Hello community of #Thunderbird#OpenPGP users. I'd like to know if some of you are still stuck at Thunderbird version 68 and the old #Enigmail Add-on. Is there any missing functionality in Thunderbird 115 that is still preventing you from migrating? #PGP#GPG#GnuPG@thunderbird
The project leader of #gnupg has announced a fork of the #openpgp standard, justifying it with a list of accusations against the #IETF working group that fall apart under scrutiny. #pgp is being threatened with destruction over a personal grievance. We strongly urge de-escalation.
Recently released #GnuPG version (2.4.4) finally fixes #Emacs’ bug related to saving encrypted files (no more hanging on save, thus no more workarounds like falling back to previous GnuPG versions or sketchy settings leading to data loss).
This crate paves the way for convenient handling of #OpenPGP card User PINs, for users whose threat model allows persisting the PIN locally on the host computer.
If a User PIN is stored, applications can obtain it via this crate, and perform cryptographic operations without prompting the user for PIN entry.
Currently org.freedesktop.Secret is supported for storage.
During the migration work to the new PC I found this guide by Jordan Williams on backing up and restoring OpenPGP keys using Gnu Privacy Guard (also known as GnuPG and GPG) useful 🎉
oct-git focuses exclusively on ergonomic use with OpenPGP card-based signing keys
It is designed to be easy to set up, standalone (no long running processes), and entirely hands-off to use (no repeated PIN entry required, by default). It comes with desktop notifications for touch confirmation (if required)
I spent a lot of time today trying to figure out #GNUPG / #GPG to encrypt and sign backups. I've used it occasionally for literally decades, but still struggle with it. I know if I used it more, I would get used to it and feel more comfortable, but I don't have the time or the need to use it more.
Is there another good open source program to symmetrically encrypt a file? But, for signing, you would still need to use key pairs, right?
If you use #GnuPG#GPG, and you would like to ensure interoperability with Thunderbird, you might consider to disable the use of #LibrePGP features, by using option --rfc4880 in your configuration (e.g. by adding a line with the word "rfc4880" to your gpg.conf file.)
At this time it is undecided whether future Thunderbird versions will support LibrePGP or the upcoming refresh of the #IETF#OpenPGP specification, or both, or none of them. Hopefully we'll eventually see a new universal standard.
[1/4] There is some inconsistency when creating Curve448 keypairs using #GnuPG
❯ export GNUPGHOME="$(mktemp -d)"
❯ gpg --version
gpg (GnuPG) 2.4.3
libgcrypt 1.10.2-unknown
Copyright (C) 2023 g10 Code GmbH
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
I think it's telling that #GitHub, #GitLab, and even #Forgejo all don't have a workflow for "renew an #OpenPGP key", i.e. extend its validity before (or after) expiry. On all of them, you have to delete and re-add the key. It's as if nobody is following OpenPGP best practices and everyone is using keys without an expiry date.