Comparing #XMPP against #email protocols is too limited. What sets #deltachat apart is *vertical integration* and being driven by UI/UX considerations. Cross-platform Apps and Bots use the Rust core library which connects with #chatmail relays and classic email servers based on a higher level API -- abstracting over SMTP, MIME, #OpenPGP etc. See chatmail.at
#webxdc apps in turn use an even higher level stable API abstracting over email/xmpp/... see webxdc.org/docs/
Chatmail provides FOSS infrastructure for interoperable, secure, speedy and reliable end-to-end encrypted messaging. Check out clients as Arcane Chat, Bots or Delta Chat today!
our friends over at @rpgp just published a monster milestone, humbly tagged 0.16 😍 with
- streaming decryption and encryption
- post-quantum-cryptography
- API streamlining.
#rPGP is a full Rust implementation of #openpgp which counts among the fastest and most compliant implementations today, and includes security audits. Note: #deltachat uses a restricted subset of OpenPGP, and follows best practices (eg using the same ed25519 keys implementation as #signal) github.com/rpgp/rpgp/
The downside of our project approach was that we often got experts being very dismissive on re-using email and #OpenPGP ... and there still is some opposition which often subsides when actually trying #deltachat and #chatmail, looking at security audits and our strong usable security focus.
There may also be surprising upsides. The UK "Online Safety Bill" which attacks end-to-end encryption integrity seems to not apply for ... e-mail. Because everyone knows, e-mail is unencrypted, right? :)
A talk from the LibreOffice and Open Source Conference 2024 in Luxembourg, with Patrick Weber. More details: https://events.documentfoundation.org/libreoffic...
- decryption based on session keys is now supported, - generation of man pages and shell tab completion has been added, - some subtle semantics fixes for component key validity were implemented.
This document defines a generic stateless command-line interface for dealing with OpenPGP messages, certificates, and secret key material, known as sop.
Six times so far ... is how often important parts of #deltachat were independently #security audited and analyzed. Thanks to IncludeSecurity, Cure53, Applied Crypto Team at ETH Zuerich and Radical Open Security.
Last audit is from December 2024 covering @rpgp , the minimal #OpenPGP Rust library that is gaining traction with others projects as well. Shout-out to dignifiedquire and @hko for their excellent maintenance! For more info on Delta Chat related security audits: delta.chat/en/help#security-au…
What is Delta Chat? Delta Chat is a reliable, decentralized and secure messaging app, available for mobile and desktop platforms. Delta Chat feels like Whatsapp or Telegram but you can also use and...
I just released version 0.1.0 of rsop-oct, a new stateless #OpenPGP ("SOP") CLI tool that focuses exclusively on use with OpenPGP card hardware devices:
Like its sibling project #rsop, rsop-oct is based on @rpgp
In the next release of rsop, OpenPGP card functionality will be removed from it. The goal is to offer clear UX in two distinct simple CLI tools, as opposed to one combined and confusing CLI tool.
This document defines a generic stateless command-line interface for dealing with OpenPGP messages, certificates, and secret key material, known as sop.
This document defines a generic stateless command-line interface for dealing with OpenPGP messages, known as sop. It aims for a minimal, well-structured API covering OpenPGP object security.
Running #chatmail servers is <2h effort per month, according to an ad-hoc poll with 10 operators responding. Some have 10Ks of #deltachat users. Typically 300MB ram is used and max 60gb disc space per server. And all interoperate safely based on high security standards (DKIM and TLS enforced, and only no-metadata #openpgp encrypted messages allowed) .... with typically 0.5 secs end-to-end delivery. Who said again that email is insecure, cumbersome and slow? :)
This release brings rather complete support for the excellent new OpenPGP RFC 9580 (also known as "crypto refresh", or "v6")
RFC 9580 standardizes modern cryptographic mechanisms for OpenPGP: AEAD-based encryption, Argon2, and SHA2 fingerprints for the new OpenPGP v6 key format (v4 keys use SHA1).
Tokens
Crypto, FIDO and Security Tokens,How to contribute
Please use the Google Sheets comments to discuss or propose changes.
Scope:,USB-connected, TFA, PKI, OTP, PIV tokens,Send updates, access requests or inquires to
Purism makes premium phones, laptops, mini PCs and servers running free software on PureOS. Purism products respect people's privacy and freedom while protecting their security.
Can anymany tell me how I'm "supposed" to use end-to-end encryption with XMPP?
As far as I can tell there are three totally different ways to do E2EE:
a)OTR : "[xmpp.org/extensions/xep-0364.h…](Not intended to be a current standard), or technical specification, as better (albeit, newer and less well tested) methods of end-to-end encryption exist for XMPP. "
b)OpenPGP: There are at least two different XEPs about it. XEP-0027 is obsolete, while XEP-0373 is "experimental" but hasn't been updated in almost three years.
c)OMEMO: "Experimental" and hasn't been updated in over two years.
Is there a way to do E2EE in XMPP which is neither deprecated nor experimental? What's the "Current stable" way to do it?
#cryptography news: rpgp, the pure Rust #OpenPGP encryption engine used in all #deltachat apps, got quite some love lately, including a revamp of the main entry point for developers: github.com/rpgp/rpgp . You may regard rpgp as an extension of the #rustcrypto effort where a lot of the base code lives and is co-maintained by the wonderful diginifiedquire who also just landed a long awaited sha1-collision detector -- as one of the few people officially allowed to write crypto code :)
In the past few weeks, I spent a bit of time on a set of #OpenPGP hobby projects around #rpgp (github.com/rpgp/rpgp/). Today I'm happy to announce:
rsop v0.1.0 (crates.io/crates/rsop), an early stage "stateless OpenPGP" tool based on rpgp.
Relatedly, I also released rpgpie 🦀️🔐🥧 v0.0.1 (crates.io/crates/rpgpie), an experimental high level OpenPGP API based on rpgp (rsop is built on top of rpgpie).
News from the machine room: the pure #rust end-to-end encryption engine, "rpgp", saw quite some work and a new release in recent weeks and now @hko released a higher level "rpgpie" interface for application developers ( see fosstodon.org/@hko/11199799800… ) which also powers running the IETF #OpenPGP #interoperability test suite quite successfully .... Delta Chat's security-audited encryption engine is in fact used from several other projects and in other contexts these days and we are happy about it!
In the past few weeks, I spent a bit of time on a set of #OpenPGP hobby projects around #rpgp (github.com/rpgp/rpgp/). Today I'm happy to announce:
rsop v0.1.0 (crates.io/crates/rsop), an early stage "stateless OpenPGP" tool based on rpgp.
Relatedly, I also released rpgpie 🦀️🔐🥧 v0.0.1 (crates.io/crates/rpgpie), an experimental high level OpenPGP API based on rpgp (rsop is built on top of rpgpie).
I'm interested in your feedback on these thoughts. Either here, or, if your feedback is longer, for a discussion it might be best to post to thunderbird.topicbox.com/group…
Having decidedly too much fun playing with ancient #PGP artifacts.
Note the two version 2 public keys from 1992. They were created just over a year after Phil Zimmermann first released PGP (on 6 June 1991), deep in the crypto war era.
These keys predate the #OpenPGP name by around half a decade.
At over 31 years old, nation-state actors can definitely factor John Gilmore's RSA 1024 key today. However, I believe the cost still exceeds a hobbyist budget even now.
We have just issued the first #release of #sshd-openpgp-auth and #ssh-openpgp-auth.
Using this server and client-side tooling it is possible to manage the #authentication of #SSH host keys with the help of an #OpenPGP certificate as trust anchor.
“In the two and a half years since the sks-keyservers.net shutdown in June 2021, the concept of #OpenPGP #keyservers has been called into question. However, keyservers still provide a vital service to the OpenPGP ecosystem. … OpenPGP is one of only two widely-used cryptography standards to include a full Public Key Infrastructure”
Better to take some more time to prepare a proper release – looking forward to it and kudos for keeping Thunderbird on @fdroidorg.
Still, any news about future encryption options, especially via #OpenPGP? Pretty much all #Android email clients rely on #Openkeychain to manage all your keys. Sadly it is still unmaintained and desperately needs a replacement or someone to take over development. Look at issues like this: github.com/open-keychain/open-… #Thunderbird for Android will also rely on this unmaintained app.
Hello, Researchers discovered a vulnerability in OpenKeychain. The technical report was sent by email (security@openkeychain.org), no response. Please contact us.
Free office suite – the evolution of OpenOffice. Compatible with Microsoft .doc, .docx, .xls, .xlsx, .ppt, .pptx. Updated regularly, community powered.
We have a new #OpenPGP passphrase protection feature in #Thunderbird Daily (development) builds, in response to requests we received in the past. Here's a description and call for testing: thunderbird.topicbox.com/group… I'd welcome some testing and feedback.
Close to the end of 2021 I’m excited to announce the release of PGPainless version 1.0.0! I feel like it finally reached a state of sufficient maturity to be worthy of a major release with a “1” at the front.
Close to the end of 2021 I'm excited to announce the release of PGPainless version 1.0.0! I feel like it finally reached a state of sufficient maturity to be worthy of a major release with a "1" at the front.
Last reminder: at 10 CET we start our #OpenPGP webinar where a number of awesome projects working to advance encryption share their work and discuss the future of (Open)PGP. No signup needed, join the talk! nlnet.nl/events/20211123/PGP/i…
Don't forget! Tomorrow at 10 CET we start our #OpenPGP event with many wonderful presentations from the devs of Sequoia (including @nwalfield), @keyoxide, talks about GPG-based #email encryption for emails at rest, plug&play encryption for customer relationship management & more! No signup needed, just join the (BigBlueButton)room at 10 -> review.ngi-0.eu:2019/ 🔐 👋 🆓
Contributions and feedback are highly welcome :)
