgp-card-state/config.toml on a typical linux setup) to read like this:
[[cards]]
ident = "0000:01234567"
[cards.pin_storage]
Direct = "123456"
(... if the card's identity is "0000:01234567" and the User PIN is "123456")
Sie rufen von deinem e-Perso den Namen ab, du lädst deinen Public Key hoch, wählst eine der User-IDs des Keys aus (wenn du mehrere hast), und wenn der Name der UID mit dem Namen auf dem Perso übereinstimmt, bekommst du an die Mailadresse in der UID eine Signatur von 0xA4BF43D7 "Governikus OpenPGP Signaturservice (Neuer Personalausweis)".
@blausand@deraffe Unwahrscheinlich, würde ich sagen. Du bekommst vor dem Zugriff auf den Ausweis angezeigt, welche Felder gelesen werden, und da stand bei mir nur Vorname, Nachname und akademischer Grad.