Relatedly, I also released rpgpie 🦀️🔐🥧 v0.0.1 (https://crates.io/crates/rpgpie), an experimental high level OpenPGP API based on rpgp (rsop is built on top of rpgpie).
#UnpopularOpinion The current spam wave supports one of my suspicions that federated networks should be built as a web of trust, Friends of a Friend style. Open registrations invite abuse and there's only so much algorithmic stuff you can throw at that. An invitation based system is also not a perfect solution as it creates artificial scarcity. A solution somewhere in-between is needed but I am still pondering how that could look like. Will continue my thoughts as a thread starting here.
This crate paves the way for convenient handling of #OpenPGP card User PINs, for users whose threat model allows persisting the PIN locally on the host computer.
If a User PIN is stored, applications can obtain it via this crate, and perform cryptographic operations without prompting the user for PIN entry.
Currently org.freedesktop.Secret is supported for storage.
Did someone say encryption? Encryption helps protect the privacy of people you communicate with, and makes life difficult for bulk surveillance systems. Learn more with our Email Self Defense guide: https://u.fsf.org/1df#GPG#PGP#E2E#encryption
#K9Mail integration with #OpenKeychain#pgp stuff is kinda broken after an update to the former. The app crashes everytime I write an email, because I have draft encryption enabled
Having decidedly too much fun playing with ancient #PGP artifacts.
Note the two version 2 public keys from 1992. They were created just over a year after Phil Zimmermann first released PGP (on 6 June 1991), deep in the crypto war era.
These keys predate the #OpenPGP name by around half a decade.
At over 31 years old, nation-state actors can definitely factor John Gilmore's RSA 1024 key today.
However, I believe the cost still exceeds a hobbyist budget even now.
GPG/PGP tip: When trust-signing company keys, either from another company key or a personal key, sign it so you trust the whole company, not just the individual key. To do this use tsign and select a depth of 2 with a domain restriction that matches the company's domain. This will cause you to automatically trust all employees of the company that are trusted by the company's master key and verified without you needing to set the trust individually or verify individual identities.
I'm looking for an idea:
In my @thunderbird , I sign mails for different accounts digitally using #pgp . Automatic signing is switched on.
In the options, all acc's look the same, I cannot find any stored passwords anywhere inside my TB.
For one acc, I am not asked for a passphrase, mails are signed and sent immediately.
For one other acc, I am asked for a passphrase, bot only after a long wait for the pga-dialogue to appear.
What could possibly be wrong?
Cheers!
Reminds me of a story back in 2017, when a flaw in encryption was found in WA and they replied with "it's not a bug, it's a feature" - and in response, my friends and I decided to add PGP encryption to WA Web as a hackathon project :blobfoxlaugh:
I swear to Christ every time I need to do something in #PGP I get enraged all over again.
What's the cipher algorithm that PGP private keys are encrypted with when you set password protection on private keys? Something called S2k? What the fork is that?
Did someone say encryption? Encryption helps protect the privacy of people you communicate with, and makes life difficult for bulk surveillance systems. Learn more with our Email Self Defense guide: https://u.fsf.org/1df#GPG#PGP#E2E#encryption
Let's not forget that MS Windows users are unable to download #I2P with a 'sig'/'asc' file at this time. Holiday periods are typically good times for people to install and learn new, great things like I2P, PGP (#gpg4win) and possibly linux. A positive experience with #PGP can go a long way.
See prior above toot for further details if needed.
We will not tag anyone further on this issue, unless one opts-in.
During the migration work to the new PC I found this guide by Jordan Williams on backing up and restoring OpenPGP keys using Gnu Privacy Guard (also known as GnuPG and GPG) useful 🎉
« encrypted “emails” within Tuta, which cannot extend beyond their walled garden, are not really emails at all: they are encrypted messages using a proprietary format »
Considering upgrading my personal #GnuPG key from 4096 bit DSA/Elgamal to ECDSA/ED25519 . Not sure it's worth the bother, given the #PGP schism that's probably going to come to a head in the next year or two as everybody tries to agree on an open, #quantum resistant asymmetric standard.
I've had my Elgamal key for years, and I have no reason to believe it has been compromised, it's just a thought. I don't use it much other than XMPP chats and file encryption between myself and family.