Auch diesen Monat gibt es am 4ten Donnerstag eine #CryptoParty in #Augsburg. Thema ist diesmal: E-Mail-Verschlüsselung auf PC und Handy. Wie immer 19 Uhr (Donnerstag, 24.04.2025), im #OpenLab, Bäckergasse 32.
Bringt bitte eure Freundinnen/Freunde mit. Eintritt frei. Keine Vorkenntnisse erforderlich.
Hello world, this is the #OpenPGP #keyserver service at https://keys.openpgp.org!
This account provides a low-volume channel for updates about the service.
Hello world, this is the #OpenPGP #keyserver service at https://keys.openpgp.org tooting!
This account provides a low-volume channel for updates about the service.
@triskelion
Proton Mail uses #OpenPGP standard and it is possible to send and receive encrypted messages between Delta Chat and Proton Mail. It is not straightforward currently but we work on making it easier by allowing to share the keys in vCards. Delta Chat cannot be used as a client for Proton Mail because Proton Mail does not allow the clients to use SMTP and IMAP to directly access mailboxes.
Tuta cannot be used to send and receive encrypted e-mail because it does not support OpenPGP.
Ich hab jetzt seit einiger Zeit die #openpgp_verschlüsselung in #thunderbird eingerichtet. Ich habe noch keinen gefunden, der auch verschlüsselt, also den öffentlichen Schlüssel auf einem #openpgp #schlusselserver ablegt. Macht das niemand oder muss ich auch andere Schlüsselserver hinterlegen?
Some of you may have heard of #simplex which likes to elevate itself as "the first messenger without user-ids" ... a goal, similar to ours, of not letting the transport layer know about who talks. Only we are doing it in the email system, fully interoperable with tens of thousands of existing email servers and other #openpgp endpoints. The email system is much more than SMTP/IMAP or even openpgp btw ... there is plenty of room for radical shifts and new takes. We are just starting :)
#openpgp traditions and #signal both bind a cleartext identifier, phone number or email address, to a cryptographic key. It opens up attack vectors as the servers/orgs controlling this binding can interfere.
#deltachat avoids such cleartext identity bindings by creating random #chatmail addresses, as transport only. The cryptographic key becomes the identifier and we want it hidden from the transport layer. Only people being in end-to-end encrypted chat need to identify each other, after all.
@Xeniax Totally nerdsniped :D I'd love to be a part of the study.
I don't think that #KeyServers are dead. I think they evolved into Verifying Key Servers (VKS), like the one run by a few folks from the OpenPGP ecosystem at https://keys.openpgp.org/about . More generally, I believe that #PGP / #GPG / #OpenPGP retains important use-cases where accountability is prioritized, as contrasted with ecosystems (like #Matrix, #SignalMessenger) where deniability (and Perfect Forward Secrecy generally) is prioritized. Further, PGP can still serve to bootstrap those other ecosystems by way of signature notations (see the #KeyOxide project).
Ultimately, the needs of asynchronous and synchronous cryptographic systems are, at certain design points, mutually exclusive (in my amateur estimation, anyway). I don't think that implies that email encryption is somehow a dead-end or pointless. Email merely, by virtue of being an asynchronous protocol, cannot meaningfully offer PFS (or can it? Some smart people over at crypto.stackexchange.com seem to think there might be papers floating around that can get at it: https://crypto.stackexchange.com/questions/9268/is-asynchronous-perfect-forward-secrecy-possible).
To me, the killer feature of PGP is actually not encryption per se. It's certification, signatures, and authentication/authorization. I'm more concerned with "so-and-so definitely said/attested to this" than "i need to keep what so-and-so said strictly private/confidential forever and ever." What smaller countries like Croatia have done with #PKI leaves me green with envy.
@eff @evacide
GnuPG is not the only way to encrypt email, I use #OpenPGP with Thunderbird and @delta, both don't use GPG.
Also pages
https://ssd.eff.org/module/how-use-pgp-linux
and
https://ssd.eff.org/module/how-use-pgp-windows
are outdated, Thunderbird now has built-in OpenPGP implementation and Enigmail does not work with the latest versions.
man 1 profanity-ox-setup.Just figured out, that the massive performance hit my #PGPainless test suite was suffering since I started to port to a newer BC version was caused by the default S2K iteration count being bumped to 0xff instead of 0x60.
This had caused the runtime of the test suite to rise to 7 minutes compared to ~1 minute.
I decided to dial down the default value again, but make it customizable :D
We are not aware of other FOSS development teams that have as extensive knowledge, both theoretical and practical, about #email and #openpgp and regularly release across all platforms for users world wide ... except for #protonmail with whose technical and security experts we discuss regularly. They are the other major game in town doing pervasive email encryption after all. Did you know that Proton's and delta's VCards are compatible across ecosystems and establish immediate encryption?
@mathilde #chatmail server users don't have these problems because they don't even need to know their password or email address. Messages in delta chat are stored locally and the server only stores them for a limited time, up to 20 days by default, so all devices have a chance to download the message. Blocklists are also not used, the only requirements are #DKIM signature and #OpenPGP encryption.
Remember the old days with key signing parties? I never really got into that but I think with all the "AI" bots we are going to get to a place where we need to have trust networks built on cryptographic keys to filter out the crap.
Note to self: Set up public key and share it.
The downside of our project approach was that we often got experts being very dismissive on re-using email and #OpenPGP ... and there still is some opposition which often subsides when actually trying #deltachat and #chatmail, looking at security audits and our strong usable security focus.
There may also be surprising upsides. The UK "Online Safety Bill" which attacks end-to-end encryption integrity seems to not apply for ... e-mail. Because everyone knows, e-mail is unencrypted, right? :)
Has anyone here on #fedi figured out the correct recipe for dealing with #OpenPGP, #DMARC and #mailman ?
The problem, by default mailman will modify messages and this will break the dkim signature.
https://gitlab.com/mailman/mailman/-/issues/1079
Mailman provides two DMARC mitigation options (other option is reject or discard which is not useful in this case).
1. Replace the from address with list address
2. Wrap original message in an envelope
thunderbird flags 1 and fails 2.
#askfedi #gnupg #gpg #thunderbird
New Privacy Guides article 
by me:
If you are using a YubiKey,
you might get in some situations where you need to reset your key to factory default, and/or set up a backup of it on a spare key.
This tutorial will guide you
through each step to reset and back up your YubiKey successfully, with clear instructions and plenty of visual support.
I hope you find it helpful!
https://www.privacyguides.org/articles/2025/03/06/yubikey-reset-and-backup/
I've made release 0.3.0 of sopass, my command line password manager that uses a Stateless OpenPGP implementation for cryptography.
* configuration file
* add value from named file or stdin
* default to rsop
* manual page, built-in help
