#openpgp — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #openpgp, aggregated by home.social.
-
ℹ️ Kleines Update zum Projekt #sichereMails
Tatsächlich gibt es inzwischen erste Kontakte, die teils sogar automatisiert unser #PGP erkannt haben und es jetzt auch nutzen.
Die häufigste Rückmeldung ist jedoch, dass der "komische Anhang" in unseren Mails nicht geöffnet werden kann.
Die Ironie dabei ist, dass diese Frage auch von Kontakten kam, die #PGP offiziell nutzen ...Und bei euch so?
#OpenPGP #GPG4win #E2EE #EMClient #Thunderbird #Outlook #DID #DUT #CyberSecurity
-
ℹ️ Kleines Update zum Projekt #sichereMails
Tatsächlich gibt es inzwischen erste Kontakte, die teils sogar automatisiert unser #PGP erkannt haben und es jetzt auch nutzen.
Die häufigste Rückmeldung ist jedoch, dass der "komische Anhang" in unseren Mails nicht geöffnet werden kann.
Die Ironie dabei ist, dass diese Frage auch von Kontakten kam, die #PGP offiziell nutzen ...Und bei euch so?
#OpenPGP #GPG4win #E2EE #EMClient #Thunderbird #Outlook #DID #DUT #CyberSecurity
-
ℹ️ Kleines Update zum Projekt #sichereMails
Tatsächlich gibt es inzwischen erste Kontakte, die teils sogar automatisiert unser #PGP erkannt haben und es jetzt auch nutzen.
Die häufigste Rückmeldung ist jedoch, dass der "komische Anhang" in unseren Mails nicht geöffnet werden kann.
Die Ironie dabei ist, dass diese Frage auch von Kontakten kam, die #PGP offiziell nutzen ...Und bei euch so?
#OpenPGP #GPG4win #E2EE #EMClient #Thunderbird #Outlook #DID #DUT #CyberSecurity
-
ℹ️ Kleines Update zum Projekt #sichereMails
Tatsächlich gibt es inzwischen erste Kontakte, die teils sogar automatisiert unser #PGP erkannt haben und es jetzt auch nutzen.
Die häufigste Rückmeldung ist jedoch, dass der "komische Anhang" in unseren Mails nicht geöffnet werden kann.
Die Ironie dabei ist, dass diese Frage auch von Kontakten kam, die #PGP offiziell nutzen ...Und bei euch so?
#OpenPGP #GPG4win #E2EE #EMClient #Thunderbird #Outlook #DID #DUT #CyberSecurity
-
ℹ️ Kleines Update zum Projekt #sichereMails
Tatsächlich gibt es inzwischen erste Kontakte, die teils sogar automatisiert unser #PGP erkannt haben und es jetzt auch nutzen.
Die häufigste Rückmeldung ist jedoch, dass der "komische Anhang" in unseren Mails nicht geöffnet werden kann.
Die Ironie dabei ist, dass diese Frage auch von Kontakten kam, die #PGP offiziell nutzen ...Und bei euch so?
#OpenPGP #GPG4win #E2EE #EMClient #Thunderbird #Outlook #DID #DUT #CyberSecurity
-
Ho provato per settimane le YubiKey 5 NFC e 5C NFC, ecco com’è andata
Ho provato le YubiKey 5 NFC e 5C NFC su Linux, Windows e Android: autenticazione FIDO2, passkey, codici TOTP, firma dei commit con OpenPGP, Yubico Authenticator e i limiti pratici dell’NFC.https://yoota.it/ho-provato-per-settimane-le-yubikey-5-nfc-e-5c-nfc-ecco-come-andata/
-
Ho provato per settimane le YubiKey 5 NFC e 5C NFC, ecco com’è andata
Ho provato le YubiKey 5 NFC e 5C NFC su Linux, Windows e Android: autenticazione FIDO2, passkey, codici TOTP, firma dei commit con OpenPGP, Yubico Authenticator e i limiti pratici dell’NFC.https://yoota.it/ho-provato-per-settimane-le-yubikey-5-nfc-e-5c-nfc-ecco-come-andata/
-
Exciting news from the coalface! The first beta of Hockeypuck 2.4 with PQC support is now live on https://test.pgpkeys.eu for public evaluation.
#OpenPGP is going post-quantum in 2026, and the #Hockeypuck #keyserver software is prepared to distribute post-quantum-safe OpenPGP certificates.
Hockeypuck 2.4-beta1 supports post-quantum-safe signing and encryption algorithms based on ML-DSA-65, ML-DSA-87, ML-KEM-768, and ML-KEM-1024, each used in hybrid mode with either curve25519 or curve448 ECC. These are the mandatory and recommended algorithms from the upcoming OpenPGP PQC spec [1].
In order to distribute the new primary (signing) keys safely, without adversely impacting older client software, they are only distributed over the HKPv2 API. Hockeypuck implements the `certs`, `index` and `prefixlog` endpoints as defined in the latest HKP draft spec [2]. These enable upload, download, and querying of PQC-enabled primary keys.
PQC encryption subkeys using ML-KEM-65 are also distributed over the legacy HKP interface if they are attached to a v4 primary key, because these are safely ignored by #GnuPG.
(GnuPG’s “kyber” algorithms are unfortunately not supported due to interoperability issues)
Hockeypuck 2.4 development has been kindly supported by @NGIZero Core.
[1] https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-pqc
[2] https://datatracker.ietf.org/doc/html/draft-gallagher-openpgp-hkp -
RE: https://mastodon.social/@protonprivacy/116521505054845875
Argh, Proton beat us to it! 😂
Congratulations to the Proton crypto team. We have been working closely with them for some years now to help improve the #OpenPGP ecosystem. Hockeypuck shares a Go cryptography library with ProtonMail's server-side codebase and we're continually working on enhancements.
Don't worry - PQC support in Hockeypuck will be shipped *very soon now* 😈 Watch this space!
-
Congrats to @protonprivacy for beating us on introducing Post-Quantum Cryptography into mail messaging!
No worries. We'll implement https://autocrypt2.org which additionally offers reliable deletion / forward secrecy during 2026 :)
We are working with Proton cryptographers on OpenPGP specifications, and they are now moving towards using @rpgp , the end-to-end encryption we are using.
Everything will be based on RFC9580 (#OpenPGP v6) ... the eocsystem is moving :)
-
We have a long way ahead of us before PQC-resilient #OpenPGP smartcards are available for the normal user. Does #sequoiapgp plan to support the combination of currently available smartcards with PQC-keys stored on disk, similar to what GnuPG offers?
https://lists.gnupg.org/pipermail/gnupg-users/2025-May/067602.html -
5 techniques Cicada 3301 : César, stéganographie, OpenPGP, nombres premiers, Liber Primus. Applications : sécurité, défis, CTF. #Cicada3301 #Cryptographie #Sécurité #Tech #OpenPGP ... https://www.linkedin.com/posts/gabriel-chandesris_cicada3301-cryptographie-saezcuritaez-share-7456820156309262336-PEH-
-
OpenPGP signature verification failed #openpgp
-
Initial draft release: #minipgp6 version 0.0.1 🔐🤏
https://codeberg.org/minipgp6/minipgp6/src/tag/v0.0.1
minipgp6 is a very small implementation of a modern subset of #OpenPGP.
-
Initial draft release: #minipgp6 version 0.0.1 🔐🤏
https://codeberg.org/minipgp6/minipgp6/src/tag/v0.0.1
minipgp6 is a very small implementation of a modern subset of #OpenPGP.
-
Post-quantum defaults and GnuPG
@andrewg email is a very insightful overview of where the standards, implementations, and openness of the community.
After years of using OpenPGP, the PQC discussions are a good opportunity to rethink what we should prepare for next and especially which community we should work with.
#pgp #librepgp #openpgp #opensource
#community #cybersecurity🔗 https://lists.gnupg.org/pipermail/gnupg-users/2026-April/068280.html
-
All who use GnuPG
gpg, and especially for signinggitwork ... give Tumpa-cli a real run and report back to @kushal ! This project works very well already, and is just a few weeks old.https://github.com/tumpaproject/tumpa-cli
I did my install using
cargo build --releasewhich gets you started super easy.Now we just need to convince Kushal to move to a better hosting place! What do you think, @Codeberg 😁 😉
-
All who use GnuPG
gpg, and especially for signinggitwork ... give Tumpa-cli a real run and report back to @kushal ! This project works very well already, and is just a few weeks old.https://github.com/tumpaproject/tumpa-cli
I did my install using
cargo build --releasewhich gets you started super easy.Now we just need to convince Kushal to move to a better hosting place! What do you think, @Codeberg 😁 😉
-
All who use GnuPG
gpg, and especially for signinggitwork ... give Tumpa-cli a real run and report back to @kushal ! This project works very well already, and is just a few weeks old.https://github.com/tumpaproject/tumpa-cli
I did my install using
cargo build --releasewhich gets you started super easy.Now we just need to convince Kushal to move to a better hosting place! What do you think, @Codeberg 😁 😉
-
All who use GnuPG
gpg, and especially for signinggitwork ... give Tumpa-cli a real run and report back to @kushal ! This project works very well already, and is just a few weeks old.https://github.com/tumpaproject/tumpa-cli
I did my install using
cargo build --releasewhich gets you started super easy.Now we just need to convince Kushal to move to a better hosting place! What do you think, @Codeberg 😁 😉
-
All who use GnuPG
gpg, and especially for signinggitwork ... give Tumpa-cli a real run and report back to @kushal ! This project works very well already, and is just a few weeks old.https://github.com/tumpaproject/tumpa-cli
I did my install using
cargo build --releasewhich gets you started super easy.Now we just need to convince Kushal to move to a better hosting place! What do you think, @Codeberg 😁 😉
-
@ber @GnuPG @rob Thanks! I'll point the lurkers to the mailing list for my full response, which I agree is better in long form: https://lists.gnupg.org/pipermail/gnupg-users/2026-April/068288.html
The tl;dr though is simple: the burning issue is a power struggle between a collective governance model (#OpenPGP) and a BDFL governance model (#LibrePGP). There isn't room for both. And while we can all try to be more civil, calling out bad behaviour will always have the appearance of incivility.
-
-
I'm getting quite annoyed with the state of #GnuPG as a packager.
Upstream silently keeps releasing 2.2 versions to this day(!) and at the same time claims 2.4 will soon be EOL (also refuses to backport security fixes for it).
Meanwhile, there are no good reasons to upgrade to 2.5, unless one wants incompatibility with the entire rest of the ecosystem (see https://wiki.archlinux.org/index.php?title=GnuPG&oldid=860217#OpenPGP_compatibility).
The move to #OpenPGP #RFC9580 compliant solutions can't happen early enough!
Also, I'm glad we have @freepg -
We are pleased to announce the release of Hockeypuck 2.3.3.
This is a feature-preview release that partially implements https://github.com/hockeypuck/hockeypuck/wiki/HIP-013:-In%E2%80%90Band-Metadata-Sync-Using-Trust-Packets . It also fixes a bug due to stale entries in the PostgreSQL database.
Hockeypuck 2.3.3 adds support for the enumerableDomains configuration parameter. This is a list of domains for which the keyserver will return results when queried by UserID, even if the keys have been hard-revoked (https://hockeypuck.io/configuration.html#TOC_1.3). This mitigates a regression introduced in Hockeypuck 2.2, which meant that some organizational deployments did not reliably serve hard revocations.
There are no breaking changes between the 2.2 and 2.3 branches, and SKS sync is supported between 2.2 and 2.3 peers.
Release notes can be found at https://
github.com/hockeypuck/hockeypuck/releases/tag/2.3.3Hockeypuck 2.3 development is kindly supported by @NGIZero Core
----
Hockeypuck is a modern synchronising #OpenPGP #keyserver that is optimised for ease of deployment, particularly in containerised environments via docker-compose.
https://
hockeypuck.io/
https://
github.com/hockeypuck/hockeypuck -
Do you use #OpenPGP for #ssh or #git #sign? #tumpa-cli is the developer friendly tool to keep like simpler for all us and replaces the usage in password-store https://github.com/tumpaproject/tumpa-cli#quickstart The original desktop application Tumpa will have a new release very soon.
Please boost for more visibility -
Gap: Présentation OpenPGP + Atelier grand public YubiKey, Le samedi 25 avril 2026 de 11h00 à 18h00. https://www.agendadulibre.org/events/34795 #monnaieLibre #installParty #june #dji #foopgp #openpgp #yubikey #djibian #securite #openpgpId #atelier #logicielsLibres #libreEnFete2026 #adieuWindows
-
Gap: Présentation OpenPGP + Atelier grand public YubiKey, Le samedi 25 avril 2026 de 11h00 à 18h00. https://www.agendadulibre.org/events/34795 #monnaieLibre #installParty #june #dji #foopgp #openpgp #yubikey #djibian #securite #openpgpId #atelier #logicielsLibres #libreEnFete2026 #adieuWindows
-
Gap: Présentation OpenPGP + Atelier grand public YubiKey, Le samedi 25 avril 2026 de 11h00 à 18h00. https://www.agendadulibre.org/events/34795 #monnaieLibre #installParty #june #dji #foopgp #openpgp #yubikey #djibian #securite #openpgpId #atelier #logicielsLibres #libreEnFete2026 #adieuWindows
-
Gap: Présentation OpenPGP + Atelier grand public YubiKey, Le samedi 25 avril 2026 de 11h00 à 18h00. https://www.agendadulibre.org/events/34795 #monnaieLibre #installParty #june #dji #foopgp #openpgp #yubikey #djibian #securite #openpgpId #atelier #logicielsLibres #libreEnFete2026 #adieuWindows
-
Por lo visto las claves generadas por Proton añaden a los datos de identidad el correo sin respetar los guiones y los puntos del usuario (pero no del dominio) a las claves disponibles en su servidor.
Es decir, si mi dirección es "[email protected]" o "[email protected]", la clave PGP tendrá asociada "[email protected]". Y si el correo asociado a la llave pública y la del destinatario no coinciden, otros clientes PGP se negarán a usarla.
En otras palabras: generad vuestras *propias claves*. Proton sigue permitiendo subir a sus servidores claves autogeneradas btw.
#Proton #OpenPGP #GPG #OpenKeychain #SequoiaPGP #Mozilla #Thunderbird
-
Por lo visto las claves generadas por Proton añaden a los datos de identidad el correo sin respetar los guiones y los puntos del usuario (pero no del dominio) a las claves disponibles en su servidor.
Es decir, si mi dirección es "[email protected]" o "[email protected]", la clave PGP tendrá asociada "[email protected]". Y si el correo asociado a la llave pública y la del destinatario no coinciden, otros clientes PGP se negarán a usarla.
En otras palabras: generad vuestras *propias claves*. Proton sigue permitiendo subir a sus servidores claves autogeneradas btw.
#Proton #OpenPGP #GPG #OpenKeychain #SequoiaPGP #Mozilla #Thunderbird
-
Por lo visto las claves generadas por Proton añaden a los datos de identidad el correo sin respetar los guiones y los puntos del usuario (pero no del dominio) a las claves disponibles en su servidor.
Es decir, si mi dirección es "[email protected]" o "[email protected]", la clave PGP tendrá asociada "[email protected]". Y si el correo asociado a la llave pública y la del destinatario no coinciden, otros clientes PGP se negarán a usarla.
En otras palabras: generad vuestras *propias claves*. Proton sigue permitiendo subir a sus servidores claves autogeneradas btw.
#Proton #OpenPGP #GPG #OpenKeychain #SequoiaPGP #Mozilla #Thunderbird
-
Por lo visto las claves generadas por Proton añaden a los datos de identidad el correo sin respetar los guiones y los puntos del usuario (pero no del dominio) a las claves disponibles en su servidor.
Es decir, si mi dirección es "[email protected]" o "[email protected]", la clave PGP tendrá asociada "[email protected]". Y si el correo asociado a la llave pública y la del destinatario no coinciden, otros clientes PGP se negarán a usarla.
En otras palabras: generad vuestras *propias claves*. Proton sigue permitiendo subir a sus servidores claves autogeneradas btw.
#Proton #OpenPGP #GPG #OpenKeychain #SequoiaPGP #Mozilla #Thunderbird
-
Por lo visto las claves generadas por Proton añaden a los datos de identidad el correo sin respetar los guiones y los puntos del usuario (pero no del dominio) a las claves disponibles en su servidor.
Es decir, si mi dirección es "[email protected]" o "[email protected]", la clave PGP tendrá asociada "[email protected]". Y si el correo asociado a la llave pública y la del destinatario no coinciden, otros clientes PGP se negarán a usarla.
En otras palabras: generad vuestras *propias claves*. Proton sigue permitiendo subir a sus servidores claves autogeneradas btw.
#Proton #OpenPGP #GPG #OpenKeychain #SequoiaPGP #Mozilla #Thunderbird
-
I just released #PGPainless 2.0.3, which fixes a bug where OpenPGP keys were not usable for certain operations if they contained recent third-party signatures.
Kind of embarrassing and I'm glad to have a fix out now :)Furthermore, PGPainless now implements #SOP revision 15.
-
Установке и настройке Delta Chat
Delta Chat — мессенджер, работающий поверх стандартной электронной почты через протоколы IMAP/SMTP.
#android #google #IMAP #iOS #linux #macOS #mail.ru #OpenPGP #rambler #SMTP #Windows #yandex #безопасность #белыйсписок #мессенджер# общениепочта #Роскомнадзор #установка
-
Установке и настройке Delta Chat
Delta Chat — мессенджер, работающий поверх стандартной электронной почты через протоколы IMAP/SMTP.
#android #google #IMAP #iOS #linux #macOS #mail.ru #OpenPGP #rambler #SMTP #Windows #yandex #безопасность #белыйсписок #мессенджер# общениепочта #Роскомнадзор #установка
-
Установке и настройке Delta Chat
Delta Chat — мессенджер, работающий поверх стандартной электронной почты через протоколы IMAP/SMTP.
#android #google #IMAP #iOS #linux #macOS #mail.ru #OpenPGP #rambler #SMTP #Windows #yandex #безопасность #белыйсписок #мессенджер# общениепочта #Роскомнадзор #установка
-
Установке и настройке Delta Chat
Delta Chat — мессенджер, работающий поверх стандартной электронной почты через протоколы IMAP/SMTP.
#android #google #IMAP #iOS #linux #macOS #mail.ru #OpenPGP #rambler #SMTP #Windows #yandex #безопасность #белыйсписок #мессенджер# общениепочта #Роскомнадзор #установка
-
Установке и настройке Delta Chat
Delta Chat — мессенджер, работающий поверх стандартной электронной почты через протоколы IMAP/SMTP.
#android #google #IMAP #iOS #linux #macOS #mail.ru #OpenPGP #rambler #SMTP #Windows #yandex #безопасность #белыйсписок #мессенджер# общениепочта #Роскомнадзор #установка
-
He leído por aquí varias veces que el cifrado de #Proton Mail solo funciona con Proton y NO es cierto:
- Proton utiliza #WebKeyDirectory para intentar localizar la clave pública del destinatario. (https://wiki.gnupg.org/WKD). De forma resumida: #WKD comprueba el dominio del destinatario por si tiene una web y esta tiene un directorio ".well-known/openpgpkey".
-- Si encuentra una clave pública que tenga la dirección de correo del destinatario asociada con su identidad, cifra el correo con ella.
- Si tienes un dominio propio pero no apunta a ninguna web, puedes apuntar al servidor de claves públicas de #OpenPGP.
(consulta "wkd as a service" https://keys.openpgp.org/about/usage/).- Y sí, esto también funciona si usas un cliente de correo electrónico compatible con AutoCrypt. (Mozilla Thunderbird, FairEmail…).
Por estas cosas, pese a que Proton obviamente ha abusado del marketing, voy a seguir recomendándolo al público general.
-
The road to post-quantum cryptography (PQC) has been long, but the end is nigh.
For the past nine months we’ve been working on technical debt issues in hockeypuck, resulting in the 2.3.x series of releases. This has included a major postgres schema redesign, in-place reloading, reindexing threads, configurable keyword search, and significant refactoring of hockeypuck’s internals. v2.3.3 is in final testing with the last of these improvements, and will be released soon.
But this is all just prep.
The goal is version 2.4, which will distribute v6 PGP keys, which support post-quantum algorithms for both encryption and signing. 2026 is the year of PQC in PGP, and the hockeypuck keyservers will be ready.
To enable the safe distribution of v6/PQC keys without breaking legacy software, we have developed an updated version of the venerable HKP API (for which HocKeyPuck is named). v1 and v2 HKP will be supported in parallel, but v6/PQC keys will only be distributed over v2.
HKPv2 is specified in https://datatracker.ietf.org/doc/html/draft-gallagher-openpgp-hkp and server implementation is underway in https://github.com/hockeypuck/hockeypuck/tree/feature/hkpv2 .
If you maintain PGP client software and wish to be PQC ready, now is the time to check out HKPv2 and what it means for your users. Join the discussion at https://groups.google.com/g/hockeypuck-devel
Hockeypuck v2.4 development is kindly supported by @NGIZero Core.
-
Tallard: Présentation OpenPGP + Atelier grand public YubiKey, Le samedi 28 mars 2026 de 11h00 à 18h00. https://www.agendadulibre.org/events/34792 #monnaieLibre #installParty #june #dji #foopgp #openpgp #yubikey #djibian #securite #openpgpId #atelier #logicielsLibres #libreEnFete2026 #adieuWindows
-
Please help with testing a new
#Thunderbird #Security feature: Unobtrusive Signatures, a novel mechanism for digitally signing email, currently implemented for #OpenPGP.It avoids the unexpected signature attachments that are shown by non-supporting email clients for emails that used the traditional signing format, and that were frequently confusing recipients. With this new mechanism, it should be fine to sign all emails.
More details here:
https://thunderbird.topicbox.com/groups/planning/Tfd5f9c444ef3d06c-M6cac45a5459adb7e58a7ac79/call-for-testing-openpgp-unobtrusive-signatures -
Just n' Reminder
E-Mails von mir tragen ein #OpenPGP Zertifikat mit sich.
(Signiert, wenn ich den Ksy des anderen nicht habe)Den PGP-Key könnt ihr auf https://njbraun.de oder eurem #Keyserver eures Vertrauens checken.
Ich frage euch weder nach Kreditkartendaten, Passwörter o.ä.
[Mittlerweile solltet ihr @matrix als first Choice ansehen siehe Profilbeschreibung "Über"].
-
I have found interesting the interview of Linux Inlaws to the main founder/contributor to #GnuPG:
https://linuxinlaws.eu LI_S02E22_OpenPGG
Source: https://archive.org/download/LI_S02E22_OpenPGP__7525/LI_S02E22_OpenPGP_.mp3
Imo GPG is still an interesting tool to use to encrypt particular files, back-ups tar files, email & passwords.You can use #Kleopatra to manage it. At some point (out of this month 🤦♀️) i will try to record some videos with examples of use...
