I have been dragged into the rabbit hole of GnuPG/LibrePGP VS Sequoia/OpenPGP and, boy it is ugly. Yeah, yeah, I know, PGP is bad, but of all the ugly things that could have happened to the FOSS crypto space, this is really unwelcome. I wish people would just sit at a table and talk.
#pgp #gpg #sequoia #crypto #cryptography #security #foss #floss #libre #drama #ietf #privacy #openpgp #librepgp
Last week, @lwn published an article about the recent tenth OpenPGP email summit, co-written by @andrewg, @dvzrv and me.
As of today, the article is public for non-subscribers:
https://lwn.net/Articles/1072870/
It contains a high-level overview of some recent developments in the #OpenPGP ecosystem, including PQC migrations, the new "unobtrusive signatures" draft for ubiquitous email signing, the Autocrypt v2 draft for ratcheting encryption key rotation, and more.
Thunderbird is no longer included by default in Tails.
Install Thunderbird as additional software: https://tails.net/doc/anonymous_internet/thunderbird/index.en.html#index1h2
Thunderbird: https://mastodon.online/@blueghost/111891560151967986
#Tails #Thunderbird #Linux #Privacy #Tor #FreeSoftware #OpenSource #FOSS #FLOSS #Anonymity #InfoSec #CyberSecurity #TorProject #Encryption #Email #Debian #E2EE #OpenPGP #PGP
Create Your Own PicoKey - Nought
https://lyzhang.me/de/pico_key/
> TLDR For just 60 RMB, get an RP2350 development board, flash it with the PicoKey firmware, and you can create your own open-source hardware security key to use as a budget YubiKey.
It supports FIDO2 login and OpenPGP, but the hardware login and encryption functions cannot be used simultaneously.
The steps are simple: buy the board → download the firmware → hold the BOOT button while plugging it into your computer to flash the firmware → initialize via the web config page → done.
Perfect for cheapskates (like me) who don’t want to spend hundreds on a YubiKey but still want to play with hardware keys.
TLDR For just 60 RMB, get an RP2350 development board, flash it with the PicoKey firmware, and you can create your own open-source hardware security key to use as a budget YubiKey. It supports FIDO2 login and OpenPGP, but the hardware login and encryption functions cannot be used simultaneously. The steps are simple: buy the board → download the firmware → hold the BOOT button while plugging it into your computer to flash the firmware → initialize via the web config page → done. Perfect for cheapskates (like me) who don’t want to spend hundreds on a YubiKey but still want to play with hardware keys.
Good news! The HKP draft has been adopted by the IETF #OpenPGP Working Group, the first official step towards publication as an RFC 🤩
It is now known as draft-IETF-openpgp-hkp, which replaces draft-gallagher-openpgp-hkp, which itself replaced draft-shaw-openpgp-hkp.
It has been a long couple of decades 😂
https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-hkp
This document specifies a series of conventions to implement an OpenPGP keyserver using the Hypertext Transfer Protocol (HTTP). As this document is a codification and extension of a protocol that is already in wide use, strict attention is paid to backward compatibility with these existing implementations.
Playing around with Sequoia-PGP again. And it just strikes me how easy it makes it. This time I played with sqop instead of sq.
Tommaso Gagliardoni
Heiko
Lobsters
Blue Ghost
Who Let The Dogs Out 🐾
PGPkeys EU
🐈⬛David Sommerseth$ sqop generate-key > key.asc
$ cat file | sqop encrypt key.pub > file.asc
$ cat file.asc | sqop decrypt key.asc > file2
$ sha256sum file file2 | cut -d\ -f1 | uniq -c
2 34fbc467b8c62...
Try doing that gpg without needing any $HOME/.gnupg directory. And then try putting that in a script run by some locked-down user via a cron job.
(I know this should be signed as well, not dug into that yet.)
NGI webinar on future of OpenPGP State-of-the-art work on chains of trust
Kushal Das 
🇸🇪
u880d
NGI Zero