Med-Mastodon

HeikoA new report (commissioned by the German BSI) outlines the recent evolution of the <a href="https://floss.social/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenPGP</a> standard, including the new RFC 9580 and PQC drafts, as well as the spinoff "LibrePGP" draft that the GnuPG project writes.PDF: <a href="https://github.com/crypto-security-tools/OpenPGP-LibrePGP-comparison/releases/download/v1.4/opgp-lpgp-comp.pdf" rel="nofollow noopener" translate="no" target="_blank">https://github.com/crypto-security-tools/OpenPGP-LibrePGP-comparison/releases/download/v1.4/opgp-lpgp-comp.pdf</a>(Announcement email: <a href="https://mailarchive.ietf.org/arch/msg/openpgp/2g_rjYBqwqKZE6OEgjNb0bFo098/" rel="nofollow noopener" translate="no" target="_blank">https://mailarchive.ietf.org/arch/msg/openpgp/2g_rjYBqwqKZE6OEgjNb0bFo098/</a>)Note that the document contains a one-page "Executive Summary", which (although quite technical) is worth a read.[TL;DR: It raises concerns about the GnuPG draft's development process, as well as quality]

Larvitz :fedora: :redhat:Created a FreeBSD port for openpgp-card-tools and put it on my Codeberg: <a href="https://codeberg.org/Larvitz/openpgp-card-tools-freebsd-port" rel="nofollow noopener" translate="no" target="_blank">https://codeberg.org/Larvitz/openpgp-card-tools-freebsd-port</a>It's a command-line-utility (oct), written in Rust, to manage openpgp smartcards and compatible devices (yubikey, nitrokey etc).Usage instructions are in the repositories readme file.<a href="https://burningboard.net/tags/freebsd" class="mention hashtag" rel="nofollow noopener" target="_blank">#freebsd</a> <a href="https://burningboard.net/tags/openpgp" class="mention hashtag" rel="nofollow noopener" target="_blank">#openpgp</a> <a href="https://burningboard.net/tags/rust" class="mention hashtag" rel="nofollow noopener" target="_blank">#rust</a> <a href="https://burningboard.net/tags/port" class="mention hashtag" rel="nofollow noopener" target="_blank">#port</a> <a href="https://floss.social/@hko" class="u-url mention" rel="nofollow noopener" target="_blank">@hko</a>

GnuPGAccording to <a href="https://social.heise.de/@ct_Magazin" class="u-url mention" rel="nofollow noopener" target="_blank">@ct_Magazin</a> and the press release <a href="https://merlinux.eu/press/2025-05-14-russia-deltachat.pdf" rel="nofollow noopener" translate="no" target="_blank">https://merlinux.eu/press/2025-05-14-russia-deltachat.pdf</a> Russia sues the German company merlinux GmbH over Delta Chat, an email and <a href="https://mstdn.social/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenPGP</a> based <a href="https://mstdn.social/tags/Endtoendcrypto" class="mention hashtag" rel="nofollow noopener" target="_blank">#Endtoendcrypto</a> messenger.

andreSeit einiger Zeit signiere ich meine Mails mit OpenPGP.Oft kommt die Rückmeldung: "Ich kann die Anhänge nicht öffnen."Das ist sehr schade. Ich hätte gehofft, dass auch nicht IT-Nerds es schaffen, den Anhang mit Endung .asc zu ignorieren oder eine Suchmaschine dafür anwerfen.Das Problem würde sich übrigens lösen, wenn öffentliche Stellen, Ärzte, Versicherung etc. auch verschlüsselte Mails nutzen würden.<a href="https://social.tchncs.de/tags/openpgp" class="mention hashtag" rel="nofollow noopener" target="_blank">#openpgp</a> <a href="https://social.tchncs.de/tags/verschl%C3%BCsselung" class="mention hashtag" rel="nofollow noopener" target="_blank">#verschlüsselung</a> <a href="https://social.tchncs.de/tags/email" class="mention hashtag" rel="nofollow noopener" target="_blank">#email</a>

HeikoI just released version 0.7.1 of <a href="https://floss.social/tags/rsop" class="mention hashtag" rel="nofollow noopener" target="_blank">#rsop</a>, a stateless <a href="https://floss.social/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenPGP</a> ("SOP") CLI tool based on <a href="https://mastodon.social/@rpgp" class="u-url mention" rel="nofollow noopener" target="_blank">@rpgp</a>:<a href="https://crates.io/crates/rsop/" rel="nofollow noopener" translate="no" target="_blank">https://crates.io/crates/rsop/</a>This version adds support for the "merge-certs" SOP command, which consolidates multiple versions of a certificate into a unified aggregate view.For more on <a href="https://floss.social/tags/SOP" class="mention hashtag" rel="nofollow noopener" target="_blank">#SOP</a>, see <a href="https://datatracker.ietf.org/doc/draft-dkg-openpgp-stateless-cli/" rel="nofollow noopener" translate="no" target="_blank">https://datatracker.ietf.org/doc/draft-dkg-openpgp-stateless-cli/</a><a href="https://floss.social/tags/PGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#PGP</a> <a href="https://floss.social/tags/GnuPG" class="mention hashtag" rel="nofollow noopener" target="_blank">#GnuPG</a>

Delta Chat<a href="https://det.social/@lostgen" class="u-url mention" rel="nofollow noopener" target="_blank">@lostgen</a> <a href="https://sueden.social/@yuchungfink" class="u-url mention" rel="nofollow noopener" target="_blank">@yuchungfink</a> <a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@signalapp</a> pretty correct but it's not gpg, the old command line tool but an audited state-of-the-art rust implementation for <a href="https://chaos.social/tags/openpgp" class="mention hashtag" rel="nofollow noopener" target="_blank">#openpgp</a> encryption. It has never been vulnerable to the various past flaws in gpg.

Kevin Karhan :verified:<a href="https://23.social/@alios" class="u-url mention" rel="nofollow noopener" target="_blank">@alios</a> no, but besides <a href="https://infosec.space/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenPGP</a> there are compatible interpretations like <a href="http://github.com/life4/enc/" rel="nofollow noopener" target="_blank"><code>enc</code></a> that just work!<ul><li><a href="https://mastodon.social/@cacert" class="u-url mention" rel="nofollow noopener" target="_blank">@cacert</a> was the better <a href="https://infosec.exchange/@letsencrypt" class="u-url mention" rel="nofollow noopener" target="_blank">@letsencrypt</a> but the <a href="https://infosec.space/tags/GAFAMs" class="mention hashtag" rel="nofollow noopener" target="_blank">#GAFAMs</a> cockblocked and actuvely sabotaged that by virtue of refusing to include the <a href="https://infosec.space/tags/CACert" class="mention hashtag" rel="nofollow noopener" target="_blank">#CACert</a> Root-Certificate</li></ul>

aliosAre there any good alternatives to <a href="https://23.social/tags/openpgp" class="mention hashtag" rel="nofollow noopener" target="_blank">#openpgp</a> as gerneral purpose signature and encryption protocol thing with a "web of trust" idea in the back instead of hierarchical one like in <a href="https://23.social/tags/x509" class="mention hashtag" rel="nofollow noopener" target="_blank">#x509</a> ?<a href="https://23.social/tags/openpgp" class="mention hashtag" rel="nofollow noopener" target="_blank">#openpgp</a> does what it should do and i like packet approach. But imo it has become too complex in its try to stay backwards compatible an beeing "too generic" ...just to be sure I'am not looking for an alternative to sign and encrypt emails but, a framework/protocol for distrib machine 2 machine communication

Arch Linux :archlinux:Automated digital signing of OS artifacts<a href="https://lists.archlinux.org/archives/list/arch-dev-public@lists.archlinux.org/thread/BOMYF4UTJJ37UIBXW52OU7WJTT3YPTKS/" rel="nofollow noopener" translate="no" target="_blank">https://lists.archlinux.org/archives/list/arch-dev-public@lists.archlinux.org/thread/BOMYF4UTJJ37UIBXW52OU7WJTT3YPTKS/</a><a href="https://fosstodon.org/tags/ArchLinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#ArchLinux</a> <a href="https://fosstodon.org/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a> <a href="https://fosstodon.org/tags/RFC" class="mention hashtag" rel="nofollow noopener" target="_blank">#RFC</a> <a href="https://fosstodon.org/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenPGP</a> <a href="https://fosstodon.org/tags/DigitalSignature" class="mention hashtag" rel="nofollow noopener" target="_blank">#DigitalSignature</a> <a href="https://fosstodon.org/tags/Automation" class="mention hashtag" rel="nofollow noopener" target="_blank">#Automation</a> <a href="https://fosstodon.org/tags/Signstar" class="mention hashtag" rel="nofollow noopener" target="_blank">#Signstar</a> <a href="https://fosstodon.org/tags/NetHSM" class="mention hashtag" rel="nofollow noopener" target="_blank">#NetHSM</a>

Gonçalo Valério"CVE-2025-47934 – Spoofing OpenPGP.js signature verification"<a href="https://codeanlabs.com/blog/research/cve-2025-47934-spoofing-openpgp-js-signatures/" rel="nofollow noopener" translate="no" target="_blank">https://codeanlabs.com/blog/research/cve-2025-47934-spoofing-openpgp-js-signatures/</a><a href="https://s.ovalerio.net/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a> <a href="https://s.ovalerio.net/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://s.ovalerio.net/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://s.ovalerio.net/tags/openpgp" class="mention hashtag" rel="nofollow noopener" target="_blank">#openpgp</a> <a href="https://s.ovalerio.net/tags/openpgpjs" class="mention hashtag" rel="nofollow noopener" target="_blank">#openpgpjs</a>

Kushal Das :python: :tor:<a href="https://mastodon.social/@gerowen" class="u-url mention" rel="nofollow noopener" target="_blank">@gerowen</a> Now try to do the same with my <a href="https://toots.dgplug.org/tags/python" class="mention hashtag" rel="nofollow noopener" target="_blank">#python</a> library for <a href="https://toots.dgplug.org/tags/openpgp" class="mention hashtag" rel="nofollow noopener" target="_blank">#openpgp</a> please <a href="https://johnnycanencrypt.readthedocs.io/en/latest/" rel="nofollow noopener" translate="no" target="_blank">https://johnnycanencrypt.readthedocs.io/en/latest/</a> :)

Delta ChatComparing <a href="https://chaos.social/tags/XMPP" class="mention hashtag" rel="nofollow noopener" target="_blank">#XMPP</a> against <a href="https://chaos.social/tags/email" class="mention hashtag" rel="nofollow noopener" target="_blank">#email</a> protocols is too limited. What sets <a href="https://chaos.social/tags/deltachat" class="mention hashtag" rel="nofollow noopener" target="_blank">#deltachat</a> apart is *vertical integration* and being driven by UI/UX considerations. Cross-platform Apps and Bots use the Rust core library which connects with <a href="https://chaos.social/tags/chatmail" class="mention hashtag" rel="nofollow noopener" target="_blank">#chatmail</a> relays and classic email servers based on a higher level API -- abstracting over SMTP, MIME, <a href="https://chaos.social/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenPGP</a> etc. See <a href="https://chatmail.at" rel="nofollow noopener" translate="no" target="_blank">https://chatmail.at</a> <a href="https://chaos.social/tags/webxdc" class="mention hashtag" rel="nofollow noopener" target="_blank">#webxdc</a> apps in turn use an even higher level stable API abstracting over email/xmpp/... see <a href="https://webxdc.org/docs/" rel="nofollow noopener" translate="no" target="_blank">https://webxdc.org/docs/</a>

Dimly Lit CornersThe PGP Problem <a href="https://www.latacora.com/blog/2019/07/16/the-pgp-problem/" rel="nofollow noopener" translate="no" target="_blank">https://www.latacora.com/blog/2019/07/16/the-pgp-problem/</a><a href="https://fosstodon.org/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenPGP</a> <a href="https://fosstodon.org/tags/GnuPG" class="mention hashtag" rel="nofollow noopener" target="_blank">#GnuPG</a> <a href="https://fosstodon.org/tags/PGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#PGP</a> <a href="https://fosstodon.org/tags/GPG" class="mention hashtag" rel="nofollow noopener" target="_blank">#GPG</a> <a href="https://fosstodon.org/tags/PublicKey" class="mention hashtag" rel="nofollow noopener" target="_blank">#PublicKey</a> <a href="https://fosstodon.org/tags/Email" class="mention hashtag" rel="nofollow noopener" target="_blank">#Email</a> <a href="https://fosstodon.org/tags/AgeEncryption" class="mention hashtag" rel="nofollow noopener" target="_blank">#AgeEncryption</a> <a href="https://age-encryption.org" rel="nofollow noopener" translate="no" target="_blank">https://age-encryption.org</a> <a href="https://fosstodon.org/tags/Minisign" class="mention hashtag" rel="nofollow noopener" target="_blank">#Minisign</a> <a href="https://jedisct1.github.io/minisign/" rel="nofollow noopener" translate="no" target="_blank">https://jedisct1.github.io/minisign/</a><a href="https://fosstodon.org/tags/AgePublicKey" class="mention hashtag" rel="nofollow noopener" target="_blank">#AgePublicKey</a> age1s3n5ehvm8h3xjkc985hzjznw9cv0lk9ezj5heyy4m7l654rkzslq07ylps<a href="https://fosstodon.org/tags/MinisignPublicKey" class="mention hashtag" rel="nofollow noopener" target="_blank">#MinisignPublicKey</a> RWRK8XFYuCHjYX1J/7cKCUy6eQKNYVAurb/70Q6pK8kjGHALVORZGJ+o

HeikoI just released version 0.1.2 of rsop-oct, a stateless <a href="https://floss.social/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenPGP</a> ("SOP") CLI tool for use with OpenPGP card hardware devices:<a href="https://crates.io/crates/rsop-oct/" rel="nofollow noopener" translate="no" target="_blank">https://crates.io/crates/rsop-oct/</a>Like its sibling project <a href="https://floss.social/tags/rsop" class="mention hashtag" rel="nofollow noopener" target="_blank">#rsop</a>, rsop-oct is based on <a href="https://mastodon.social/@rpgp" class="u-url mention" rel="nofollow noopener" target="_blank">@rpgp</a>This update makes integration with <a href="https://crates.io/crates/openpgp-card-state" rel="nofollow noopener" translate="no" target="_blank">https://crates.io/crates/openpgp-card-state</a> optional.rsop-oct can now implicitly use persisted PINs via openpgp-card-state, or explicitly provided ones via the standard SOP CLI parameter '--with-key-password'.For more on <a href="https://floss.social/tags/SOP" class="mention hashtag" rel="nofollow noopener" target="_blank">#SOP</a>, see <a href="https://datatracker.ietf.org/doc/draft-dkg-openpgp-stateless-cli/" rel="nofollow noopener" translate="no" target="_blank">https://datatracker.ietf.org/doc/draft-dkg-openpgp-stateless-cli/</a><a href="https://floss.social/tags/PGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#PGP</a> <a href="https://floss.social/tags/GnuPG" class="mention hashtag" rel="nofollow noopener" target="_blank">#GnuPG</a>

rPGPNew release: <a href="https://mastodon.social/tags/rPGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#rPGP</a> version 0.16.0 🧰🔐✨<a href="https://github.com/rpgp/rpgp/releases/tag/v0.16.0" rel="nofollow noopener" translate="no" target="_blank">https://github.com/rpgp/rpgp/releases/tag/v0.16.0</a><a href="https://mastodon.social/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenPGP</a> implemented in pure <a href="https://mastodon.social/tags/Rust" class="mention hashtag" rel="nofollow noopener" target="_blank">#Rust</a>, permissively licensedThis release features streaming message support: Now rPGP can process arbitrarily large messages, with modest memory requirements.It adds experimental support for the upcoming OpenPGP <a href="https://mastodon.social/tags/PQC" class="mention hashtag" rel="nofollow noopener" target="_blank">#PQC</a> IETF standard <a href="https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-pqc" rel="nofollow noopener" translate="no" target="_blank">https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-pqc</a>This release also brings various improvements for key generation, support for X448/Ed448, and many minor fixes.

Delta Chatour friends over at <a href="https://mastodon.social/@rpgp" class="u-url mention" rel="nofollow noopener" target="_blank">@rpgp</a> just published a monster milestone, humbly tagged 0.16 😍 with - streaming decryption and encryption- post-quantum-cryptography - API streamlining. <a href="https://chaos.social/tags/rPGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#rPGP</a> is a full Rust implementation of <a href="https://chaos.social/tags/openpgp" class="mention hashtag" rel="nofollow noopener" target="_blank">#openpgp</a> which counts among the fastest and most compliant implementations today, and includes security audits. Note: <a href="https://chaos.social/tags/deltachat" class="mention hashtag" rel="nofollow noopener" target="_blank">#deltachat</a> uses a restricted subset of OpenPGP, and follows best practices (eg using the same ed25519 keys implementation as <a href="https://chaos.social/tags/signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#signal</a>) <a href="https://github.com/rpgp/rpgp/" rel="nofollow noopener" translate="no" target="_blank">https://github.com/rpgp/rpgp/</a>

Delta Chat<a href="https://social.sengotta.net/@bjoern" class="u-url mention" rel="nofollow noopener" target="_blank">@bjoern</a> <a href="https://fosstodon.org/@treefit" class="u-url mention" rel="nofollow noopener" target="_blank">@treefit</a> <a href="https://ruhr.social/@chfkch" class="u-url mention" rel="nofollow noopener" target="_blank">@chfkch</a> you can send an <a href="https://chaos.social/tags/openpgp" class="mention hashtag" rel="nofollow noopener" target="_blank">#openpgp</a> encrypted email to a delta chat address, yes.

George E. 🇺🇸♥🇺🇦🇵🇸🏳️‍🌈🏳️‍⚧️[ theregister.com: Freshly discovered bug in OpenPGP.js undermines whole point of encrypted comms ] <a href="https://www.theregister.com/2025/05/20/openpgp_js_flaw/" rel="nofollow noopener" target="_blank">https://www.theregister.com/2025/05/20/openpgp_js_flaw/</a> Well fuck. <a href="https://bofh.social/tags/PGP" rel="nofollow noopener" target="_blank">#PGP</a> <a href="https://bofh.social/tags/OpenPGP" rel="nofollow noopener" target="_blank">#OpenPGP</a> <a href="https://bofh.social/tags/security" rel="nofollow noopener" target="_blank">#security</a> <a href="https://bofh.social/tags/vulnerabilities" rel="nofollow noopener" target="_blank">#vulnerabilities</a>

securityaffairsA critical flaw in <a href="https://infosec.exchange/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenPGP</a>.js lets attackers spoof message signatures <a href="https://securityaffairs.com/178131/uncategorized/a-openpgp-js-flaw-lets-attackers-spoof-message-signatures.html" rel="nofollow noopener" translate="no" target="_blank">https://securityaffairs.com/178131/uncategorized/a-openpgp-js-flaw-lets-attackers-spoof-message-signatures.html</a> <a href="https://infosec.exchange/tags/securityaffairs" class="mention hashtag" rel="nofollow noopener" target="_blank">#securityaffairs</a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#hacking</a>

Flippin' 'eck, Tucker!Somewhat concerning for anyone who uses Proton Mail: there is a flaw in the OpenPGP javascript library that they use (and are the maintainers for) which means that it's possible for spoofed authentication signatures to be created.<a href="https://www.theregister.com/2025/05/20/openpgp_js_flaw/" rel="nofollow noopener" translate="no" target="_blank">https://www.theregister.com/2025/05/20/openpgp_js_flaw/</a><a href="https://social.chatty.monster/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenPGP</a> <a href="https://social.chatty.monster/tags/Encryption" class="mention hashtag" rel="nofollow noopener" target="_blank">#Encryption</a> <a href="https://social.chatty.monster/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#Security</a> <a href="https://social.chatty.monster/tags/Proton" class="mention hashtag" rel="nofollow noopener" target="_blank">#Proton</a> <a href="https://social.chatty.monster/tags/ProtonMail" class="mention hashtag" rel="nofollow noopener" target="_blank">#ProtonMail</a> <a href="https://social.chatty.monster/tags/Cryptography" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cryptography</a>

Recent searches

Search options

Administered by:

Server stats:

#openpgp