I just released version 0.4.1 of #rsop, a stateless #OpenPGP ("SOP") CLI tool based on @rpgp:

crates.io/crates/rsop/0.4.1

This release adds support for the 'revoke-key' command.

For more on #SOP, see datatracker.ietf.org/doc/draft…

#PGP #GnuPG #StatelessOpenPGP

rPGP is an #OpenPGP implementation in pure #Rust (crates.io/crates/pgp).

It serves as the end-to-end encryption engine for Delta Chat:
@delta, a secure decentralized messager for all major platforms (and then some).

rPGP implements all generations of the OpenPGP standard, up to and including the new RFC 9580.

#RustLang #Cryptography #PGP

New release today: #rPGP version 0.14.0 ✨

(#OpenPGP implemented in pure #Rust, permissively licensed)

github.com/rpgp/rpgp/releases/…

This release brings rather complete support for the excellent new OpenPGP RFC 9580 (also known as "crypto refresh", or "v6")

RFC 9580 standardizes modern cryptographic mechanisms for OpenPGP: AEAD-based encryption, Argon2, and SHA2 fingerprints for the new OpenPGP v6 key format (v4 keys use SHA1).

Thanks @NGIZero for supporting this work!

#RustLang #PGP #GnuPG

some news regarding rPGP, the minimal #Rust #OpenPGP implementation that stably provides end-to-end encryption for Delta users since many years:

- a new FAQ including questions about IETF specs, Post-Quantum cryptography, Autocrypt, LibrePGP, Seqouia etc. github.com/rpgp/rpgp/blob/mast…

- NLNET just granted #OpenPGP V6 work on rPGP: nlnet.nl/project/rPGP-cryptore…

rPGP is an independent and stable project which provides good general #OpenPGP interoperability, see "rpgpie" in tests.sequoia-pgp.org/

rpgp/docs/FAQ.md at master · rpgp/rpgp

OpenPGP implemented in pure Rust, permissively licensed - rpgp/rpgp

^GitHub

I updated my crowd-sourced list of #openpgp, #fido, #u2f and #piv, #pki security tokens:

l.0l.de/tokens

Feel free to have a look if you are in the market for a new security token Contributions and feedback are highly welcome :)

Crypto, FIDO and Security Tokens

Tokens Crypto, FIDO and Security Tokens,How to contribute Please use the Google Sheets comments to discuss or propose changes. Scope:,USB-connected, TFA, PKI, OTP, PIV tokens,Send updates, access requests or inquires to

^{Google Docs}

Can anymany tell me how I'm "supposed" to use end-to-end encryption with XMPP?

As far as I can tell there are three totally different ways to do E2EE:

a)OTR : "[xmpp.org/extensions/xep-0364.h…](Not intended to be a current standard), or technical specification, as better (albeit, newer and less well tested) methods of end-to-end encryption exist for XMPP. "

b)OpenPGP: There are at least two different XEPs about it. XEP-0027 is obsolete, while XEP-0373 is "experimental" but hasn't been updated in almost three years.

c)OMEMO: "Experimental" and hasn't been updated in over two years.

Is there a way to do E2EE in XMPP which is neither deprecated nor experimental? What's the "Current stable" way to do it?

#XMPP #E2EE #EndToEndEncryption #OMEMO #OpenPGP #OTR

In the past few weeks, I spent a bit of time on a set of #OpenPGP hobby projects around #rpgp (github.com/rpgp/rpgp/). Today I'm happy to announce:

rsop v0.1.0 (crates.io/crates/rsop), an early stage "stateless OpenPGP" tool based on rpgp.

Relatedly, I also released rpgpie 🦀️🔐🥧 v0.0.1 (crates.io/crates/rpgpie), an experimental high level OpenPGP API based on rpgp (rsop is built on top of rpgpie).

#PGP #Rust #rustlang

GitHub - rpgp/rpgp: Pure rust implementation of OpenPGP

Pure rust implementation of OpenPGP. Contribute to rpgp/rpgp development by creating an account on GitHub.

^GitHub

News from the machine room: the pure #rust end-to-end encryption engine, "rpgp", saw quite some work and a new release in recent weeks and now @hko released a higher level "rpgpie" interface for application developers ( see fosstodon.org/@hko/11199799800… ) which also powers running the IETF #OpenPGP #interoperability test suite quite successfully .... Delta Chat's security-audited encryption engine is in fact used from several other projects and in other contexts these days and we are happy about it!

Heiko

2024-02-26 13:23:46

In the past few weeks, I spent a bit of time on a set of #OpenPGP hobby projects around #rpgp (github.com/rpgp/rpgp/). Today I'm happy to announce:

rsop v0.1.0 (crates.io/crates/rsop), an early stage "stateless OpenPGP" tool based on rpgp.

Relatedly, I also released rpgpie 🦀️🔐🥧 v0.0.1 (crates.io/crates/rpgpie), an experimental high level OpenPGP API based on rpgp (rsop is built on top of rpgpie).

#PGP #Rust #rustlang

GitHub - rpgp/rpgp: Pure rust implementation of OpenPGP

Pure rust implementation of OpenPGP. Contribute to rpgp/rpgp development by creating an account on GitHub.

^GitHub

Thunderbird is an email client with built-in support for PGP encryption.

Messages are encrypted/decrypted in the client and remain encrypted on email servers, this is client-side encryption.

Some email providers support PGP encryption server-side, this method could be vulnerable to third-party decryption of emails.

PGP: en.wikipedia.org/wiki/Pretty_G…
Client side encryption: en.wikipedia.org/wiki/Client-s…

Website: thunderbird.net
Mastodon: @thunderbird

#Thunderbird #Email #Encryption #OpenPGP #PGP

I gave a talk at #fosdem #fosdem2024.

Video and slides are now available:
fosdem.org/2024/schedule/event…

#thunderbird #security #openpgp #librepgp #smime

I'm interested in your feedback on these thoughts. Either here, or, if your feedback is longer, for a discussion it might be best to post to
thunderbird.topicbox.com/group…

Thanks a lot to the organizers of @fosdem and the modern email developer room.
github.com/modern-email/FOSDEM…

GitHub - modern-email/FOSDEM-24

Contribute to modern-email/FOSDEM-24 development by creating an account on GitHub.

^GitHub

Having decidedly too much fun playing with ancient #PGP artifacts.

Note the two version 2 public keys from 1992. They were created just over a year after Phil Zimmermann first released PGP (on 6 June 1991), deep in the crypto war era.

These keys predate the #OpenPGP name by around half a decade.

At over 31 years old, nation-state actors can definitely factor John Gilmore's RSA 1024 key today.
However, I believe the cost still exceeds a hobbyist budget even now.

We have just issued the first #release of #sshd-openpgp-auth and #ssh-openpgp-auth.

Using this server and client-side tooling it is possible to manage the #authentication of #SSH host keys with the help of an #OpenPGP certificate as trust anchor.

crates.io/crates/sshd-openpgp-…

crates.io/crates/ssh-openpgp-a…

Many thanks to @wiktor for the great collaboration and #NLnet / #NGIAssure for funding this work!

#DNS #KeyOxide #KnownHosts #OpenSSH #Rustlang #Software #WebKeyDirectory #WebOfTrust #WKD #WoT

(New blog) The State of the Keyservers in 2024

“In the two and a half years since the sks-keyservers.net shutdown in June 2021, the concept of #OpenPGP #keyservers has been called into question. However, keyservers still provide a vital service to the OpenPGP ecosystem.
…
OpenPGP is one of only two widely-used cryptography standards to include a full Public Key Infrastructure”

blog.pgpkeys.eu/state-keyserve…

Better to take some more time to prepare a proper release – looking forward to it and kudos for keeping Thunderbird on @fdroidorg.

Still, any news about future encryption options, especially via #OpenPGP? Pretty much all #Android email clients rely on #Openkeychain to manage all your keys. Sadly it is still unmaintained and desperately needs a replacement or someone to take over development. Look at issues like this: github.com/open-keychain/open-…
#Thunderbird for Android will also rely on this unmaintained app.

Vulnerability in OpenKeychain · Issue #2856 · open-keychain/open-keychain

Hello, Researchers discovered a vulnerability in OpenKeychain. The technical report was sent by email (security@openkeychain.org), no response. Please contact us.

^GitHub

LibreOffice supports symmetric and asymmetric encryption for OpenDocument Format (ODF) files.

Select File > Save/Save As

The "Save with password" option encrypts the file with AES-256.
The "Encrypt with GPG key" option encrypts the file with a public key.

Symmetric encryption: en.wikipedia.org/wiki/Symmetri…
Asymmetric encryption: en.wikipedia.org/wiki/Public-k…

Website: libreoffice.org
Mastodon: @libreoffice

#LibreOffice #Encryption #OpenSource #OpenPGP #PGP #GnuPG #GPG #InfoSec #Privacy #Security

PGPainless 1.0.0 Released!

Close to the end of 2021 I’m excited to announce the release of PGPainless version 1.0.0! I feel like it finally reached a state of sufficient maturity to be worthy of a major release with a “1” at the front.

blog.jabberhead.tk/2021/12/30/…

#audit #encryption #java #openpgp #pgpainless

PGPainless 1.0.0 Released!

Close to the end of 2021 I'm excited to announce the release of PGPainless version 1.0.0! I feel like it finally reached a state of sufficient maturity to be worthy of a major release with a "1" at the front.

^{vanitasvitae (jabberhead.tk)}

📣 The first of the bigger announcements 🎉

We're launching ariadne.id, an experimental living document that contains all the knowledge that powers #keyoxide!

This should make it easier to make independent libraries, implementations, apps and websites 😎

Aaaand: *proof@ariadne.id=* 🤩

Let's claim back sovereignty over our online identity!

Blog post: blog.keyoxide.org/ariadne-spec…

#openpgp #ariadnespec