Schon krass wie immer noch sehr populär #Email angewendet wird, ohne #Verschlüsselung oder #marking vom Account etc. – Email hauptsache #HTML aber der #Absender könnte sonst wer sein und das im internen #Business 📧
Ne ist nicht neu und seit ewig so aber trotzdem stumpf nervend und für vierle User nicht nachvolziehbar. Ich hatte jemanden @keyoxide gezeigt und sie war total verwirrt und wollte "was Einfaches" und hatte dabei #PGP noch in kein einzigem Wort erwähnt..... 🤷♂️
Some people don't see the value of using a password manager and keep sharing their streaming service passwords with their friends and relatives in plain text.
This is an attempt to simplify the process of sending encrypted passwords for non-technical users, using local encryption with temporary #PGP keys.
looking for some #pgp advice. i updated my key several years ago with some email aliases, but now i want it to be more authoritative. is the best option to deprecate the old key and start a new one, or is there a way to invalidate some of the aliases?
Holy shit, @protonmail just doubled my base storage to six terabytes for #ProtonMail, #ProtonDrive, etc. I’m only using a little over 16 GB.
Granted I’ve been a paid subscriber since the summer of 2016 (first on their Plus plan, then on Visionary starting the following year). But this is ridiculous.
Anyone out there with a love for #PGP / #GPG want to take a look at my website where I explain my PGP keys and see if you can think of anything else useful to add?
Bonus points if everyone has any suggestions of stuff to add that isnt pgp specific as well.
#K9Mail integration with #OpenKeychain#pgp stuff is kinda broken after an update to the former. The app crashes everytime I write an email, because I have draft encryption enabled
oct-git focuses exclusively on ergonomic use with OpenPGP card-based signing keys
It is designed to be easy to set up, standalone (no long running processes), and entirely hands-off to use (no repeated PIN entry required, by default). It comes with desktop notifications for touch confirmation (if required)
...ja ich schreibe bislang privat noch immer unverschlüsselte Mails. Das wäre aber ein nicer Usecase, das mal zu ändern. Anleitung gerne für #AppleMail. (geht auch bei iOS?)
I've read a lot of complaints about #PGP recently. Apparently it's obsolete, ill-designed, unsecure… But no one is able to tell me what I'm supposed to use instead. Rants talk about half a dozen experimental tools that do a fraction of what PGP does and aren't supported anywhere. Not helping.
If you want to change the game, start by providing a solution.
I like #signal and #xmpp and such private instant messaging, but there's something kinda neat about having an #email in #PlainText and #PGP encrypted sent by a real person, instead of the typical login notices or school notifications
:BoostOK: Because DMs are not end-to-end encrypted on Mastodon or on any Fediverse social media platform, your instance admin can read your DMs, and so will any unauthorized individuals if the DMs gets leaked.
If you send a DM to anyone on the Fediverse, make sure it's something you wouldn't mind if it ever gets leaked. If you DO mind, use a privacy-respecting end-to-end encrypted platform like Signal, Session, or Matrix.
Alternatively, you can encrypt your messages using PGP if they list their PGP key in their bio and send them via DMs on the Fediverse. Even better, you can use PGP to send your Signal, Session or Matrix address via DMs.
Proton Mail automatically encrypts/decrypts messages between Proton Mail accounts via OpenPGP/PGP.
Proton Mail supports automatically encrypting/decrypting messages between Proton Mail accounts and external email accounts that support OpenPGP/PGP or GnuPG/GPG.
I'll be at #DEFCON though I will be mostly focused on learning, of course I will be wanting to network with people. I'll have limited access to #Mastodon and #Matrix while there. Also don't forget to #PGP sign your emails and load them on a keyserver. My PGP is in my links and fingerprint is on the back of my cards. Come over and say hi if you find me, if I'm awkward it's not you it's me, I'll probably just be processing a lot.
MacOS #sonoma is behind the corner and no word yet from @GPGTools. I wish #Apple would take matters into its own hands and incorporate #pgp in Mail by default. They even have a page promoting PGP to communicate securely with them. Do they expect me to use Thunderbird for it? https://support.apple.com/en-gb/HT201214
I have no idea if I should keep using KeyBase to manage PGP. I know nothing about PGP, I just need the key for git commit signing, so in that regard it's helping. They added crypto wallet junk a long, long time ago, but no longer seem to mention it on their home page. They got sold to Zoom in 2020, which seems to have stopped development. But it still works, and is still encrypted the same way as always. #KeyBase#pgp#git
Many of the reasons described in the #letsEncrypt forum are true, which does not mean S/MIME is impossible to fix or use.
There is native support for S/MIME in many email clients both desktop and mobile/tablet, including most of the 'stock' clients installed by default in most of the devices, so this is not an issue.
I think the big problems are basically 2:
1.- Having a throwaway key and certificate every 30 days (as we do with Letsencrypt SSL/TLS) is very inconvenient because we would need to keep a long collection of them in order access old messages.
2.- People access their email from multiple devices, so syncing the private key securely across all of them becomes a challenge.
For the tech savvy, both problems are manageable:
1.- You can get a free S/MIME certificate from #Actalis valid for 1 year here:
Please read a very important reply to this post by @duxsco pointing out to the insecurity of the Actalis certificate, and providing a secure but not free alternative.
2.- You can manually add this certificate to all your devices and keep an encrypted/secure repository with all your old keys and certificates in case you need to access your archived email.
I've been doing exactly that for years and it is just fine for signing my email.
IMHO for 'fixing' the whole signing and encryption of emails, #OpenPGP is conceptually closer to be a more consistent solution, and I use it with everyone who understands it, but I have to admit that the ecosystems is far less ready than for S/MIME (you will need to use specialised apps or installed plugins, etc.), Thunderbird being a shining exception.
PGP has several very powerful advantages:
1.- You don't need a CA for the sole purpose of generating your keys.
2.- You can use the same keys for many years.
3.- People who really trust each other can sign each other's keys creating a web-of-trust.
4.- There is a free network of keyservers where you can upload your public keys and make them available to everyone.
5.- Most people these days have their own website, blog or social media account where they can publish their public keys for cases when they distrust the public servers. They can manually exchange them too.
In the long run I believe we should promote the adoption of OpenPGP instead of S/MIME, with more people using it, native support should follow.
I am not an expert though, so I'd love to hear from others too. 😊
This crate paves the way for convenient handling of #OpenPGP card User PINs, for users whose threat model allows persisting the PIN locally on the host computer.
If a User PIN is stored, applications can obtain it via this crate, and perform cryptographic operations without prompting the user for PIN entry.
Currently org.freedesktop.Secret is supported for storage.
I moved to a Thinkpad w541 with coreboot so I needed to set up my email encryption on Thunderbird again.
It took me more time to reconfigure it again - as usual - so I decided to take notes this time and create a blog post about it. As this might be useful for somebody else … or me in the future :-)
Considering to change my #backup solution from #duplicity to #restic (Not sure yet, I like having #pgp keys for encryption, but it's not like a long password stored in #PasswordStore wouldn't cut it). Since restic supports Windows I might try moving a couple relatives onto it; Makes helping them easier if I know the software. For them however, a #GUI is likely a MUST, but what I've found so far is not too encouraging: restatic (dead), npbackup ("metrics" and other assorted niggles), resticguigx (Electron), backrest (browser-based, which makes my skin crawl for security tooling)... Does anyone know other options I missed? Or has some compelling arguments for those I mentioned?