oct-git focuses exclusively on ergonomic use with OpenPGP card-based signing keys
It is designed to be easy to set up, standalone (no long running processes), and entirely hands-off to use (no repeated PIN entry required, by default). It comes with desktop notifications for touch confirmation (if required)
»8 Ways Your #Email Account Is Vulnerable to #Hack'ers«
It would help a little to use #OpenPGP signatures, but this alone irritates many because they "can't read" the attached file. Why do they call themselves #security-conscious #IT professionals and users? Implementing something like this in a company is really not too much effort. In my opinion, this alone would increase the sender's confidence considerably.
@kubikpixel Ooooooh ja. Auch immer wieder. „Ich kann den Anhang nicht öffnen“ 🤦♂️
Typische DAUs eben. Klicken auf jeden Anhang, der nicht bei 3 auffm Baum ist und dann wundern sich Firmen, wenn se Malware haben?? 😂
I just released version 0.3.1 of https://crates.io/crates/rsop, a stateless #OpenPGP ("sop") card tool based on #rPGP.
rsop natively supports OpenPGP card (hardware cryptography) devices
rsop is featured in the "OpenPGP interoperability test suite" at https://tests.sequoia-pgp.org/ (under "rpgpie", which is rsop's high level OpenPGP library).
This release adds the "oct admin signing-pin-validity" subcommand, to configure if a card requires User PIN presentation for each signature operation, or if User PIN presentation is valid for the full duration of a connection to the card.
FWIW, I am skeptical of the usefulness of "per-signature PIN presentation" on modern OpenPGP card devices.
This mode made sense with actual Smart Cards, when used in a reader with a physical pin pad.
However, with modern USB devices, I'd say that "touch confirmation" serves a similar goal, but is more fit for purpose.
Mechanisms that move authorization for signing operations outside the host computer add some defense in depth. Repeated PIN presentation from the host computer, less so.
Proton Mail automatically encrypts/decrypts messages between Proton Mail accounts via OpenPGP/PGP.
Proton Mail supports automatically encrypting/decrypting messages between Proton Mail accounts and external email accounts that support OpenPGP/PGP or GnuPG/GPG.
@protonprivacy@blueghost (can be) true, buuut, theres one thing wich mess people up - many takes writing from/to proton mail users as something wich will be encrypted "by default" without any knowledge of how pgp keys works + it just about trust that proton does not read messages when storing secret key themselves...
@iuvi@blueghost Note that Proton Mail servers don't hold your private master key directly — it is always stored encrypted with your account password. And we don't have access to your account password.
Can anymany tell me how I'm "supposed" to use end-to-end encryption with XMPP?
As far as I can tell there are three totally different ways to do E2EE:
a)OTR : "[https://xmpp.org/extensions/xep-0364.html](Not intended to be a current standard), or technical specification, as better (albeit, newer and less well tested) methods of end-to-end encryption exist for XMPP. "
b)OpenPGP: There are at least two different XEPs about it. XEP-0027 is obsolete, while XEP-0373 is "experimental" but hasn't been updated in almost three years.
c)OMEMO: "Experimental" and hasn't been updated in over two years.
Is there a way to do E2EE in XMPP which is neither deprecated nor experimental? What's the "Current stable" way to do it?
@hko@wiktor I could help with the Windows installer. I've almost 25 years experience with Windows Installer and was previously the Visual Studio architect on the new installer, and worked on WiX (the original) for many years. I also wrote and maintain installers for PowerShell, OpenSSH for Windows, etc. al. I've also helped publish those to winget, chocolatey, and scoop.
Does the agent run as a service using the Service Control Manager on Windows, or just a loose exe with no recovery? Systray?
This version comes with substantial updates to the openpgp-card-state dependency (which handles User PIN storage for OpenPGP card devices, see https://codeberg.org/openpgp-card/state).
It now supports selecting different PIN storage backends, including one to store the User PIN directly in the config file.
PIN verification error cases are now handled more defensively
A card can be configured to use "direct" PIN storage in the config file by editing its configuration (in ~/.config/openpgp-card-state/config.toml on a typical linux setup) to read like this:
[[cards]]
ident = "0000:01234567"
[cards.pin_storage]
Direct = "123456"
(... if the card's identity is "0000:01234567" and the User PIN is "123456")
Sie rufen von deinem e-Perso den Namen ab, du lädst deinen Public Key hoch, wählst eine der User-IDs des Keys aus (wenn du mehrere hast), und wenn der Name der UID mit dem Namen auf dem Perso übereinstimmt, bekommst du an die Mailadresse in der UID eine Signatur von 0xA4BF43D7 "Governikus OpenPGP Signaturservice (Neuer Personalausweis)".
@blausand@deraffe Unwahrscheinlich, würde ich sagen. Du bekommst vor dem Zugriff auf den Ausweis angezeigt, welche Felder gelesen werden, und da stand bei mir nur Vorname, Nachname und akademischer Grad.