Jetzt mal eine wirklich sehr nerdige #Frage.
Für diejenigen, die E-Mail-Verschlüsselung mit #GnuPG / #OpenPGP verwenden:
Lässt ihr die Betreffzeile offen oder wird die bei euch auch verschlüsselt?
Reminder about Mastodon "private" messages. Aside from not being end-end-encrypted (and so visible to instance administrators), they CC anyone @-mentioned ANYWHERE in the body of the message (not just those listed at the start).
They are now called "private mentions" rather than "private messages", but if you don't fully understand the semantics, this behavior may be unexpected and/or cause unpleasant side effects.
EN:
Unfortunately, I can't find a good entry point for this topic:
How do you implement server-side mail encryption and decryption for s/mime? I use Postfix+Cyrus.
DE:
Ich finde für das Thema leider keinen guten Einstieg:
Wie realisiert ihr serverseitige Mailver- und entschlüsselung für s/mime? Ich nutze Postfix+Cyrus.
@lued Das ist ja der Trick:
Das geht garnicht, jedenfalls nicht offiziell.
Es gibt ne Menge Appliances die quasi als Man-in-the-Middle agieren um dies umzusetzen aber IMHO ist das allenfalls Blenderei wenn nicht sogar digitales Schlangenöl.
Es ist einfacher allen Nutzer*innen beizubringen wie #GnuPG / #OpenPGP funktioniert als das zu realisieren...
all of the fedidrama with blocklists comes down to the idea that instances are needed for proxying traffic, but this is only true because identities are not decentralized, which is a fundamental mistake of the mastodon era of software
this is not really up to debate
without decentralized identity we will have this problem of someone else deciding what data we have access to, so if you don't like that, you have to push for it, the same way mastodon pushed for the democratization of this centralized model away from twitter, and even before mastodon others did so in a less accessible way
give power to the users by making it accessible, not by pretending that everyone can learn to use docker
Hello community of #Thunderbird#OpenPGP users. I'd like to know if some of you are still stuck at Thunderbird version 68 and the old #Enigmail Add-on. Is there any missing functionality in Thunderbird 115 that is still preventing you from migrating? #PGP#GPG#GnuPG@thunderbird
Cryptography is a tool for turning a whole swathe of problems into key management problems. Key management problems are way harder than (virtually all) cryptographers think.
Tipp Nr.5: Verwende keine unsicheren oder unverschlüsselten E-Mails für den Austausch sensibler Informationen. Nutze stattdessen sichere Kommunikationskanäle wie verschlüsselte E-Mails (bspw. GPG/OpenPGP) oder Messaging-Apps wie Signal oder Threema. Meide proprietäre Software/Apps, denen es an Transparenz mangelt. Die Verschlüsselung ist schlichtweg nicht überprüfbar - Backdoors bzw. Abhörhintertürchen inklusive.
Schon bald sollen alle EU-Bürger:innen über eine digitale Brieftasche verfügen, mit der sie sich on- wie offline ausweisen können. Ein Konsultationsprozess des Bundesinnenministeriums zeigt nun, welche Interessen die Wirtschaft dabei verfolgt. Und wie diese im Widerspruch zu Datenschutz und Privatsphäre stehen.
GNU Spotlight with Amin Bandali: Twelve new GNU releases in the last month, including #GCC, #GnuPG, #R, and more. Full details: https://u.fsf.org/400 Big thanks to @bandali0@bandali, all the devs, and other contributors!
Cryptography came to my rescue today. Thank you #GNUPG! When I had suspicions that a coworker wanted to get me fired I signed a document with my private key. When she summarily accused me of an alteration she made, #gpg revealed that she made the alteration and not me. The infosec officer and HR escorted her out. #Buhbye. I love being underestimated.
there's two ends to the "don't touch my UX, it's perfect the way it is now" spectrum: websites that get redesigned every 2 years to appease shareholders, and GIMP
@koko ...as well as #CLI - oriented tools like #GnuPG that don't allow basic shit like "encrypt/decrypt file with keyfile" but expect people to use "keyrings"...
In case it helps someone else: To change the #OpenPGP smartcard PIN on my #YubiKey, gpg --change-pin does NOT work for some reason. Using gpg --card-edit and putting admin and then passwd into the prompt lets me do it though.
After thinking about it a bunch, I have decided that I'll refactor my cryptographic deadhand to use python-gnupg until the sequoia-sop python bindings are released.
The official #GPGME bindings are just too damn broken to be of any real use – and I think that says a lot.
Honestly, I'm not at all sure how people can release something like that as "production grade" (for security-critical tooling, no less) and not feel deeply ashamed.