Standardized, interoperable #encryption is key for a better internet.
Proton and the @ietf OpenPGP Working Group are pleased to announce a crypto refresh of the #OpenPGP standard. Standardization today ensures interoperability tomorrow.
Hello community of #Thunderbird#OpenPGP users. I'd like to know if some of you are still stuck at Thunderbird version 68 and the old #Enigmail Add-on. Is there any missing functionality in Thunderbird 115 that is still preventing you from migrating? #PGP#GPG#GnuPG@thunderbird
I'm interested in your feedback on these thoughts. Either here, or, if your feedback is longer, for a discussion it might be best to post to https://thunderbird.topicbox.com/groups/e2ee
Ich hab es gestern ausprobiert. Die #AusweisApp2 für den Desktop konnte ich mir unter #Ubuntu mit #flatpak ganz leicht installieren. Das Smartphone braucht #NFC und die App aus dem #fdroid store.
Jetzt den public key bereithalten, denn nach 2-3 Klicks wird man danach gefragt.
Einen Moment später hätte ich meinen signierten Schlüssel in einer Mail. 😃
Apple has dropped support for macOS Mail plugins, such as GPG Mail, in macOS Sonoma. If you rely on our OpenPGP integration for your daily work, please refrain from upgrading to macOS Sonoma at this time. As a replacement Apple introduced "Mail Extensions". For GPG Mail however, some very important functionality is still missing from the Mail Extensions API which will not be available before the first update of #macOS#Sonoma.
I haven't been very good with posting/writing about what I'm working on, so here's a 1,200+ word post about how we replaced[1] the GPG code backed by a library aptly called "pretty-bad-protocol" with a Rust library named after trees, Sequoia-OpenPGP.
This is the first written-here Rust code that will be shipped by SecureDrop \o/
I pushed another update for #Sequoia#OpenPGP (version 1.16.0), which fixes a handful of parser bugs that could result in crashes caused by out-of-bounds array accesses. All affected applications were rebuilt with the new version. 🕶️
This also included the latest version of sequoia-octopus-librnp, which provides better compatibility with recent versions of #Thunderbird.
Updating sequoia-sq to the latest version is still blocked, because some of the new dependencies have blocking issues 😐
The project leader of #gnupg has announced a fork of the #openpgp standard, justifying it with a list of accusations against the #IETF working group that fall apart under scrutiny. #pgp is being threatened with destruction over a personal grievance. We strongly urge de-escalation.
After getting my laptop reinstalled, I needed to Migrate my GPG keys to a new machine. Only done this once and thought I should write it down for myself and others.
Relatedly, I also released rpgpie 🦀️🔐🥧 v0.0.1 (https://crates.io/crates/rpgpie), an experimental high level OpenPGP API based on rpgp (rsop is built on top of rpgpie).
News from the machine room: the pure #rust end-to-end encryption engine, "rpgp", saw quite some work and a new release in recent weeks and now @hko released a higher level "rpgpie" interface for application developers ( see https://fosstodon.org/@hko/111997998005869515 ) which also powers running the IETF #OpenPGP#interoperability test suite quite successfully .... Delta Chat's security-audited encryption engine is in fact used from several other projects and in other contexts these days and we are happy about it!
Can anymany tell me how I'm "supposed" to use end-to-end encryption with XMPP?
As far as I can tell there are three totally different ways to do E2EE:
a)OTR : "[https://xmpp.org/extensions/xep-0364.html](Not intended to be a current standard), or technical specification, as better (albeit, newer and less well tested) methods of end-to-end encryption exist for XMPP. "
b)OpenPGP: There are at least two different XEPs about it. XEP-0027 is obsolete, while XEP-0373 is "experimental" but hasn't been updated in almost three years.
c)OMEMO: "Experimental" and hasn't been updated in over two years.
Is there a way to do E2EE in XMPP which is neither deprecated nor experimental? What's the "Current stable" way to do it?
oct-git focuses exclusively on ergonomic use with OpenPGP card-based signing keys
It is designed to be easy to set up, standalone (no long running processes), and entirely hands-off to use (no repeated PIN entry required, by default). It comes with desktop notifications for touch confirmation (if required)
30 years ago today, #PGP 2.6 was released via MIT.
Up to this point, two major issues had been unresolved: The legal status of the use of RSA in PGP, and export of the software from the US to the rest of the world.
With the release of PGP 2.6, the first of these two issues was resolved.