mastodon.zunda.ninja is one of the many independent Mastodon servers you can use to participate in the fediverse.
Zundon is a single user instance as home of @zundan as well as a test bed for changes of the code.

Administered by:

Server stats:

1
active users

#gpg

0 posts0 participants0 posts today
treefit<p><span class="h-card" translate="no"><a href="https://fosstodon.org/@lns" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>lns</span></a></span> sorry, but no. gnupgp UX sucks so hard that even I don't get it without extensive internet searching.</p><p>And I heard horrible stuff about integration into programs, like that they need to kill the <a href="https://fosstodon.org/tags/gpg" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>gpg</span></a> daemon regularly to make it work.</p><p>Let's rather invest our efforts into making modern alternatives like <a href="https://fosstodon.org/tags/rpgp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rpgp</span></a> and <a href="https://fosstodon.org/tags/rsop" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rsop</span></a><br><a href="https://crates.io/crates/rsop/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">crates.io/crates/rsop/</span><span class="invisible"></span></a> great.</p>
Jordan<p>Everybody should learn how to use GPG.</p><p><a href="https://gnupg.org/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">gnupg.org/</span><span class="invisible"></span></a></p><p><a href="https://fosstodon.org/tags/gpg" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>gpg</span></a> <a href="https://fosstodon.org/tags/gnupg" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>gnupg</span></a> <a href="https://fosstodon.org/tags/encryption" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>encryption</span></a> <a href="https://fosstodon.org/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://fosstodon.org/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a> <a href="https://fosstodon.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://fosstodon.org/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linux</span></a> <a href="https://fosstodon.org/tags/pgp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pgp</span></a></p>
Rachael Ava 💁🏻‍♀️🚨 Important: GPG Key Revoked & Superseded! 🔐
Theia Institute™<p><span class="h-card" translate="no"><a href="https://mstdn.social/@GnuPG" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>GnuPG</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@todd_a_jacobs" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>todd_a_jacobs</span></a></span> Using <a href="https://infosec.exchange/tags/LTFS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LTFS</span></a> to store <a href="https://infosec.exchange/tags/encrypteddata" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>encrypteddata</span></a> outside of hyper scaler environments without the dedicated <a href="https://infosec.exchange/tags/KMS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KMS</span></a> components expensive tape libraries use to enable <a href="https://infosec.exchange/tags/LTO9" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LTO9</span></a> drives' built-in, hardware <a href="https://infosec.exchange/tags/AES256GCM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AES256GCM</span></a> support is an area the institute is evaluating, and thinking about how <a href="https://infosec.exchange/tags/GPG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GPG</span></a> might fit in has been a facet of our research process.</p><p>All recent generations of <a href="https://infosec.exchange/tags/LTO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LTO</span></a> drives support strong, on-the-fly, hardware-accelerated encryption on the drives themselves. Sadly, it's essentially useless in the standalone drives sold to individuals, the <a href="https://infosec.exchange/tags/SOHO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SOHO</span></a> market, or to other non-enterprise customers because of the high cost of the tape library hardware required to activate it.</p><p>In some ways, the situation is much like the early Intel 386 computers that shipped with missing or disabled math coprocessors even when it stopped being a cost issue. In part, that was a strategic market segmentation decision, and the institute currently believes the lack of accessible LTFS encryption for all encryption-capable drives is no different. </p><p>Even though <a href="https://infosec.exchange/tags/GnuPG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GnuPG</span></a> is usually thought of as primarily an email tool, it's actually an important "Swiss Army knife" for a variety of <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> use cases. It's also on a tragically short list of <a href="https://infosec.exchange/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenPGP</span></a> and telatrd <a href="https://infosec.exchange/tags/cryptography" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cryptography</span></a> tools that remains fully <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opensource</span></a>.</p><p>We're putting this topic on our agenda for further exploration and discussion. Meanwhile, these community conversations and the viewpoints of respected tool developers is an invaluable resource to everyone.</p>
Dr. Todd A. Jacobs<p><a href="https://infosec.exchange/tags/TIL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TIL</span></a> that <span class="h-card" translate="no"><a href="https://mstdn.social/@GnuPG" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>GnuPG</span></a></span> appears to use the <a href="https://infosec.exchange/tags/ustar" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ustar</span></a> tar archive format, likely the version from POSIX.1-1988, for <a href="https://infosec.exchange/tags/gpgtar" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>gpgtar</span></a> rather than either the <a href="https://infosec.exchange/tags/POSIX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>POSIX</span></a> or Star formats from POSIX.1-2001. Since ustar has serious limitations on filename and pathname lengths, can't store certain file types or metadata, and has a 2GB file size limit, it seems unsuitable for most modern use cases.</p><p>If gpgtar is actually using star, pax, or the GNU tar POSIX mode, it's not in the <a href="https://infosec.exchange/tags/GnuPG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GnuPG</span></a> user documentation which explicitly says it uses ustar. I have a lot of respect for the <a href="https://infosec.exchange/tags/GPG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GPG</span></a> devs, so I hope this is either just a documentary oversight or something that they can easily fix by linking with newer libraries. In either case, ustar is totally unsuitable for writing large archives to tape, and doesn't even offer the options GNU tar does for creating a separate index file, encrypted or not.</p><p>The gnutar command line doesn't offer the option to write a separate index, and requires a separate pass to list out the index. For example if you wanted to encrypt a 20TiB archive with a separate, encrypted index to make finding files easier, you'd either have to pipe tar through gpg (which can cause shoe-shining or buffering issues on <a href="https://infosec.exchange/tags/LTFS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LTFS</span></a>) and then encrypt GNU/BSD tar's index, or have <em>triple</em> the online HDD/SDD capacity of your archived data so you can tar up your files, run another pass with GnuPG to extract the index, and then encrypt both the tarball and index separately before writing them out to tape.</p><p>That seems...unreasonable. <a href="https://infosec.exchange/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenPGP</span></a> doesn't support the AES-256-GCM mode built into current <a href="https://infosec.exchange/tags/LTO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LTO</span></a> drives, so gpgtar needs to keep up with the massive growth of data storage capacity rather than remaining an afterthought utility. Especially for <a href="https://infosec.exchange/tags/SOHO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SOHO</span></a> LTO drives, the ability to write encrypted gpgtar archives and indexes directly to LTFS could be a real game-changer!</p>
openSUSE Linux<p>Please be aware of the switching from a 1024-bit DSA <a href="https://fosstodon.org/tags/GPG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GPG</span></a> key to a 4096-bit RSA GPG key. This switchover is necessary to meet current <a href="https://fosstodon.org/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> recommendations. <a href="https://fosstodon.org/tags/openSUSE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openSUSE</span></a> Find out more at <a href="https://news.opensuse.org/2024/06/12/new-NVIDIA-signing-key/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">news.opensuse.org/2024/06/12/n</span><span class="invisible">ew-NVIDIA-signing-key/</span></a></p>
Heiko<p>Meet oct-git, a new <a href="https://fosstodon.org/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenPGP</span></a> signing and verification tool for use with the <a href="https://fosstodon.org/tags/Git" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Git</span></a> distributed version control system:</p><p><a href="https://crates.io/crates/openpgp-card-tool-git" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">crates.io/crates/openpgp-card-</span><span class="invisible">tool-git</span></a> 🦀</p><p>oct-git focuses exclusively on ergonomic use with OpenPGP card-based signing keys</p><p>It is designed to be easy to set up, standalone (no long running processes), and entirely hands-off to use (no repeated PIN entry required, by default). It comes with desktop notifications for touch confirmation (if required)</p><p><a href="https://fosstodon.org/tags/RustLang" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RustLang</span></a> <a href="https://fosstodon.org/tags/PGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PGP</span></a> <a href="https://fosstodon.org/tags/GnuPG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GnuPG</span></a> <a href="https://fosstodon.org/tags/gpg" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>gpg</span></a> <a href="https://fosstodon.org/tags/Nitrokey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Nitrokey</span></a> <a href="https://fosstodon.org/tags/YubiKey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>YubiKey</span></a></p>
Blue Ghost<p>Proton Mail automatically encrypts/decrypts messages between Proton Mail accounts via OpenPGP/PGP.</p><p>Proton Mail supports automatically encrypting/decrypting messages between Proton Mail accounts and external email accounts that support OpenPGP/PGP or GnuPG/GPG.</p><p>Instructions: <a href="https://proton.me/support/how-to-use-pgp" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">proton.me/support/how-to-use-p</span><span class="invisible">gp</span></a><br>GnuPG: <a href="https://mastodon.online/@blueghost/111974048270035570" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mastodon.online/@blueghost/111</span><span class="invisible">974048270035570</span></a></p><p>Website: <a href="https://proton.me" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">proton.me</span><span class="invisible"></span></a><br>Mastodon: <span class="h-card" translate="no"><a href="https://mastodon.social/@protonprivacy" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>protonprivacy</span></a></span></p><p><a href="https://mastodon.online/tags/Proton" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Proton</span></a> <a href="https://mastodon.online/tags/ProtonMail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ProtonMail</span></a> <a href="https://mastodon.online/tags/ProtonPrivacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ProtonPrivacy</span></a> <a href="https://mastodon.online/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenPGP</span></a> <a href="https://mastodon.online/tags/PGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PGP</span></a> <a href="https://mastodon.online/tags/GnuPG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GnuPG</span></a> <a href="https://mastodon.online/tags/GPG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GPG</span></a> <a href="https://mastodon.online/tags/Email" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Email</span></a> <a href="https://mastodon.online/tags/Encryption" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Encryption</span></a> <a href="https://mastodon.online/tags/E2EE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>E2EE</span></a> <a href="https://mastodon.online/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://mastodon.online/tags/Privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Privacy</span></a></p>
Calisti 🏳️‍🌈🦇<p>Pretty great for remote-specific 🔏 GPG <a href="https://chaos.social/tags/git" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>git</span></a> commit signing configuration, too!</p><p><a href="https://chaos.social/tags/gpg" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>gpg</span></a> <a href="https://chaos.social/tags/pgp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pgp</span></a></p>
Free Software Foundation<p>Did someone say encryption? Encryption helps protect the privacy of people you communicate with, and makes life difficult for bulk surveillance systems. Learn more with our Email Self Defense guide: <a href="https://u.fsf.org/1df" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">u.fsf.org/1df</span><span class="invisible"></span></a> <a href="https://hostux.social/tags/GPG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GPG</span></a> <a href="https://hostux.social/tags/PGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PGP</span></a> <a href="https://hostux.social/tags/E2E" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>E2E</span></a> <a href="https://hostux.social/tags/encryption" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>encryption</span></a></p>
Todd A. Jacobs<p><span class="h-card" translate="no"><a href="https://mstdn.social/@GnuPG" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>GnuPG</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@todd_a_jacobs" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>todd_a_jacobs@infosec.exchange</span></a></span> <span class="h-card" translate="no"><a href="https://ruby.social/@todd_a_jacobs" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>todd_a_jacobs</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@letsencrypt" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>letsencrypt</span></a></span> AFAICT, the App Store version is 2021.4, and there have been a lot of CVEs and improvements in <a href="https://ruby.social/tags/GPG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GPG</span></a> since then. I'm reluctant to rely on outdated software, esp. if its <a href="https://ruby.social/tags/libgcrypt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>libgcrypt</span></a> or <a href="https://ruby.social/tags/ObjectivePGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ObjectivePGP</span></a> haven't been updated since 2021 by the developer (listed as Luca Naef).</p><p>I'm not an Apple or <a href="https://ruby.social/tags/Swift" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Swift</span></a> developer. The code is GPLv3, so it could be forked if unmaintained.</p><p><a href="https://github.com/lucanaef/PGPro" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/lucanaef/PGPro</span><span class="invisible"></span></a></p>
Todd A. Jacobs<p>This is more of a security question, but I currently know way more people on ruby.social than infosec.exchange. I want to use a <a href="https://ruby.social/tags/Yubikey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Yubikey</span></a> for <a href="https://ruby.social/tags/SMIME" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SMIME</span></a> or <a href="https://ruby.social/tags/GPG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GPG</span></a> signing on <a href="https://ruby.social/tags/iOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>iOS</span></a> &amp; <a href="https://ruby.social/tags/iPadOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>iPadOS</span></a>, but can't find:</p><p>1. Any documentation about how to integrate it with Apple Mail.</p><p>2. Anyplace that offers <a href="https://ruby.social/tags/x509" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>x509</span></a> certificates for S/MIME at zero or minimal cost the way <span class="h-card" translate="no"><a href="https://infosec.exchange/@letsencrypt" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>letsencrypt</span></a></span> offers free <a href="https://ruby.social/tags/SSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SSL</span></a> certs.</p><p>Self-signed S/MIME certs are a non-starter, and there are no full-featured <a href="https://ruby.social/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenPGP</span></a> apps on iOS. Suggestions?</p>
Wiktor Kwapisiewicz<p>PSA: WKD Checker (<a href="https://metacode.biz/openpgp/web-key-directory" rel="nofollow noopener" target="_blank">https://metacode.biz/openpgp/web-key-directory</a>) will be officially sunsetted on 1.05.2024.</p><p>The reasons are two-fold: on one hand the service already succeeded in raising awareness of the protocol on the other I lack the resources to maintain and develop it and leaving unmaintained online services is not the smartest move.</p><p>The service was powered by an open-source component so in case someone badly needs it it’s always possible to host your own: <a href="https://gitlab.com/wiktor/wkd-checker" rel="nofollow noopener" target="_blank">https://gitlab.com/wiktor/wkd-checker</a></p><p>Thanks for all your support and kind words! 👋</p>
Kai Engert 🔑✉️ (:KaiE)<p>If you use <a href="https://mastodon.social/tags/GnuPG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GnuPG</span></a> <a href="https://mastodon.social/tags/GPG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GPG</span></a>, and you would like to ensure interoperability with Thunderbird, you might consider to disable the use of <a href="https://mastodon.social/tags/LibrePGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LibrePGP</span></a> features, by using option --rfc4880 in your configuration (e.g. by adding a line with the word "rfc4880" to your gpg.conf file.)<br>At this time it is undecided whether future Thunderbird versions will support LibrePGP or the upcoming refresh of the <a href="https://mastodon.social/tags/IETF" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IETF</span></a> <a href="https://mastodon.social/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenPGP</span></a> specification, or both, or none of them. Hopefully we'll eventually see a new universal standard.</p>
Free Software Foundation<p>Did someone say encryption? Encryption helps protect the privacy of people you communicate with, and makes life difficult for bulk surveillance systems. Learn more with our Email Self Defense guide: <a href="https://u.fsf.org/1df" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">u.fsf.org/1df</span><span class="invisible"></span></a> <a href="https://hostux.social/tags/GPG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GPG</span></a> <a href="https://hostux.social/tags/PGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PGP</span></a> <a href="https://hostux.social/tags/E2E" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>E2E</span></a> <a href="https://hostux.social/tags/encryption" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>encryption</span></a></p>
Free Software Foundation<p>Did someone say encryption? Encryption helps protect the privacy of people you communicate with, and makes life difficult for bulk surveillance systems. Learn more with our Email Self Defense guide: <a href="https://u.fsf.org/1df" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">u.fsf.org/1df</span><span class="invisible"></span></a> <a href="https://hostux.social/tags/GPG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GPG</span></a> <a href="https://hostux.social/tags/PGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PGP</span></a> <a href="https://hostux.social/tags/E2E" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>E2E</span></a> <a href="https://hostux.social/tags/encryption" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>encryption</span></a></p>