This crate paves the way for convenient handling of #OpenPGP card User PINs, for users whose threat model allows persisting the PIN locally on the host computer.
If a User PIN is stored, applications can obtain it via this crate, and perform cryptographic operations without prompting the user for PIN entry.
Currently org.freedesktop.Secret is supported for storage.
This SSH agent explores an absolutely streamlined UX for doing ssh backed by OpenPGP card-based key material.
After persisting the User PIN once, like this: "$ openpgp-card-state put --user-pin 123456 0000:01234567", the ssh agent can be used without any user interaction.
I'm interested in your feedback on these thoughts. Either here, or, if your feedback is longer, for a discussion it might be best to post to https://thunderbird.topicbox.com/groups/e2ee
Having decidedly too much fun playing with ancient #PGP artifacts.
Note the two version 2 public keys from 1992. They were created just over a year after Phil Zimmermann first released PGP (on 6 June 1991), deep in the crypto war era.
These keys predate the #OpenPGP name by around half a decade.
At over 31 years old, nation-state actors can definitely factor John Gilmore's RSA 1024 key today.
However, I believe the cost still exceeds a hobbyist budget even now.
This is more of a security question, but I currently know way more people on ruby.social than infosec.exchange. I want to use a #Yubikey for #SMIME or #GPG signing on #iOS & #iPadOS, but can't find:
Any documentation about how to integrate it with Apple Mail.
Anyplace that offers #x509 certificates for S/MIME at zero or minimal cost the way @letsencrypt offers free #SSL certs.
Self-signed S/MIME certs are a non-starter, and there are no full-featured #OpenPGP apps on iOS. Suggestions?
#K9Mail unterstützt nicht das standardmäßige Signieren von Mails, weil's von fraglicher Nutzung ist !? Da bleibt wohl nur #FairEmail für mich jetzt wo ich mal die Nerven hatte meinen PGP-Key wieder sauber zu gestalten.
[EDIT: It's not explicitly stated, but it can be inferred that Bitwarden is asking about email providers and not clients. Thanks for pointing it out! Leaving this post up, though, because it's a solid survey.]
Thunderbird friends! @bitwarden has a short survey asking about your preferred #privacy stack -- but they didn't include Thunderbird in the question about email...
Do us a favor, and when you get to Question 2, click "other" and type in Thunderbird! 💙
Reminds me of a story back in 2017, when a flaw in encryption was found in WA and they replied with "it's not a bug, it's a feature" - and in response, my friends and I decided to add PGP encryption to WA Web as a hackathon project :blobfoxlaugh:
I rely on #Thunderbird for my email communication. That is why I generate my OpenPGP keys with their key manager, not through the gpg itself.
This morning, I set up my Web Key Directory (#WKD) so anyone with an email client that supports this can auto-discover my public #OpenPGP key without needing to look at any key server or rely on information from my website.
Just migrated my #offline#gnupg and #ssh key setup to a new #smartcard. This only took about 8 hours whereas when I last did this in 2015, it took much longer. I guess this is a sign of process! But these things are still too painful. At least now, the software just works right out of #Debian.
If you use #GnuPG#GPG, and you would like to ensure interoperability with Thunderbird, you might consider to disable the use of #LibrePGP features, by using option --rfc4880 in your configuration (e.g. by adding a line with the word "rfc4880" to your gpg.conf file.)
At this time it is undecided whether future Thunderbird versions will support LibrePGP or the upcoming refresh of the #IETF#OpenPGP specification, or both, or none of them. Hopefully we'll eventually see a new universal standard.
Here's looking forward to a good new year in #OpenPGP, with an easier learning curve for newcomers, as well as progress on the standard and interoperability.
#NFC geeks/nerds: where can I buy NFC cards with a #ST25TA64K chip? It seems that is the chip with the biggest storage available? Or do you know of other standard type 4 tags with 8kB or more?
During the migration work to the new PC I found this guide by Jordan Williams on backing up and restoring OpenPGP keys using Gnu Privacy Guard (also known as GnuPG and GPG) useful 🎉