EN:
Unfortunately, I can't find a good entry point for this topic:
How do you implement server-side mail encryption and decryption for s/mime? I use Postfix+Cyrus.
DE:
Ich finde für das Thema leider keinen guten Einstieg:
Wie realisiert ihr serverseitige Mailver- und entschlüsselung für s/mime? Ich nutze Postfix+Cyrus.
@lued Das ist ja der Trick:
Das geht garnicht, jedenfalls nicht offiziell.
Es gibt ne Menge Appliances die quasi als Man-in-the-Middle agieren um dies umzusetzen aber IMHO ist das allenfalls Blenderei wenn nicht sogar digitales Schlangenöl.
Es ist einfacher allen Nutzer*innen beizubringen wie #GnuPG / #OpenPGP funktioniert als das zu realisieren...
all of the fedidrama with blocklists comes down to the idea that instances are needed for proxying traffic, but this is only true because identities are not decentralized, which is a fundamental mistake of the mastodon era of software
this is not really up to debate
without decentralized identity we will have this problem of someone else deciding what data we have access to, so if you don't like that, you have to push for it, the same way mastodon pushed for the democratization of this centralized model away from twitter, and even before mastodon others did so in a less accessible way
give power to the users by making it accessible, not by pretending that everyone can learn to use docker
Hello community of #Thunderbird#OpenPGP users. I'd like to know if some of you are still stuck at Thunderbird version 68 and the old #Enigmail Add-on. Is there any missing functionality in Thunderbird 115 that is still preventing you from migrating? #PGP#GPG#GnuPG@thunderbird
Cryptography is a tool for turning a whole swathe of problems into key management problems. Key management problems are way harder than (virtually all) cryptographers think.
Tipp Nr.5: Verwende keine unsicheren oder unverschlüsselten E-Mails für den Austausch sensibler Informationen. Nutze stattdessen sichere Kommunikationskanäle wie verschlüsselte E-Mails (bspw. GPG/OpenPGP) oder Messaging-Apps wie Signal oder Threema. Meide proprietäre Software/Apps, denen es an Transparenz mangelt. Die Verschlüsselung ist schlichtweg nicht überprüfbar - Backdoors bzw. Abhörhintertürchen inklusive.
Schon bald sollen alle EU-Bürger:innen über eine digitale Brieftasche verfügen, mit der sie sich on- wie offline ausweisen können. Ein Konsultationsprozess des Bundesinnenministeriums zeigt nun, welche Interessen die Wirtschaft dabei verfolgt. Und wie diese im Widerspruch zu Datenschutz und Privatsphäre stehen.
GNU Spotlight with Amin Bandali: Twelve new GNU releases in the last month, including #GCC, #GnuPG, #R, and more. Full details: https://u.fsf.org/400 Big thanks to @bandali0@bandali, all the devs, and other contributors!
Cryptography came to my rescue today. Thank you #GNUPG! When I had suspicions that a coworker wanted to get me fired I signed a document with my private key. When she summarily accused me of an alteration she made, #gpg revealed that she made the alteration and not me. The infosec officer and HR escorted her out. #Buhbye. I love being underestimated.
there's two ends to the "don't touch my UX, it's perfect the way it is now" spectrum: websites that get redesigned every 2 years to appease shareholders, and GIMP
@koko ...as well as #CLI - oriented tools like #GnuPG that don't allow basic shit like "encrypt/decrypt file with keyfile" but expect people to use "keyrings"...
In case it helps someone else: To change the #OpenPGP smartcard PIN on my #YubiKey, gpg --change-pin does NOT work for some reason. Using gpg --card-edit and putting admin and then passwd into the prompt lets me do it though.
***** The obvious solution to the Google passkeys problem *****
Use of passkeys should require -- at least when biometric phone locks are not in use -- an authentication system separate from that used to unlock the phone. That way, a spied unlock password and stolen phone would not give the thief the ability to use the passcodes stored on the phone with such ease. -L
g10 Code becomes a KDE patron🎉! g10 Code are the creators and maintainers of #GnuPG, the vital #encryption engine 🔒 that is one of the fundamental technologies that ensures #privacy 🔑 and #security online.
It is so nice to finally have my whole company as well as my personal computers on hardware encryption, pgp key enabled, password store behibd pgp key, yubikey based pgp card, and ssh key using my pgp key through yubikey.
Other than being more secure it also means i dont need to backup my ssh keys or password store credentials, its all reproducable from my pgp keys.
After thinking about it a bunch, I have decided that I'll refactor my cryptographic deadhand to use python-gnupg until the sequoia-sop python bindings are released.
The official #GPGME bindings are just too damn broken to be of any real use – and I think that says a lot.
Honestly, I'm not at all sure how people can release something like that as "production grade" (for security-critical tooling, no less) and not feel deeply ashamed.