Med-Mastodon

Delta Chat<a href="https://chaos.social/tags/Whatsapp" class="mention hashtag" rel="nofollow noopener" target="_blank">#Whatsapp</a> on <a href="https://chaos.social/tags/iOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#iOS</a> had a severe 0day that was exploited in the wild for some months, and is fixed with august 20th releases <a href="https://hackread.com/whatsapp-0-day-exploit-attack-targeted-ios-macos-users/" rel="nofollow noopener" translate="no" target="_blank">https://hackread.com/whatsapp-0-day-exploit-attack-targeted-ios-macos-users/</a>Last year <a href="https://chaos.social/tags/signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#signal</a> also had its multi-device functionality exploited in the wild. <a href="https://thehackernews.com/2025/02/hackers-exploit-signals-linked-devices.html" rel="nofollow noopener" translate="no" target="_blank">https://thehackernews.com/2025/02/hackers-exploit-signals-linked-devices.html</a>FWIW <a href="https://chaos.social/tags/deltachat" class="mention hashtag" rel="nofollow noopener" target="_blank">#deltachat</a> has a dumber multi-device sync model, no device linking, depends on being in the same WiFI for setup (therefore no easy remote exploits), and <a href="https://chaos.social/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenPGP</a> signatures and verification for ongoing usage (like all other E2EE messages).

Delta Chat<a href="https://gladtech.social/@avoca" class="u-url mention" rel="nofollow noopener" target="_blank">@avoca</a> Suggesting we give up or drop our efforts is a valid opinion, and we don't blame people for having it. There are shitloads of messengers, and why are we engaging in this crazy trip of using <a href="https://chaos.social/tags/email" class="mention hashtag" rel="nofollow noopener" target="_blank">#email</a> and <a href="https://chaos.social/tags/openpgp" class="mention hashtag" rel="nofollow noopener" target="_blank">#openpgp</a> for instant messaging, out of all things? We consider it progress if it's just a few percent opposing our effort and current trajectory at all. That surely was different some years ago where it felt more like 80% being in that "are you kidding me?" camp.

Kevin Karhan :verified:<a href="https://mastodon.social/@osxreverser" class="u-url mention" rel="nofollow noopener" target="_blank">@osxreverser</a> I guess forcing everyone to use <a href="https://infosec.space/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenPGP</a> (or rather <a href="https://infosec.space/tags/enc" class="mention hashtag" rel="nofollow noopener" target="_blank">#enc</a><a href="http://github.com/life4/enc/" rel="nofollow noopener" target="_blank">¹</a>) and <a href="https://infosec.space/tags/VeraCrypt" class="mention hashtag" rel="nofollow noopener" target="_blank">#VeraCrypt</a> / <a href="https://mastodon.social/@veracrypt" class="u-url mention" rel="nofollow noopener" target="_blank">@veracrypt</a> <a href="https://veracrypt.io/en/Downloads.html" rel="nofollow noopener" target="_blank">²</a> and putting that on an (S) <a href="https://infosec.space/tags/FTP" class="mention hashtag" rel="nofollow noopener" target="_blank">#FTP</a> (S) server isn't an option?

vanitasvitaeTowards OpenPGP v6 in PGPainlessI’m very excited to announce the results of what I have been working on for the past 1,5 years. *drumrolls*I added support for OpenPGP v6 (rfc9580) in both Bouncy Castle and PGPainless! In this blog post, I want to go over the work in more details.<a href="https://warmwasserwerfer.de/2025/08/28/towards-openpgp-v6-in-pgpainless/" class="" rel="nofollow noopener" target="_blank">https://warmwasserwerfer.de/2025/08/28/towards-openpgp-v6-in-pgpainless/</a><a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://warmwasserwerfer.de/tag/encryption/" target="_blank">#encryption</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://warmwasserwerfer.de/tag/java/" target="_blank">#java</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://warmwasserwerfer.de/tag/openpgp/" target="_blank">#openpgp</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://warmwasserwerfer.de/tag/pgpainless/" target="_blank">#pgpainless</a>

HeikoI edited and (slightly) expanded yesterday's thread about inspecting <a href="https://floss.social/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenPGP</a> certificate status with <a href="https://mastodon.social/@rpgp" class="u-url mention" rel="nofollow noopener" target="_blank">@rpgp</a> into a blog article:<a href="https://openpgp.foo/posts/2025-08-certificate-status/" rel="nofollow noopener" translate="no" target="_blank">https://openpgp.foo/posts/2025-08-certificate-status/</a><a href="https://floss.social/tags/GnuPG" class="mention hashtag" rel="nofollow noopener" target="_blank">#GnuPG</a> <a href="https://floss.social/tags/PGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#PGP</a> <a href="https://floss.social/tags/RustLang" class="mention hashtag" rel="nofollow noopener" target="_blank">#RustLang</a> <a href="https://floss.social/tags/CLI" class="mention hashtag" rel="nofollow noopener" target="_blank">#CLI</a>

HeikoI just released version 0.6.6 of rpgpie, an experimental high level API for <a href="https://mastodon.social/@rpgp" class="u-url mention" rel="nofollow noopener" target="_blank">@rpgp</a>:<a href="https://crates.io/crates/rpgpie" rel="nofollow noopener" translate="no" target="_blank">https://crates.io/crates/rpgpie</a>The rpgpie library crate ships with the (also experimental) "rpgp" CLI tool, which can inspect certificates (aka "<a href="https://floss.social/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenPGP</a> public keys") in two different ways:- "show" prints the internal structure of a certificate without much interpretation - "status" prints a summarized view, and applies OpenPGP validity semanticsSince this release, "status" can emit JSON.🧵 1/5<a href="https://floss.social/tags/PGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#PGP</a> <a href="https://floss.social/tags/GnuPG" class="mention hashtag" rel="nofollow noopener" target="_blank">#GnuPG</a>

heineloMein Desktop unter Fedora die Nutzung von Linux und Open Source Software mit entsprechenden Messengern und Mail Anwendungen und ohne Google / Microsoft / Apple und mit KI dann wenn ich sie haben möchte ist und bleibt einfach eine bessere und auch Nachhaltigerer und vor allem Selbs bestimmender Umgang mit Informationstechnologie. <a href="https://pixelfed.social/discover/tags/DailyDesktop?src=hash" class="u-url hashtag" rel="nofollow noopener" target="_blank">#DailyDesktop</a> <a href="https://pixelfed.social/discover/tags/ShareYourDesktop?src=hash" class="u-url hashtag" rel="nofollow noopener" target="_blank">#ShareYourDesktop</a> <a href="https://pixelfed.social/discover/tags/UnixPorn?src=hash" class="u-url hashtag" rel="nofollow noopener" target="_blank">#UnixPorn</a> <a href="https://pixelfed.social/discover/tags/fedora42?src=hash" class="u-url hashtag" rel="nofollow noopener" target="_blank">#fedora42</a> <a href="https://pixelfed.social/discover/tags/gnulinux?src=hash" class="u-url hashtag" rel="nofollow noopener" target="_blank">#gnulinux</a> <a href="https://pixelfed.social/discover/tags/Linux?src=hash" class="u-url hashtag" rel="nofollow noopener" target="_blank">#Linux</a> <a href="https://pixelfed.social/discover/tags/mydesktop?src=hash" class="u-url hashtag" rel="nofollow noopener" target="_blank">#mydesktop</a> <a href="https://pixelfed.social/discover/tags/opensource?src=hash" class="u-url hashtag" rel="nofollow noopener" target="_blank">#opensource</a> <a href="https://pixelfed.social/discover/tags/fedora?src=hash" class="u-url hashtag" rel="nofollow noopener" target="_blank">#fedora</a> <a href="https://pixelfed.social/discover/tags/libreoffice?src=hash" class="u-url hashtag" rel="nofollow noopener" target="_blank">#libreoffice</a> <a href="https://pixelfed.social/discover/tags/fairphone4?src=hash" class="u-url hashtag" rel="nofollow noopener" target="_blank">#fairphone4</a> <a href="https://pixelfed.social/discover/tags/murenacloud?src=hash" class="u-url hashtag" rel="nofollow noopener" target="_blank">#murenacloud</a> <a href="https://pixelfed.social/discover/tags/evolution?src=hash" class="u-url hashtag" rel="nofollow noopener" target="_blank">#evolution</a> <a href="https://pixelfed.social/discover/tags/digitaleselbstbestimmung?src=hash" class="u-url hashtag" rel="nofollow noopener" target="_blank">#digitaleselbstbestimmung</a> <a href="https://pixelfed.social/discover/tags/onlyoffice?src=hash" class="u-url hashtag" rel="nofollow noopener" target="_blank">#onlyoffice</a> <a href="https://pixelfed.social/discover/tags/digitaleselbstverteidigung?src=hash" class="u-url hashtag" rel="nofollow noopener" target="_blank">#digitaleselbstverteidigung</a> <a href="https://pixelfed.social/discover/tags/digitalenachhaltigkeit?src=hash" class="u-url hashtag" rel="nofollow noopener" target="_blank">#digitalenachhaltigkeit</a> <a href="https://pixelfed.social/discover/tags/signal?src=hash" class="u-url hashtag" rel="nofollow noopener" target="_blank">#signal</a> <a href="https://pixelfed.social/discover/tags/telegram?src=hash" class="u-url hashtag" rel="nofollow noopener" target="_blank">#telegram</a> <a href="https://pixelfed.social/discover/tags/Verschlüsselung?src=hash" class="u-url hashtag" rel="nofollow noopener" target="_blank">#Verschlüsselung</a> <a href="https://pixelfed.social/discover/tags/openpgp?src=hash" class="u-url hashtag" rel="nofollow noopener" target="_blank">#openpgp</a> <a href="https://pixelfed.social/discover/tags/rkhunter?src=hash" class="u-url hashtag" rel="nofollow noopener" target="_blank">#rkhunter</a> <a href="https://pixelfed.social/discover/tags/lynis?src=hash" class="u-url hashtag" rel="nofollow noopener" target="_blank">#lynis</a> <a href="https://pixelfed.social/discover/tags/firewall?src=hash" class="u-url hashtag" rel="nofollow noopener" target="_blank">#firewall</a>

Lars WirzeniusAny software that needs to encrypt data using OpenPGP, or to verify an OpenPGP signature on data, should use the stateless OpenPGP interface, or SOP, which is provided for a number of OpenPGP implementations. Using any other interface is going to lock in the software to that implementation.Also, SOP is lovely to use from another program. It's designed to be nice to use from a program. <a href="https://openpgp.foo/learn/sop/" rel="nofollow noopener" translate="no" target="_blank">https://openpgp.foo/learn/sop/</a><a href="https://toot.liw.fi/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenPGP</a> <a href="https://toot.liw.fi/tags/SOP" class="mention hashtag" rel="nofollow noopener" target="_blank">#SOP</a> <a href="https://toot.liw.fi/tags/StatelessOpenPGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#StatelessOpenPGP</a>

qbi<a href="https://freie-re.de/tags/PGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#PGP</a> bzw. genauer <a href="https://freie-re.de/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenPGP</a> gibt es in verschiedenen Standards: - RFC 2440 - RFC 4880 - RFC 9580 und - LibrePGPJohannes Roth und Falko Strenzke haben die Unterschiede zwischen den wichtigsten Standards herausgearbeitet: <a href="https://github.com/crypto-security-tools/OpenPGP-LibrePGP-comparison" rel="nofollow noopener" translate="no" target="_blank">https://github.com/crypto-security-tools/OpenPGP-LibrePGP-comparison</a><a href="https://freie-re.de/tags/rfc2440" class="mention hashtag" rel="nofollow noopener" target="_blank">#rfc2440</a> <a href="https://freie-re.de/tags/rfc4880" class="mention hashtag" rel="nofollow noopener" target="_blank">#rfc4880</a> <a href="https://freie-re.de/tags/rfc9580" class="mention hashtag" rel="nofollow noopener" target="_blank">#rfc9580</a> <a href="https://freie-re.de/tags/librepgp" class="mention hashtag" rel="nofollow noopener" target="_blank">#librepgp</a>

HeikoNew blog article: "Using a second <a href="https://floss.social/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenPGP</a> card for my primary key"<a href="https://openpgp.foo/posts/2025-07-a-second-card/" rel="nofollow noopener" translate="no" target="_blank">https://openpgp.foo/posts/2025-07-a-second-card/</a>This is a rather niche article, but I hope it will still contain some bits of interest, for at least some readers 🤓.In it, I import my primary OpenPGP key onto a second OpenPGP card hardware device, and use the device to issue a third-party certification with rsop-oct.I also outline some background and tradeoffs around different OpenPGP card setup.<a href="https://floss.social/tags/HSM" class="mention hashtag" rel="nofollow noopener" target="_blank">#HSM</a> <a href="https://floss.social/tags/OpenPGPcard" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenPGPcard</a> <a href="https://floss.social/tags/GnuPG" class="mention hashtag" rel="nofollow noopener" target="_blank">#GnuPG</a>

HeikoA new report (commissioned by the German BSI) outlines the recent evolution of the <a href="https://floss.social/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenPGP</a> standard, including the new RFC 9580 and PQC drafts, as well as the spinoff "LibrePGP" draft that the GnuPG project writes.PDF: <a href="https://github.com/crypto-security-tools/OpenPGP-LibrePGP-comparison/releases/download/v1.4/opgp-lpgp-comp.pdf" rel="nofollow noopener" translate="no" target="_blank">https://github.com/crypto-security-tools/OpenPGP-LibrePGP-comparison/releases/download/v1.4/opgp-lpgp-comp.pdf</a>(Announcement email: <a href="https://mailarchive.ietf.org/arch/msg/openpgp/2g_rjYBqwqKZE6OEgjNb0bFo098/" rel="nofollow noopener" translate="no" target="_blank">https://mailarchive.ietf.org/arch/msg/openpgp/2g_rjYBqwqKZE6OEgjNb0bFo098/</a>)Note that the document contains a one-page "Executive Summary", which (although quite technical) is worth a read.[TL;DR: It raises concerns about the GnuPG draft's development process, as well as quality]

Larvitz :fedora: :redhat:Created a FreeBSD port for openpgp-card-tools and put it on my Codeberg: <a href="https://codeberg.org/Larvitz/openpgp-card-tools-freebsd-port" rel="nofollow noopener" translate="no" target="_blank">https://codeberg.org/Larvitz/openpgp-card-tools-freebsd-port</a>It's a command-line-utility (oct), written in Rust, to manage openpgp smartcards and compatible devices (yubikey, nitrokey etc).Usage instructions are in the repositories readme file.<a href="https://burningboard.net/tags/freebsd" class="mention hashtag" rel="nofollow noopener" target="_blank">#freebsd</a> <a href="https://burningboard.net/tags/openpgp" class="mention hashtag" rel="nofollow noopener" target="_blank">#openpgp</a> <a href="https://burningboard.net/tags/rust" class="mention hashtag" rel="nofollow noopener" target="_blank">#rust</a> <a href="https://burningboard.net/tags/port" class="mention hashtag" rel="nofollow noopener" target="_blank">#port</a> <a href="https://floss.social/@hko" class="u-url mention" rel="nofollow noopener" target="_blank">@hko</a>

GnuPGAccording to <a href="https://social.heise.de/@ct_Magazin" class="u-url mention" rel="nofollow noopener" target="_blank">@ct_Magazin</a> and the press release <a href="https://merlinux.eu/press/2025-05-14-russia-deltachat.pdf" rel="nofollow noopener" translate="no" target="_blank">https://merlinux.eu/press/2025-05-14-russia-deltachat.pdf</a> Russia sues the German company merlinux GmbH over Delta Chat, an email and <a href="https://mstdn.social/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenPGP</a> based <a href="https://mstdn.social/tags/Endtoendcrypto" class="mention hashtag" rel="nofollow noopener" target="_blank">#Endtoendcrypto</a> messenger.

andreSeit einiger Zeit signiere ich meine Mails mit OpenPGP.Oft kommt die Rückmeldung: "Ich kann die Anhänge nicht öffnen."Das ist sehr schade. Ich hätte gehofft, dass auch nicht IT-Nerds es schaffen, den Anhang mit Endung .asc zu ignorieren oder eine Suchmaschine dafür anwerfen.Das Problem würde sich übrigens lösen, wenn öffentliche Stellen, Ärzte, Versicherung etc. auch verschlüsselte Mails nutzen würden.<a href="https://social.tchncs.de/tags/openpgp" class="mention hashtag" rel="nofollow noopener" target="_blank">#openpgp</a> <a href="https://social.tchncs.de/tags/verschl%C3%BCsselung" class="mention hashtag" rel="nofollow noopener" target="_blank">#verschlüsselung</a> <a href="https://social.tchncs.de/tags/email" class="mention hashtag" rel="nofollow noopener" target="_blank">#email</a>

HeikoI just released version 0.7.1 of <a href="https://floss.social/tags/rsop" class="mention hashtag" rel="nofollow noopener" target="_blank">#rsop</a>, a stateless <a href="https://floss.social/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenPGP</a> ("SOP") CLI tool based on <a href="https://mastodon.social/@rpgp" class="u-url mention" rel="nofollow noopener" target="_blank">@rpgp</a>:<a href="https://crates.io/crates/rsop/" rel="nofollow noopener" translate="no" target="_blank">https://crates.io/crates/rsop/</a>This version adds support for the "merge-certs" SOP command, which consolidates multiple versions of a certificate into a unified aggregate view.For more on <a href="https://floss.social/tags/SOP" class="mention hashtag" rel="nofollow noopener" target="_blank">#SOP</a>, see <a href="https://datatracker.ietf.org/doc/draft-dkg-openpgp-stateless-cli/" rel="nofollow noopener" translate="no" target="_blank">https://datatracker.ietf.org/doc/draft-dkg-openpgp-stateless-cli/</a><a href="https://floss.social/tags/PGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#PGP</a> <a href="https://floss.social/tags/GnuPG" class="mention hashtag" rel="nofollow noopener" target="_blank">#GnuPG</a>

Delta Chat<a href="https://det.social/@lostgen" class="u-url mention" rel="nofollow noopener" target="_blank">@lostgen</a> <a href="https://sueden.social/@yuchungfink" class="u-url mention" rel="nofollow noopener" target="_blank">@yuchungfink</a> <a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@signalapp</a> pretty correct but it's not gpg, the old command line tool but an audited state-of-the-art rust implementation for <a href="https://chaos.social/tags/openpgp" class="mention hashtag" rel="nofollow noopener" target="_blank">#openpgp</a> encryption. It has never been vulnerable to the various past flaws in gpg.

Kevin Karhan :verified:<a href="https://23.social/@alios" class="u-url mention" rel="nofollow noopener" target="_blank">@alios</a> no, but besides <a href="https://infosec.space/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenPGP</a> there are compatible interpretations like <a href="http://github.com/life4/enc/" rel="nofollow noopener" target="_blank"><code>enc</code></a> that just work!<ul><li><a href="https://mastodon.social/@cacert" class="u-url mention" rel="nofollow noopener" target="_blank">@cacert</a> was the better <a href="https://infosec.exchange/@letsencrypt" class="u-url mention" rel="nofollow noopener" target="_blank">@letsencrypt</a> but the <a href="https://infosec.space/tags/GAFAMs" class="mention hashtag" rel="nofollow noopener" target="_blank">#GAFAMs</a> cockblocked and actuvely sabotaged that by virtue of refusing to include the <a href="https://infosec.space/tags/CACert" class="mention hashtag" rel="nofollow noopener" target="_blank">#CACert</a> Root-Certificate</li></ul>

aliosAre there any good alternatives to <a href="https://23.social/tags/openpgp" class="mention hashtag" rel="nofollow noopener" target="_blank">#openpgp</a> as gerneral purpose signature and encryption protocol thing with a "web of trust" idea in the back instead of hierarchical one like in <a href="https://23.social/tags/x509" class="mention hashtag" rel="nofollow noopener" target="_blank">#x509</a> ?<a href="https://23.social/tags/openpgp" class="mention hashtag" rel="nofollow noopener" target="_blank">#openpgp</a> does what it should do and i like packet approach. But imo it has become too complex in its try to stay backwards compatible an beeing "too generic" ...just to be sure I'am not looking for an alternative to sign and encrypt emails but, a framework/protocol for distrib machine 2 machine communication

Arch Linux :archlinux:Automated digital signing of OS artifacts<a href="https://lists.archlinux.org/archives/list/arch-dev-public@lists.archlinux.org/thread/BOMYF4UTJJ37UIBXW52OU7WJTT3YPTKS/" rel="nofollow noopener" translate="no" target="_blank">https://lists.archlinux.org/archives/list/arch-dev-public@lists.archlinux.org/thread/BOMYF4UTJJ37UIBXW52OU7WJTT3YPTKS/</a><a href="https://fosstodon.org/tags/ArchLinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#ArchLinux</a> <a href="https://fosstodon.org/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a> <a href="https://fosstodon.org/tags/RFC" class="mention hashtag" rel="nofollow noopener" target="_blank">#RFC</a> <a href="https://fosstodon.org/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenPGP</a> <a href="https://fosstodon.org/tags/DigitalSignature" class="mention hashtag" rel="nofollow noopener" target="_blank">#DigitalSignature</a> <a href="https://fosstodon.org/tags/Automation" class="mention hashtag" rel="nofollow noopener" target="_blank">#Automation</a> <a href="https://fosstodon.org/tags/Signstar" class="mention hashtag" rel="nofollow noopener" target="_blank">#Signstar</a> <a href="https://fosstodon.org/tags/NetHSM" class="mention hashtag" rel="nofollow noopener" target="_blank">#NetHSM</a>

Gonçalo Valério"CVE-2025-47934 – Spoofing OpenPGP.js signature verification"<a href="https://codeanlabs.com/blog/research/cve-2025-47934-spoofing-openpgp-js-signatures/" rel="nofollow noopener" translate="no" target="_blank">https://codeanlabs.com/blog/research/cve-2025-47934-spoofing-openpgp-js-signatures/</a><a href="https://s.ovalerio.net/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a> <a href="https://s.ovalerio.net/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://s.ovalerio.net/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://s.ovalerio.net/tags/openpgp" class="mention hashtag" rel="nofollow noopener" target="_blank">#openpgp</a> <a href="https://s.ovalerio.net/tags/openpgpjs" class="mention hashtag" rel="nofollow noopener" target="_blank">#openpgpjs</a>

Recent searches

Search options

Administered by:

Server stats:

#openpgp