#gnupg — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #gnupg, aggregated by home.social.
-
Exciting news from the coalface! The first beta of Hockeypuck 2.4 with PQC support is now live on https://test.pgpkeys.eu for public evaluation.
#OpenPGP is going post-quantum in 2026, and the #Hockeypuck #keyserver software is prepared to distribute post-quantum-safe OpenPGP certificates.
Hockeypuck 2.4-beta1 supports post-quantum-safe signing and encryption algorithms based on ML-DSA-65, ML-DSA-87, ML-KEM-768, and ML-KEM-1024, each used in hybrid mode with either curve25519 or curve448 ECC. These are the mandatory and recommended algorithms from the upcoming OpenPGP PQC spec [1].
In order to distribute the new primary (signing) keys safely, without adversely impacting older client software, they are only distributed over the HKPv2 API. Hockeypuck implements the `certs`, `index` and `prefixlog` endpoints as defined in the latest HKP draft spec [2]. These enable upload, download, and querying of PQC-enabled primary keys.
PQC encryption subkeys using ML-KEM-65 are also distributed over the legacy HKP interface if they are attached to a v4 primary key, because these are safely ignored by #GnuPG.
(GnuPG’s “kyber” algorithms are unfortunately not supported due to interoperability issues)
Hockeypuck 2.4 development has been kindly supported by @NGIZero Core.
[1] https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-pqc
[2] https://datatracker.ietf.org/doc/html/draft-gallagher-openpgp-hkp -
Как шифровать сообщения в любом мессенджере и соцсети
В нынешних условиях многим пользователям приходится по принуждению использовать незащищённые мессенджеры и социальные сети, то есть скомпрометированные каналы связи. К счастью, есть возможность передавать секретные зашифрованные сообщения по публичным открытым каналам. Это стандартная задача, которая давно решена в криптографии. Более того, зашифрованное сообщение можно сделать похожим на обычный текст или даже скрыть в обычном контенте — видео, звуковых файлах и тексте, который не вызовет подозрений у «цензора». Это область стеганографии Но прямо сейчас людям нужен простой и практичный способ шифровать сообщения, максимально удобным способом. Рассмотрим самые простые онлайновые утилиты, которые позволяют это делать.
https://habr.com/ru/companies/globalsign/articles/1030886/
#шифрование #Paranoia_Text_Encryption #LOCKPUB #GCHQ_CyberChef #AES_Utils #GnuPG #OpenSSL #ccrypt #VeraCrypt #Cryptomator
-
Как шифровать сообщения в любом мессенджере и соцсети
В нынешних условиях многим пользователям приходится по принуждению использовать незащищённые мессенджеры и социальные сети, то есть скомпрометированные каналы связи. К счастью, есть возможность передавать секретные зашифрованные сообщения по публичным открытым каналам. Это стандартная задача, которая давно решена в криптографии. Более того, зашифрованное сообщение можно сделать похожим на обычный текст или даже скрыть в обычном контенте — видео, звуковых файлах и тексте, который не вызовет подозрений у «цензора». Это область стеганографии Но прямо сейчас людям нужен простой и практичный способ шифровать сообщения, максимально удобным способом. Рассмотрим самые простые онлайновые утилиты, которые позволяют это делать.
https://habr.com/ru/companies/globalsign/articles/1030886/
#шифрование #Paranoia_Text_Encryption #LOCKPUB #GCHQ_CyberChef #AES_Utils #GnuPG #OpenSSL #ccrypt #VeraCrypt #Cryptomator
-
Как шифровать сообщения в любом мессенджере и соцсети
В нынешних условиях многим пользователям приходится по принуждению использовать незащищённые мессенджеры и социальные сети, то есть скомпрометированные каналы связи. К счастью, есть возможность передавать секретные зашифрованные сообщения по публичным открытым каналам. Это стандартная задача, которая давно решена в криптографии. Более того, зашифрованное сообщение можно сделать похожим на обычный текст или даже скрыть в обычном контенте — видео, звуковых файлах и тексте, который не вызовет подозрений у «цензора». Это область стеганографии Но прямо сейчас людям нужен простой и практичный способ шифровать сообщения, максимально удобным способом. Рассмотрим самые простые онлайновые утилиты, которые позволяют это делать.
https://habr.com/ru/companies/globalsign/articles/1030886/
#шифрование #Paranoia_Text_Encryption #LOCKPUB #GCHQ_CyberChef #AES_Utils #GnuPG #OpenSSL #ccrypt #VeraCrypt #Cryptomator
-
Как шифровать сообщения в любом мессенджере и соцсети
В нынешних условиях многим пользователям приходится по принуждению использовать незащищённые мессенджеры и социальные сети, то есть скомпрометированные каналы связи. К счастью, есть возможность передавать секретные зашифрованные сообщения по публичным открытым каналам. Это стандартная задача, которая давно решена в криптографии. Более того, зашифрованное сообщение можно сделать похожим на обычный текст или даже скрыть в обычном контенте — видео, звуковых файлах и тексте, который не вызовет подозрений у «цензора». Это область стеганографии Но прямо сейчас людям нужен простой и практичный способ шифровать сообщения, максимально удобным способом. Рассмотрим самые простые онлайновые утилиты, которые позволяют это делать.
https://habr.com/ru/companies/globalsign/articles/1030886/
#шифрование #Paranoia_Text_Encryption #LOCKPUB #GCHQ_CyberChef #AES_Utils #GnuPG #OpenSSL #ccrypt #VeraCrypt #Cryptomator
-
All who use GnuPG
gpg, and especially for signinggitwork ... give Tumpa-cli a real run and report back to @kushal ! This project works very well already, and is just a few weeks old.https://github.com/tumpaproject/tumpa-cli
I did my install using
cargo build --releasewhich gets you started super easy.Now we just need to convince Kushal to move to a better hosting place! What do you think, @Codeberg 😁 😉
-
All who use GnuPG
gpg, and especially for signinggitwork ... give Tumpa-cli a real run and report back to @kushal ! This project works very well already, and is just a few weeks old.https://github.com/tumpaproject/tumpa-cli
I did my install using
cargo build --releasewhich gets you started super easy.Now we just need to convince Kushal to move to a better hosting place! What do you think, @Codeberg 😁 😉
-
All who use GnuPG
gpg, and especially for signinggitwork ... give Tumpa-cli a real run and report back to @kushal ! This project works very well already, and is just a few weeks old.https://github.com/tumpaproject/tumpa-cli
I did my install using
cargo build --releasewhich gets you started super easy.Now we just need to convince Kushal to move to a better hosting place! What do you think, @Codeberg 😁 😉
-
All who use GnuPG
gpg, and especially for signinggitwork ... give Tumpa-cli a real run and report back to @kushal ! This project works very well already, and is just a few weeks old.https://github.com/tumpaproject/tumpa-cli
I did my install using
cargo build --releasewhich gets you started super easy.Now we just need to convince Kushal to move to a better hosting place! What do you think, @Codeberg 😁 😉
-
All who use GnuPG
gpg, and especially for signinggitwork ... give Tumpa-cli a real run and report back to @kushal ! This project works very well already, and is just a few weeks old.https://github.com/tumpaproject/tumpa-cli
I did my install using
cargo build --releasewhich gets you started super easy.Now we just need to convince Kushal to move to a better hosting place! What do you think, @Codeberg 😁 😉
-
BREAKING! GnuPG introduces quantum-resistant ML-KEM (Kyber) as encryption algorithm!
https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000504.html
This is great news! However, as I've been saying for a while, we should stop considering Harvest-Now-Decrypt-Later as the only thing to be immediately concerned about. The problem of signatures (Trust-Now-Forge-Later) is wrongly assumed to be way less urgent, but the reality is that rolling out a certificate migration will be extremely painful, and quantum attacks against signatures will be stealthy and of difficult attribution initially. Especially for a project like GnuPG, it's extremely important to adopt quantum-resistant signatures ASAP.
#crypto #cryptography #PGP #GnuPG #quantum #security #privacy #cypherpunk
-
GnuPG – post-quantum crypto landing in mainline
https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000504.html
#HackerNews #GnuPG #postquantum #crypto #cybersecurity #cryptography #open-source
-
-
I'm getting quite annoyed with the state of #GnuPG as a packager.
Upstream silently keeps releasing 2.2 versions to this day(!) and at the same time claims 2.4 will soon be EOL (also refuses to backport security fixes for it).
Meanwhile, there are no good reasons to upgrade to 2.5, unless one wants incompatibility with the entire rest of the ecosystem (see https://wiki.archlinux.org/index.php?title=GnuPG&oldid=860217#OpenPGP_compatibility).
The move to #OpenPGP #RFC9580 compliant solutions can't happen early enough!
Also, I'm glad we have @freepg -
The road to post-quantum cryptography (PQC) has been long, but the end is nigh.
For the past nine months we’ve been working on technical debt issues in hockeypuck, resulting in the 2.3.x series of releases. This has included a major postgres schema redesign, in-place reloading, reindexing threads, configurable keyword search, and significant refactoring of hockeypuck’s internals. v2.3.3 is in final testing with the last of these improvements, and will be released soon.
But this is all just prep.
The goal is version 2.4, which will distribute v6 PGP keys, which support post-quantum algorithms for both encryption and signing. 2026 is the year of PQC in PGP, and the hockeypuck keyservers will be ready.
To enable the safe distribution of v6/PQC keys without breaking legacy software, we have developed an updated version of the venerable HKP API (for which HocKeyPuck is named). v1 and v2 HKP will be supported in parallel, but v6/PQC keys will only be distributed over v2.
HKPv2 is specified in https://datatracker.ietf.org/doc/html/draft-gallagher-openpgp-hkp and server implementation is underway in https://github.com/hockeypuck/hockeypuck/tree/feature/hkpv2 .
If you maintain PGP client software and wish to be PQC ready, now is the time to check out HKPv2 and what it means for your users. Join the discussion at https://groups.google.com/g/hockeypuck-devel
Hockeypuck v2.4 development is kindly supported by @NGIZero Core.
-
News from #sydbox git: Starting next release, we're going to be signing binary releases with #OpenBSD signify rather than #GnuPG. To enable practical signing in #Exherbo #Gitlab CI, I wrote an #ISC licensed, pure portable #POSIX shell implementation of #OpenBSD signify. signify.sh has no external dependencies and runs with PATH=. It has unit tests embedded which may be run with --test option: https://gitlab.exherbo.org/sydbox/sydbox/-/raw/next/dev/signify.sh #exherbo #linux #security
-
Eines meiner #Projekte2026 😉
Standard Mails sind genauso "sicher" wie Postkarten - jeder könnte mitlesen, vertrauliche Daten liegen *unter Umständen* offen auf fremden Servern ...
Das muss aber nicht so sein. Und wenn es nur darum geht zu erkennen, ob die Mail wirklich aus der Quelle kommt, die behauptet der Absender zu sein.Lasst uns Mails sicherer machen und aktiv #OpenPGP nutzen!
#Mailsicherheit #Verschluesselung #GPG4Win #OpenKeyChain #GnuPG
-
Details about the (ongoing) response to https://gpg.fail/ from GnuPG's side:
* https://www.gnupg.org/blog/20251226-cleartext-signatures.html
* https://dev.gnupg.org/T7906 Memory Corruption in ASCII-Armor Parsing
* https://dev.gnupg.org/T7900 (overview)
Please upgrade to GnuPG 2.5.16, 2.4.9 or #Gpg4win 5.0.0-beta479 which already have the fix for what (currently) is seen to be the only major defect: T7906.(Researchers - Thanks! - found defects in GnuPG, Sequoia-PG, Minisign and age.)
-
A new beta of #gpg4win 5 is now available:
https://www.gpg4win.org/version5.html
This one comes with #gnupg 2.5.16 and can be considered as a release candidate.
-
No to poprawcie mnie, jeżeli się mylę, co do aktualnego stanu #OpenPGP.
Po pierwsze, jest dawne #RFC4880bis, aktualnie przepychane jako "#LibrePGP", używane przez #GnuPG (i #rnp?), z formatem kluczy "v5" — i zdaje się, że każdy inny projekt spogląda na to z politowaniem.
Po drugie, jest #RFC9580 z formatem kluczy "v6", używany przez #OpenPGPjs, #SequoiaPGP (i inne narzędzia), ale odrzucony przez GnuPG. I wygląda na to, że jest przepychane z założeniem, że GnuPG ugnie się pod presją.
Więc mamy dwa niezgodne ze sobą standardy, ze "wspólnym mianownikiem" w postaci zabytkowego #RFC4880; jedne narzędzia przepychają jeden standard i ignorują drugi, a inne decydują się wspierać oba, by pomóc swoim użytkownikom. A #Gentoo ostatecznie utknie z tym, co wspierać będzie GnuPG, bo potrzebujemy kryptografii, która działa na wszystkich wspieranych platformach, a nie tylko tam, gdzie Rust.
-
Okay, so please correct me if I'm wrong about the state of #OpenPGP right now.
So first there's the former #RFC4880bis which is now pursued as "#LibrePGP", used by #GnuPG (and #rnp?), with a "v5" key format, that everyone else seem to looks "politely" at.
Then there's #RFC9580 with a "v6" key format, used by #OpenPGPjs, #SequoiaPGP (and more) but explicitly rejected by GnuPG. However, it seems to be pushed forward under the assumption that GnuPG will yield to pressure.
So we effectively have two incompatible standards, with a "common denominator" of ancient #RFC4880, some tools pursuing one of them with disregard for the other, and a few supporting both for the sake of the users. And #Gentoo is effectively stuck with whatever GnuPG supports, because we need working crypto on all supported platforms, not just the "Rust subset".
-
We getting closer to a #gpg4win 5 release. 😀 Here is a new Beta version:
https://files.gpg4win.org/Beta/gpg4win-5.0.0-beta369/gpg4win-5.0.0-beta369.exe
featuring #kleopatra and #okular updates and comes of course with the fresh #GnuPG version 2.5.12
-
#GnuPG 2.5.7 (dev) has been released (#OpenPGP / #GPG / #GNUPrivacyGuard / #PGP / #PrettyGoodPrivacy / #Security / #Gpg4win) https://gnupg.org/
-
#GnuPG 2.4.8 has been released (#OpenPGP / #GPG / #GNUPrivacyGuard / #PGP / #PrettyGoodPrivacy / #Security / #Gpg4win) https://gnupg.org/
-
#Gpg4win 4.4.1 has been released (#GnuPG / #OpenPGP / #GPG / #GNUPrivacyGuard / #PGP / #PrettyGoodPrivacy / #Security / #Kleopatra / #GPA / #GNUPrivacyAssistant / #GpgOL / #GpgEX) https://gpg4win.org/
-
If you are using the PDF viewer #Okular_from #Gpg4win, please upgrade to version 4.4.1 as this version fixes a severe vulnerability in the freetype library.
:download: https://www.gpg4win.org/download.html
Vulnerability details:
https://euvd.enisa.europa.eu/enisa/EUVD-2025-6367 🛡️There are other good things in Gpg4win 4.4.1, for example
* improvements in the Outlook Add-in (GpgOL)
* a better Kleopatra
* GnuPG upgraded to v2.4.8 -
Neue Version von #GnuPG (v2.5.6) und eine weitere Beta-Version des kommenden #Gpg4Win 5.0 erschienen.
Wer Gpg4Win (noch) nicht kennt: Enthält u.a. das MS Outlook-Plugin GpgOL damit dort #OpenPGP-verschlüsselte Mails funktionieren, GpgEX damit man im Explorer Dateien verschlüsseln kann, oder die Schlüssel-/Zertifikats-Verwaltung Kleopatra. Mit 5.0 dann Post Quanten resistant encryption.
S/MIME gibt es natürlich auch. Das skaliert wegen der Kosten für die zusätzlich zeitlimitierten Zertifikate, in der Bevölkerung aber noch schlechter als OpenPGP. Deshalb plädiere ich für einen Fokus darauf um wenigstens hier eine größere Verbreitung zu schaffen.
Und von mir ein fettes Danke an den Hauptentwickler der Werkzeuge @DD9JN
-
Hi!
A #GnuPG release (2.5.6) and a new #Gpg4win 5 beta is available since today:
https://lists.gnupg.org/pipermail/gnupg-announce/2025q2/000492.html -
#GnuPG 2.5.5 (dev) has been released (#OpenPGP / #GPG / #GNUPrivacyGuard / #PGP / #PrettyGoodPrivacy / #Security / #Gpg4win) https://gnupg.org/
-
#gnupg 2.5.2 released; see https://lists.gnupg.org/pipermail/gnupg-announce/2024q4/000488.html
Also released a *beta* of #gpg4win 5 see https://www.gpg4win.org/version5.html
-
Better handling of certificates and public keys
with #Gpg4win v4.4.0's improved crypto manager _Kleopatra_.It also comes with #GnuPG v2.4.7 for Windows. Workflows that profit from several signatures on a file
profit as well.https://gpg4win.org/version4.4.html <-- see what else is new.
-
#Gpg4win 4.4.0 has been released (#GnuPG / #OpenPGP / #GPG / #GNUPrivacyGuard / #PGP / #PrettyGoodPrivacy / #Security / #Kleopatra / #GPA / #GNUPrivacyAssistant / #GpgOL / #GpgEX) https://gpg4win.org/
-
#GnuPG 2.4.7 has been released (#OpenPGP / #GPG / #GNUPrivacyGuard / #PGP / #PrettyGoodPrivacy / #Security / #Gpg4win) https://gnupg.org/
-
I’ve made a small tool for generating WKD directories from OpenPGP keyring files: https://github.com/wiktor-k/wkd-exporter#wkd-exporter
This is a special-purpose tool for doing just WKD key exports. It doesn’t have support for exotic PGP key directories, no agents, no daemons, no moving parts. Single, small binary.
Just in case it’s not clear what WKD stands for, it’s a key discovery mechanism for OpenPGP keys supported by virtually all modern OpenPGP tools.
-
@GnuPG @todd_a_jacobs Using #LTFS to store #encrypteddata outside of hyper scaler environments without the dedicated #KMS components expensive tape libraries use to enable #LTO9 drives' built-in, hardware #AES256GCM support is an area the institute is evaluating, and thinking about how #GPG might fit in has been a facet of our research process.
All recent generations of #LTO drives support strong, on-the-fly, hardware-accelerated encryption on the drives themselves. Sadly, it's essentially useless in the standalone drives sold to individuals, the #SOHO market, or to other non-enterprise customers because of the high cost of the tape library hardware required to activate it.
In some ways, the situation is much like the early Intel 386 computers that shipped with missing or disabled math coprocessors even when it stopped being a cost issue. In part, that was a strategic market segmentation decision, and the institute currently believes the lack of accessible LTFS encryption for all encryption-capable drives is no different.
Even though #GnuPG is usually thought of as primarily an email tool, it's actually an important "Swiss Army knife" for a variety of #infosec use cases. It's also on a tragically short list of #OpenPGP and telatrd #cryptography tools that remains fully #opensource.
We're putting this topic on our agenda for further exploration and discussion. Meanwhile, these community conversations and the viewpoints of respected tool developers is an invaluable resource to everyone.
-
#TIL that @GnuPG appears to use the #ustar tar archive format, likely the version from POSIX.1-1988, for #gpgtar rather than either the #POSIX or Star formats from POSIX.1-2001. Since ustar has serious limitations on filename and pathname lengths, can't store certain file types or metadata, and has a 2GB file size limit, it seems unsuitable for most modern use cases.
If gpgtar is actually using star, pax, or the GNU tar POSIX mode, it's not in the #GnuPG user documentation which explicitly says it uses ustar. I have a lot of respect for the #GPG devs, so I hope this is either just a documentary oversight or something that they can easily fix by linking with newer libraries. In either case, ustar is totally unsuitable for writing large archives to tape, and doesn't even offer the options GNU tar does for creating a separate index file, encrypted or not.
The gnutar command line doesn't offer the option to write a separate index, and requires a separate pass to list out the index. For example if you wanted to encrypt a 20TiB archive with a separate, encrypted index to make finding files easier, you'd either have to pipe tar through gpg (which can cause shoe-shining or buffering issues on #LTFS) and then encrypt GNU/BSD tar's index, or have triple the online HDD/SDD capacity of your archived data so you can tar up your files, run another pass with GnuPG to extract the index, and then encrypt both the tarball and index separately before writing them out to tape.
That seems...unreasonable. #OpenPGP doesn't support the AES-256-GCM mode built into current #LTO drives, so gpgtar needs to keep up with the massive growth of data storage capacity rather than remaining an afterthought utility. Especially for #SOHO LTO drives, the ability to write encrypted gpgtar archives and indexes directly to LTFS could be a real game-changer!
-
#GnuPG 2.5.0 (dev) has been released (#OpenPGP / #GPG / #GNUPrivacyGuard / #PGP / #PrettyGoodPrivacy / #Security / #Gpg4win) https://gnupg.org/
-
New versions of #gnupg (2.4.5) and #gpg4win (4.3.1) have been released. See https://lists.gnupg.org/pipermail/gnupg-announce/2024q1/000482.html
-
#Gpg4win 4.3.0 has been released (#GnuPG / #OpenPGP / #GPG / #GNUPrivacyGuard / #PGP / #PrettyGoodPrivacy / #Security / #Kleopatra / #GPA / #GNUPrivacyAssistant / #GpgOL / #GpgEX) https://gpg4win.org/
-
#Gpg4win v4.3.0 <- freshly announced.
New is that encrypted files with email structure from disk can be shown.
Kleopatra and the Outlook Add-in gain features and resilience for less common situations (like Apple mail attachments or unreliable S/MIME CRLs).
Includes #GnuPG v2.4.4 and its many improvements.
https://lists.wald.intevation.org/pipermail/gpg4win-announce/2024/000104.html
-
#GnuPG 2.4.4 has been released (#OpenPGP / #GPG / #GNUPrivacyGuard / #PGP / #PrettyGoodPrivacy / #Security / #Gpg4win) https://gnupg.org/
-
#GnuPG v2.4.4 is available and has a number of improvements for you, especially if you do your cryptography with "smartcards" like yubi-keys. Most important is that a recent defect was fixed that could leave unprotected copies of a secret key on disk. 🙁 Also more cards are supported and getting pubkeys is improved. See
https://lists.gnupg.org/pipermail/gnupg-announce/2024q1/000481.html (Which links the #Gpg4win v4.3.0 download before the webside does. 😉 ) -
#dar 3/ Dar's homepage is http://dar.linux.free.fr/ . As a simple file archiver tool, dar is great. Random access is preserved, you can compress with #gzip #bzip2 #lzo #xz #zstd or #lz4. You can encrypt with #GnuPG or symmetric #AES. You can stream if you want. You can split ("slice") across multiple media, and dar will prompt you for the slice(s) you need and seek you right to them.
That's cool, but we're just getting started.
-
#dar 3/ Dar's homepage is http://dar.linux.free.fr/ . As a simple file archiver tool, dar is great. Random access is preserved, you can compress with #gzip #bzip2 #lzo #xz #zstd or #lz4. You can encrypt with #GnuPG or symmetric #AES. You can stream if you want. You can split ("slice") across multiple media, and dar will prompt you for the slice(s) you need and seek you right to them.
That's cool, but we're just getting started.
-
#dar 3/ Dar's homepage is http://dar.linux.free.fr/ . As a simple file archiver tool, dar is great. Random access is preserved, you can compress with #gzip #bzip2 #lzo #xz #zstd or #lz4. You can encrypt with #GnuPG or symmetric #AES. You can stream if you want. You can split ("slice") across multiple media, and dar will prompt you for the slice(s) you need and seek you right to them.
That's cool, but we're just getting started.
-
#dar 3/ Dar's homepage is http://dar.linux.free.fr/ . As a simple file archiver tool, dar is great. Random access is preserved, you can compress with #gzip #bzip2 #lzo #xz #zstd or #lz4. You can encrypt with #GnuPG or symmetric #AES. You can stream if you want. You can split ("slice") across multiple media, and dar will prompt you for the slice(s) you need and seek you right to them.
That's cool, but we're just getting started.
-
#dar 3/ Dar's homepage is http://dar.linux.free.fr/ . As a simple file archiver tool, dar is great. Random access is preserved, you can compress with #gzip #bzip2 #lzo #xz #zstd or #lz4. You can encrypt with #GnuPG or symmetric #AES. You can stream if you want. You can split ("slice") across multiple media, and dar will prompt you for the slice(s) you need and seek you right to them.
That's cool, but we're just getting started.