tallship, 15 days ago to privacy

#e2ee is a goal, not a promise. As far back as I can remember, forums like those supporting #Enigmail and #gpg were staffed with volunteers from the privacy community who repeatedly insisted on answering questions, like, "Is <this> (whatever this might be) totally secure?" with stock questions like, "What is it that you consider 'totally secure?" or answers such as, "Secure is a relative term, nothing is completely secure, how secure do you need your mission's communications to be?"

Phrases such as, reasonably secure should be indicators of how ridiculous it is to assume that any secure platform is EVER completely, and totally secure.

That begs the question, "Exactly how secure do you require your communications to be?" The answer is always, ... relative.

Which means that you should always believe Ellen Ripley when she says, "Be afraid. Be very afraid!"

https://www.city-journal.org/article/signals-katherine-maher-problem

#tallship #encryption #PGP #secure_communication #Privacy #FOSS

⛵

.

hko, 16 days ago (edited 16 days ago) to rust

Meet oct-git, a new #OpenPGP signing and verification tool for use with the #Git distributed version control system:

https://crates.io/crates/openpgp-card-tool-git 🦀

oct-git focuses exclusively on ergonomic use with OpenPGP card-based signing keys

It is designed to be easy to set up, standalone (no long running processes), and entirely hands-off to use (no repeated PIN entry required, by default). It comes with desktop notifications for touch confirmation (if required)

#RustLang #PGP #GnuPG #gpg #Nitrokey #YubiKey

purism, 22 days ago to linuxphones

The long sought after secure communication of end-to-end hardware encrypted (HWE) chats is now available.
https://puri.sm/posts/hardware-encrypted-comsec-bundle-by-purism/?mtm_campaign=status_update&mtm_source=organic&mtm_medium=librem_social&mtm_content=ls-hardware-encrypted-comsec-bundle-by-purism
#librem5 #Purism #smartcard #pgp #encrypted

hko, 23 days ago (edited 23 days ago) to rust

I just released version 0.3.1 of https://crates.io/crates/rsop, a stateless #OpenPGP ("sop") card tool based on #rPGP.
rsop natively supports OpenPGP card (hardware cryptography) devices

SOP is a standardized, vendor agnostic, CLI interface for the most common OpenPGP operations.
See https://datatracker.ietf.org/doc/draft-dkg-openpgp-stateless-cli/ for more on SOP.

rsop is featured in the "OpenPGP interoperability test suite" at https://tests.sequoia-pgp.org/ (under "rpgpie", which is rsop's high level OpenPGP library).

#PGP #GPG #GnuPG #rustlang

hko, 28 days ago to rust

I just released version 0.10.1 of https://crates.io/crates/openpgp-card-tools, the general purpose "oct" #OpenPGP card tool.

This release adds the "oct admin signing-pin-validity" subcommand, to configure if a card requires User PIN presentation for each signature operation, or if User PIN presentation is valid for the full duration of a connection to the card.

(#GnuPG calls this flag "forcesig")

#rustlang #PGP #gpg

sequoiapgp, 28 days ago to random

Sequoia PGP's paid development is financed by @sovtechfund (❤️ ). In addition to writing code, they also support our standardization work, and community outreach. In this blog post, I discuss some of our community engagement (presentations and collaborations with sett, @securedrop, and @fedora) that have happened over the past few months.

#pgp

https://sequoia-pgp.org/blog/2024/04/25/202404-community/

blueghost, 29 days ago to email

Proton Mail automatically encrypts/decrypts messages between Proton Mail accounts via OpenPGP/PGP.

Proton Mail supports automatically encrypting/decrypting messages between Proton Mail accounts and external email accounts that support OpenPGP/PGP or GnuPG/GPG.

Instructions: https://proton.me/support/how-to-use-pgp
GnuPG: https://mastodon.online/@blueghost/111974048270035570

Website: https://proton.me
Mastodon: @protonprivacy

#Proton #ProtonMail #ProtonPrivacy #OpenPGP #PGP #GnuPG #GPG #Email #Encryption #E2EE #InfoSec #Privacy

stafwag, 1 month ago to debian

Use a GPG smartcard with Thunderbird. Part 1: setup GnuPG

https://stafwag.github.io/blog/blog/2024/04/21/use-a-gpg-smartcard-with-thunderbird-part_1-setup-gpg/

I moved to a Thinkpad w541 with coreboot so I needed to set up my email encryption on Thunderbird again.

It took me more time to reconfigure it again - as usual - so I decided to take notes this time and create a blog post about it. As this might be useful for somebody else … or me in the future :-)

#debian #email #gpg #gnupg #linux #pgp #security #thunderbird

#stafwag @stafwag

lpwaterhouse, 1 month ago to random

Considering to change my #backup solution from #duplicity to #restic (Not sure yet, I like having #pgp keys for encryption, but it's not like a long password stored in #PasswordStore wouldn't cut it). Since restic supports Windows I might try moving a couple relatives onto it; Makes helping them easier if I know the software. For them however, a #GUI is likely a MUST, but what I've found so far is not too encouraging: restatic (dead), npbackup ("metrics" and other assorted niggles), resticguigx (Electron), backrest (browser-based, which makes my skin crawl for security tooling)... Does anyone know other options I missed? Or has some compelling arguments for those I mentioned?

sequoiapgp, 1 month ago to random

Last year, the @sovtechfund fund invited us, the Sequoia PGP Project, to join their new Bug Resilience Program.

Today, I'm pleased to announce that we are publicly launching our bug bounty program with rewards of up to €10,000 for novel, security-relevant issues in Sequoia applications, libraries, or specifications. #pgp

https://sequoia-pgp.org/blog/2024/04/10/202404-bug-bounty/

nwalfield, 1 month ago to random

We're trying to polish sq, Sequoia #PGP's CLI, in preparation for our 1.0 release this summer. One place we could use some help is with the CLI's UX: are the subcommands and options sane, and consistent? Also, we want to provide guidance so that user's don't need to memorize workflows, but are nudged along. See for instance: https://gitlab.com/sequoia-pgp/sequoia-sq/-/issues/221 If you are interested in helping, please reach out!

hko, 1 month ago to linux

I just released https://crates.io/crates/openpgp-card-ssh-agent version 0.3.0, a new #SSH agent for #OpenPGP card users.

This agent makes ssh with OpenPGP card devices friction-less: No more ongoing PIN entry!

This release adds full support for Windows, based on amazing work by @wiktor 🥳

This version supports #Linux, #MacOS and #Windows equally.

If anyone with a background in MacOS or Windows packaging is interested in packaging this, we'd love to hear from you!

#rustlang #rust #openssh #hsm #pgp #gpg #gnupg

hko, 1 month ago to rust

I just released https://crates.io/crates/openpgp-card-ssh-agent version 0.2.4, a new #SSH agent for #OpenPGP card users.

This version comes with substantial updates to the openpgp-card-state dependency (which handles User PIN storage for OpenPGP card devices, see https://codeberg.org/openpgp-card/state).
It now supports selecting different PIN storage backends, including one to store the User PIN directly in the config file.

PIN verification error cases are now handled more defensively

#rustlang #rust #openssh #hsm #pgp #gpg #gnupg

aredsquirrel, 1 month ago to linux

Everyone should learn how to self-verify with their own cryptographic keys.

Why rely on a third party to verify, where you have to upload your own ID?

Verifying accounts with a central authority is laying trust in that authority, and taking risk, trusting them they can protect your identity and not abuse that position.

The proof is in the history of identity and activity of the key.
It is best to start learning now and build up an identity.
#pgp #linux #foss

NeoGeo, 2 months ago to random German

#emailsicherheit #itsicherheit

An die Fachleute im Fediverse:

Habt ihr eine #Empfehlung für einen sicheren E-Mail Anbieter? Was haltet ihr von #protonmail ?

Da ich überwiegend über Android E-Mails schreibe, ist das so ne Sache mit #smime und #pgp . Hab da nicht so die Ahnung von.

Gerne #boosten

Liebe Grüße

hko, 2 months ago to rust

I just released version 0.2.0 of https://crates.io/crates/rsop

#rsop is a "Stateless OpenPGP" CLI tool based on #rPGP.

This new version adds more support for handling passphrase-protected private key material, as well as handling of un-armored OpenPGP data.

See https://datatracker.ietf.org/doc/draft-dkg-openpgp-stateless-cli/ for more on SOP.

#OpenPGP #PGP #SOP #rust #rustlang

fsf, 2 months ago to random

Did someone say encryption? Encryption helps protect the privacy of people you communicate with, and makes life difficult for bulk surveillance systems. Learn more with our Email Self Defense guide: https://u.fsf.org/1df #GPG #PGP #E2E #encryption

orbitalmartian, 2 months ago to random

Does anyone know how to setup #mutt with a #pgp key? I want to figure this out XD #AskFedi

hko, 2 months ago (edited 2 months ago) to rust

In the past few weeks, I spent a bit of time on a set of #OpenPGP hobby projects around #rpgp (https://github.com/rpgp/rpgp/). Today I'm happy to announce:

rsop v0.1.0 (https://crates.io/crates/rsop), an early stage "stateless OpenPGP" tool based on rpgp.

Relatedly, I also released rpgpie 🦀️🔐🥧 v0.0.1 (https://crates.io/crates/rpgpie), an experimental high level OpenPGP API based on rpgp (rsop is built on top of rpgpie).

#PGP #Rust #rustlang

hko, 3 months ago (edited 3 months ago) to rust

I just released version 0.0.1 of the new crate https://crates.io/crates/openpgp-card-state

This crate paves the way for convenient handling of #OpenPGP card User PINs, for users whose threat model allows persisting the PIN locally on the host computer.

If a User PIN is stored, applications can obtain it via this crate, and perform cryptographic operations without prompting the user for PIN entry.

Currently org.freedesktop.Secret is supported for storage.

Thoughts are welcome!

#rust #rustlang #pgp #gnupg #gpg

fsf, 3 months ago to random

Did someone say encryption? Encryption helps protect the privacy of people you communicate with, and makes life difficult for bulk surveillance systems. Learn more with our Email Self Defense guide: https://u.fsf.org/1df #GPG #PGP #E2E #encryption

joel, 3 months ago to random

#K9Mail integration with #OpenKeychain #pgp stuff is kinda broken after an update to the former. The app crashes everytime I write an email, because I have draft encryption enabled

This is so sad :'c

blueghost, 3 months ago to email

Thunderbird is an email client with built-in support for PGP encryption.

Messages are encrypted/decrypted in the client and remain encrypted on email servers, this is client-side encryption.

Some email providers support PGP encryption server-side, this method could be vulnerable to third-party decryption of emails.

PGP: https://en.wikipedia.org/wiki/Pretty_Good_Privacy
Client side encryption: https://en.wikipedia.org/wiki/Client-side_encryption

Website: https://www.thunderbird.net
Mastodon: @thunderbird

#Thunderbird #Email #Encryption #OpenPGP #PGP

hko, 3 months ago to random

Having decidedly too much fun playing with ancient #PGP artifacts.

Note the two version 2 public keys from 1992. They were created just over a year after Phil Zimmermann first released PGP (on 6 June 1991), deep in the crypto war era.

These keys predate the #OpenPGP name by around half a decade.

At over 31 years old, nation-state actors can definitely factor John Gilmore's RSA 1024 key today.
However, I believe the cost still exceeds a hobbyist budget even now.

freemo, 3 months ago to security

It was a very very long weekend preparing Yubikeys with pgp keys.

#yubikey #pgp #gpg #security #OpenPGP