Search
Items tagged with: OpenPGP
Can anymany tell me how I'm "supposed" to use end-to-end encryption with XMPP?
As far as I can tell there are three totally different ways to do E2EE:
a)OTR : "[https://xmpp.org/extensions/xep-0364.html](Not intended to be a current standard), or technical specification, as better (albeit, newer and less well tested) methods of end-to-end encryption exist for XMPP. "
b)OpenPGP: There are at least two different XEPs about it. XEP-0027 is obsolete, while XEP-0373 is "experimental" but hasn't been updated in almost three years.
c)OMEMO: "Experimental" and hasn't been updated in over two years.
Is there a way to do E2EE in XMPP which is neither deprecated nor experimental? What's the "Current stable" way to do it?
#XMPP #E2EE #EndToEndEncryption #OMEMO #OpenPGP #OTR
Current Jabber OpenPGP Usage
This document outlines the current usage of OpenPGP for messaging and presence.Thomas Muldowney
GitHub - rpgp/rpgp: OpenPGP implemented in pure Rust, permissively licensed
OpenPGP implemented in pure Rust, permissively licensed - rpgp/rpgpGitHub
In the past few weeks, I spent a bit of time on a set of #OpenPGP hobby projects around #rpgp (https://github.com/rpgp/rpgp/). Today I'm happy to announce:
rsop v0.1.0 (https://crates.io/crates/rsop), an early stage "stateless OpenPGP" tool based on rpgp.
Relatedly, I also released rpgpie π¦οΈππ₯§ v0.0.1 (https://crates.io/crates/rpgpie), an experimental high level OpenPGP API based on rpgp (rsop is built on top of rpgpie).
GitHub - rpgp/rpgp: Pure rust implementation of OpenPGP
Pure rust implementation of OpenPGP. Contribute to rpgp/rpgp development by creating an account on GitHub.GitHub
News from the machine room: the pure #rust end-to-end encryption engine, "rpgp", saw quite some work and a new release in recent weeks and now @hko released a higher level "rpgpie" interface for application developers ( see https://fosstodon.org/@hko/111997998005869515 ) which also powers running the IETF #OpenPGP #interoperability test suite quite successfully .... Delta Chat's security-audited encryption engine is in fact used from several other projects and in other contexts these days and we are happy about it!
In the past few weeks, I spent a bit of time on a set of #OpenPGP hobby projects around #rpgp (https://github.com/rpgp/rpgp/). Today I'm happy to announce:rsop v0.1.0 (https://crates.io/crates/rsop), an early stage "stateless OpenPGP" tool based on rpgp.
Relatedly, I also released rpgpie π¦οΈππ₯§ v0.0.1 (https://crates.io/crates/rpgpie), an experimental high level OpenPGP API based on rpgp (rsop is built on top of rpgpie).
GitHub - rpgp/rpgp: Pure rust implementation of OpenPGP
Pure rust implementation of OpenPGP. Contribute to rpgp/rpgp development by creating an account on GitHub.GitHub
Thunderbird is an email client with built-in support for PGP encryption.
Messages are encrypted/decrypted in the client and remain encrypted on email servers, this is client-side encryption.
Some email providers support PGP encryption server-side, this method could be vulnerable to third-party decryption of emails.
PGP: https://en.wikipedia.org/wiki/Pretty_Good_Privacy
Client side encryption: https://en.wikipedia.org/wiki/Client-side_encryption
Website: https://www.thunderbird.net
Mastodon: @thunderbird
#Thunderbird #Email #Encryption #OpenPGP #PGP
Thunderbird β Free Your Inbox.
Thunderbird is a free email application thatβs easy to set up and customize - and itβs loaded with great features!Thunderbird
I gave a talk at #fosdem #fosdem2024.
Video and slides are now available:
https://fosdem.org/2024/schedule/event/fosdem-2024-2849--security-thunderbird-email-security-plans-and-challenges-/
#thunderbird #security #openpgp #librepgp #smime
I'm interested in your feedback on these thoughts. Either here, or, if your feedback is longer, for a discussion it might be best to post to
https://thunderbird.topicbox.com/groups/e2ee
Thanks a lot to the organizers of @fosdem and the modern email developer room.
https://github.com/modern-email/FOSDEM-24?tab=readme-ov-file#contact
GitHub - modern-email/FOSDEM-24
Contribute to modern-email/FOSDEM-24 development by creating an account on GitHub.GitHub
Having decidedly too much fun playing with ancient #PGP artifacts.
Note the two version 2 public keys from 1992. They were created just over a year after Phil Zimmermann first released PGP (on 6 June 1991), deep in the crypto war era.
These keys predate the #OpenPGP name by around half a decade.
At over 31 years old, nation-state actors can definitely factor John Gilmore's RSA 1024 key today.
However, I believe the cost still exceeds a hobbyist budget even now.
We have just issued the first #release of #sshd-openpgp-auth and #ssh-openpgp-auth.
Using this server and client-side tooling it is possible to manage the #authentication of #SSH host keys with the help of an #OpenPGP certificate as trust anchor.
https://crates.io/crates/sshd-openpgp-auth
https://crates.io/crates/ssh-openpgp-auth
Many thanks to @wiktor for the great collaboration and #NLnet / #NGIAssure for funding this work!
#DNS #KeyOxide #KnownHosts #OpenSSH #Rustlang #Software #WebKeyDirectory #WebOfTrust #WKD #WoT
(New blog) The State of the Keyservers in 2024
βIn the two and a half years since the sks-keyservers.net shutdown in June 2021, the concept of #OpenPGP #keyservers has been called into question. However, keyservers still provide a vital service to the OpenPGP ecosystem.
β¦
OpenPGP is one of only two widely-used cryptography standards to include a full Public Key Infrastructureβ
https://blog.pgpkeys.eu/state-keyservers-2024.html
The State of the Keyservers in 2024
An occasional blog about OpenPGP keyservers and related issuesblog.pgpkeys.eu
Better to take some more time to prepare a proper release β looking forward to it and kudos for keeping Thunderbird on @fdroidorg.
Still, any news about future encryption options, especially via #OpenPGP? Pretty much all #Android email clients rely on #Openkeychain to manage all your keys. Sadly it is still unmaintained and desperately needs a replacement or someone to take over development. Look at issues like this: https://github.com/open-keychain/open-keychain/issues/2856
#Thunderbird for Android will also rely on this unmaintained app.
Vulnerability in OpenKeychain Β· Issue #2856 Β· open-keychain/open-keychain
Hello, Researchers discovered a vulnerability in OpenKeychain. The technical report was sent by email (security@openkeychain.org), no response. Please contact us.GitHub
LibreOffice supports symmetric and asymmetric encryption for OpenDocument Format (ODF) files.
Symmetric encryption: https://en.wikipedia.org/wiki/Symmetric-key_algorithm
Asymmetric encryption: https://en.wikipedia.org/wiki/Public-key_cryptography
Select File > Save/Save As
The "Save with password" option encrypts the file with AES-256.
The "Encrypt with GPG key" option encrypts the file with a public key.
Website: https://www.libreoffice.org
Mastodon: @libreoffice
#LibreOffice #Encryption #OpenSource #OpenPGP #PGP #GnuPG #GPG #InfoSec #Privacy #Security
Home | LibreOffice - Free Office Suite - Based on OpenOffice - Compatible with Microsoft
Free office suite β the evolution of OpenOffice. Compatible with Microsoft .doc, .docx, .xls, .xlsx, .ppt, .pptx. Updated regularly, community powered.www.libreoffice.org
https://thunderbird.topicbox.com/groups/e2ee/Tdc427a8b0255b85a/passphrase-protection-for-openpgp-secret-keys
I'd welcome some testing and feedback.
Close to the end of 2021 Iβm excited to announce the release of PGPainless version 1.0.0! I feel like it finally reached a state of sufficient maturity to be worthy of a major release with a β1β at the front.
https://blog.jabberhead.tk/2021/12/30/pgpainless-1-0-0-released/
#audit #encryption #java #openpgp #pgpainless
PGPainless 1.0.0 Released!
Close to the end of 2021 I'm excited to announce the release of PGPainless version 1.0.0! I feel like it finally reached a state of sufficient maturity to be worthy of a major release with a "1" at the front.vanitasvitae (jabberhead.tk)
We're launching https://ariadne.id, an experimental living document that contains all the knowledge that powers #keyoxide!
This should make it easier to make independent libraries, implementations, apps and websites π
Aaaand: *proof@ariadne.id=* π€©
Let's claim back sovereignty over our online identity!
Blog post: https://blog.keyoxide.org/ariadne-spec/
#openpgp #ariadnespec