spent the day doing things i am absolutely not qualified to do.

my digital identity is now crypto-graphically verifiable across mastodon, matrix, xmpp, and two domains.

no, i will not be taking questions about what any of that means.

https://keyoxide.org/[email protected]

#DNS #XMPP #PGP #OpenPGP #Keyoxide #Matrix #Mastodon #DecentralizedIdentity #FOSS

Exciting news from the coalface! The first beta of Hockeypuck 2.4 with PQC support is now live on https://test.pgpkeys.eu for public evaluation.

#OpenPGP is going post-quantum in 2026, and the #Hockeypuck #keyserver software is prepared to distribute post-quantum-safe OpenPGP certificates.

Hockeypuck 2.4-beta1 supports post-quantum-safe signing and encryption algorithms based on ML-DSA-65, ML-DSA-87, ML-KEM-768, and ML-KEM-1024, each used in hybrid mode with either curve25519 or curve448 ECC. These are the mandatory and recommended algorithms from the upcoming OpenPGP PQC spec [1].

In order to distribute the new primary (signing) keys safely, without adversely impacting older client software, they are only distributed over the HKPv2 API. Hockeypuck implements the `certs`, `index` and `prefixlog` endpoints as defined in the latest HKP draft spec [2]. These enable upload, download, and querying of PQC-enabled primary keys.

PQC encryption subkeys using ML-KEM-65 are also distributed over the legacy HKP interface if they are attached to a v4 primary key, because these are safely ignored by #GnuPG.

(GnuPG’s “kyber” algorithms are unfortunately not supported due to interoperability issues)

Hockeypuck 2.4 development has been kindly supported by @NGIZero Core.

[1] https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-pqc
[2] https://datatracker.ietf.org/doc/html/draft-gallagher-openpgp-hkp

أعلنت شركة Proton Mail عن تفعيل حماية اختيارية ضد التهديدات الكمومية لكافة مستخدميها، بما في ذلك أصحاب الحسابات المجانية. تتيح هذه الميزة توليد مفاتيح تشفير متطورة تعتمد معيار OpenPGP الإصدار السادس لمواجهة مخاطر الحوسبة الكمومية المستقبلية التي قد تهدد التشفير التقليدي. كما تتعاون الشركة مع مزودين آخرين مثل Thunderbird لتعزيز معايير الأمان الموحدة. تهدف هذه الخطوة لتأمين المراسلات الجديدة وضمان خصوصية المستخدمين في مواجهة التطورات التقنية المتسارعة عالمياً.

#ProtonMail #Thunderbird #OpenPGP

RE: https://mastodon.social/@protonprivacy/116521505054845875

Argh, Proton beat us to it! 😂

Congratulations to the Proton crypto team. We have been working closely with them for some years now to help improve the #OpenPGP ecosystem. Hockeypuck shares a Go cryptography library with ProtonMail's server-side codebase and we're continually working on enhancements.

Don't worry - PQC support in Hockeypuck will be shipped *very soon now* 😈 Watch this space!

Congrats to @protonprivacy for beating us on introducing Post-Quantum Cryptography into mail messaging!

No worries. We'll implement https://autocrypt2.org which additionally offers reliable deletion / forward secrecy during 2026 :)

We are working with Proton cryptographers on OpenPGP specifications, and they are now moving towards using @rpgp , the end-to-end encryption we are using.

Everything will be based on RFC9580 (#OpenPGP v6) ... the eocsystem is moving :)

https://proton.me/blog/introducing-post-quantum-encryption

OpenPGP signature verification failed #openpgp

https://askubuntu.com/q/1566320/612

I just released a first draft version of #minipgp6

https://floss.social/@minipgp6/116500687374282691

minipgp6 is an intentionally small #OpenPGP library stack.
It implements v6 formats from https://www.rfc-editor.org/rfc/rfc9580 and #PQC composite key algorithms from https://datatracker.ietf.org/doc/draft-ietf-openpgp-pqc/

The complete library stack in this release adds up to ~5k LOC.
It interoperates with all modern OpenPGP libraries: https://codeberg.org/minipgp6/minipgp6#interop

A SOP CLI tool based on minipgp6 can be installed as

$ cargo install minipgp6-sop

Many thanks to @nlnet