Getting started with XMPP/Jabber and PGP for federated, encrypted messaging

This is a short thread where I explain how I started using the XMPP protocol and PGP encryption for secure messaging. I am not a security expert, but I am a mathematician and I am confortable with the Linux command line. This guide is for people who want to use PGP for secure messaging easily. You will need to be okay with typing commands into the Linux command line in order to do this, but I will tell you exactly what to enter.

Part 1: XMPP

Mastodon is like email, but for social media. You sign up for an account with a server, and then you can talk with any other accounts that are signed up on other servers, as long as your servers are getting along. (No one wants emails from the sketchy spam server, and we want to be able to choose between Yahoo, Gmail, etc.) XMPP (a.k.a. Jabber) is the same thing for text messaging.

Just like signing up for an email/Mastodon account, you need to sign up for an account. You can find a list of servers at list.jabber.at/ and will probably at least need to provide an email addess when making an account.

Once you have made an account, you need a client. On Linux, I've been having a good time using Dino (dino.im/). You can then enter your account name and password to log into your XMPP account and start chatting! There are both public rooms and you can also message directly with your friends.

#security #PGP #XMPP #FOSS #Jabber #Dino #MonoclesChat

(1/4)

Dino. Communicating happiness.

A privacy-friendly messaging app for the desktop. It uses the XMPP protocol and provides a clean UI with modern features.

^dino.im

Everybody should learn how to use GPG.

gnupg.org/

#gpg #gnupg #encryption #security #privacy #cybersecurity #linux #pgp

🔐 If Privacy is outlawed...

Here's how you can stop them: 👉 t.co/8z8lI9eRDo

#PrivacyMatters #Encryption #CyberSecurity #TurnOnPrivacy #PGP

I just released versions 0.6.2 of rsop, a stateless #OpenPGP ("SOP") CLI tool based on @rpgp:

crates.io/crates/rsop/

Changes since rsop 0.6.0:

- decryption based on session keys is now supported,
- generation of man pages and shell tab completion has been added,
- some subtle semantics fixes for component key validity were implemented.

For more on #SOP, see datatracker.ietf.org/doc/draft…

#PGP #GnuPG

It is possible for #chatmail users to communicate with classic email users who have published their public key.

You just have to do manual chatmail registration, save your login details and private key securely, and use it with something that supports #pgp like #Thunderbird or #Mailvelope.

I just released version 0.1.0 of rsop-oct, a new stateless #OpenPGP ("SOP") CLI tool that focuses exclusively on use with OpenPGP card hardware devices:

crates.io/crates/rsop-oct/0.1.…

Like its sibling project #rsop, rsop-oct is based on @rpgp

In the next release of rsop, OpenPGP card functionality will be removed from it.
The goal is to offer clear UX in two distinct simple CLI tools, as opposed to one combined and confusing CLI tool.

For more on #SOP, see datatracker.ietf.org/doc/draft…

#PGP #GnuPG #SOP

Couldn't the #pgp #encryption in @thunderbird@mastodon.online be set so that a user who has not set up their own pgp key can still send encrypted mails to recipients whose key can be retrieved from the #WKD?

#Thunderbird #privacy

Oha, das ist provokativ: Dieser Blogartikel sagt:

- Nutzt kein #PGP / #GPG
- Nutzt kein #XMPP + OMEMO
- Nutzt kein #Matrix (im Sinne: verlasst euch nicht auf die Verschlüsselung)
- E-Mails verschlüsseln ist sinnlos

Ich kenne den Autor nicht und würde ihn nicht erwähnen, würde der Artikel nicht in ernstzunehmenden ITSec-Newslettern zitiert

soatok.blog/2024/11/15/what-to…

Meinungen? #itsec #security

What To Use Instead of PGP - Dhole Moments

It’s been more than five years since The PGP Problem was published, and I still hear from people who believe that using PGP (whether GnuPG or another OpenPGP implementation) is a thing they s…

^{Dhole Moments}

If you've recently installed Thunderbird for Android and want to add PGP support, a new article from @ZDNet has you covered. (And seriously, it's a great article!)

#Thunderbird #Android #PGP

zdnet.com/article/how-to-add-p…

How to add PGP support on Android for added security and privacy

If you need to add encryption or digital signing to the Thunderbird email app (or other supporting apps) on Android, there's one clear and easy route to success.

^{Jack Wallen (ZDNET)}

I just released version 0.4.1 of #rsop, a stateless #OpenPGP ("SOP") CLI tool based on @rpgp:

crates.io/crates/rsop/0.4.1

This release adds support for the 'revoke-key' command.

For more on #SOP, see datatracker.ietf.org/doc/draft…

#PGP #GnuPG #StatelessOpenPGP

rPGP is an #OpenPGP implementation in pure #Rust (crates.io/crates/pgp).

It serves as the end-to-end encryption engine for Delta Chat:
@delta, a secure decentralized messager for all major platforms (and then some).

rPGP implements all generations of the OpenPGP standard, up to and including the new RFC 9580.

#RustLang #Cryptography #PGP

New release today: #rPGP version 0.14.0 ✨

(#OpenPGP implemented in pure #Rust, permissively licensed)

github.com/rpgp/rpgp/releases/…

This release brings rather complete support for the excellent new OpenPGP RFC 9580 (also known as "crypto refresh", or "v6")

RFC 9580 standardizes modern cryptographic mechanisms for OpenPGP: AEAD-based encryption, Argon2, and SHA2 fingerprints for the new OpenPGP v6 key format (v4 keys use SHA1).

Thanks @NGIZero for supporting this work!

#RustLang #PGP #GnuPG

Last year, the @sovtechfund fund invited us, the Sequoia PGP Project, to join their new Bug Resilience Program.

Today, I'm pleased to announce that we are publicly launching our bug bounty program with rewards of up to €10,000 for novel, security-relevant issues in Sequoia applications, libraries, or specifications. #pgp

sequoia-pgp.org/blog/2024/04/1…

In the past few weeks, I spent a bit of time on a set of #OpenPGP hobby projects around #rpgp (github.com/rpgp/rpgp/). Today I'm happy to announce:

rsop v0.1.0 (crates.io/crates/rsop), an early stage "stateless OpenPGP" tool based on rpgp.

Relatedly, I also released rpgpie 🦀️🔐🥧 v0.0.1 (crates.io/crates/rpgpie), an experimental high level OpenPGP API based on rpgp (rsop is built on top of rpgpie).

#PGP #Rust #rustlang

GitHub - rpgp/rpgp: Pure rust implementation of OpenPGP

Pure rust implementation of OpenPGP. Contribute to rpgp/rpgp development by creating an account on GitHub.

^GitHub

Thunderbird is an email client with built-in support for PGP encryption.

Messages are encrypted/decrypted in the client and remain encrypted on email servers, this is client-side encryption.

Some email providers support PGP encryption server-side, this method could be vulnerable to third-party decryption of emails.

PGP: en.wikipedia.org/wiki/Pretty_G…
Client side encryption: en.wikipedia.org/wiki/Client-s…

Website: thunderbird.net
Mastodon: @thunderbird

#Thunderbird #Email #Encryption #OpenPGP #PGP

Having decidedly too much fun playing with ancient #PGP artifacts.

Note the two version 2 public keys from 1992. They were created just over a year after Phil Zimmermann first released PGP (on 6 June 1991), deep in the crypto war era.

These keys predate the #OpenPGP name by around half a decade.

At over 31 years old, nation-state actors can definitely factor John Gilmore's RSA 1024 key today.
However, I believe the cost still exceeds a hobbyist budget even now.

LibreOffice supports symmetric and asymmetric encryption for OpenDocument Format (ODF) files.

Select File > Save/Save As

The "Save with password" option encrypts the file with AES-256.
The "Encrypt with GPG key" option encrypts the file with a public key.

Symmetric encryption: en.wikipedia.org/wiki/Symmetri…
Asymmetric encryption: en.wikipedia.org/wiki/Public-k…

Website: libreoffice.org
Mastodon: @libreoffice

#LibreOffice #Encryption #OpenSource #OpenPGP #PGP #GnuPG #GPG #InfoSec #Privacy #Security

What about #PgP in the future of k9/Thunderbird for android?

#dev #mobile #k9mail #android #thunderbird #opensource

Great to see you around the Fediverse 🥳
And I'm looking forward to see #Thunderbird on Android

However, I think that @Ahorn and @fuomag9 have raised two important points that I'd like to second:
Please plan to publish your app via #FDroid right from the start - and include encryption via #PGP and #SMIME

Oh - and just drop the word here when you start looking for beta testers 😊