GnuPG<p><span class="h-card" translate="no"><a href="https://fosstodon.org/@hko" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>hko</span></a></span> <span class="h-card" translate="no"><a href="https://fosstodon.org/@treefit" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>treefit</span></a></span> <span class="h-card" translate="no"><a href="https://fosstodon.org/@lns" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>lns</span></a></span> </p><p>If you have specific questions about <a href="https://mstdn.social/tags/GnuPG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GnuPG</span></a>, please ask them. There are a few ways to do so, for example <a href="https://forum.gnupg.org/c/gnupg/8" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">forum.gnupg.org/c/gnupg/8</span><span class="invisible"></span></a> or <a href="https://lists.gnupg.org/pipermail/gnupg-users/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">lists.gnupg.org/pipermail/gnup</span><span class="invisible">g-users/</span></a> .</p><p>(Note that <a href="https://mstdn.social/tags/GnuPG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GnuPG</span></a> is a mature crypto engine and the command line interfaces are more like a multitool for experts or advanced users who do not mind to use the command line. However there are many good workflow oriented frontends, like email clients or file managers. No need to use `gpg` on the command line.)</p>
mastodon.zunda.ninja is one of the many independent Mastodon servers you can use to participate in the fediverse.
Zundon is a single user instance as home of @zundan as well as a test bed for changes of the code.
Administered by:
Server stats:
1active users
mastodon.zunda.ninja: About · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.0-alpha.4+6965ba98-ruby-3.4.2
#gnupg
0 posts · 0 participants · 0 posts today
Frank Guthausen<p>Today I migrated my <a href="https://mstdn.social/tags/GnuPG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GnuPG</span></a> self compile assistance project (WIP) from incubator repository to a dedicated repository (including the new version number 2.5.5):</p><p><a href="https://codeberg.org/fmg/diy-gnupg" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">codeberg.org/fmg/diy-gnupg</span><span class="invisible"></span></a></p>
GnuPG<p>The March release for <a href="https://mstdn.social/tags/GnuPG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GnuPG</span></a> in the PQC public testing release series is here: v2.5.5 only has a few fixes, but those seem important ... removing potential "hangs" 🧐 on windows and elsewhere.</p><p><a href="https://dev.gnupg.org/T7530" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">dev.gnupg.org/T7530</span><span class="invisible"></span></a><br><a href="https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">lists.gnupg.org/pipermail/gnup</span><span class="invisible">g-announce/2025q1/000491.html</span></a></p><p><a href="https://mstdn.social/tags/FreeSoftware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FreeSoftware</span></a> <a href="https://mstdn.social/tags/EndtoEndSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EndtoEndSecurity</span></a> <a href="https://mstdn.social/tags/LibrePGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LibrePGP</span></a> <a href="https://mstdn.social/tags/OpenPGPv4" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenPGPv4</span></a></p>
Jordan<p>Everybody should learn how to use GPG.</p><p><a href="https://gnupg.org/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">gnupg.org/</span><span class="invisible"></span></a></p><p><a href="https://fosstodon.org/tags/gpg" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>gpg</span></a> <a href="https://fosstodon.org/tags/gnupg" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>gnupg</span></a> <a href="https://fosstodon.org/tags/encryption" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>encryption</span></a> <a href="https://fosstodon.org/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://fosstodon.org/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a> <a href="https://fosstodon.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://fosstodon.org/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linux</span></a> <a href="https://fosstodon.org/tags/pgp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pgp</span></a></p>
Frank Guthausen<p><span class="h-card" translate="no"><a href="https://mstdn.social/@GnuPG" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>GnuPG</span></a></span> The 2.5.* <a href="https://mstdn.social/tags/GnuPG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GnuPG</span></a> package had some issues with path structure due to the speedo makefile (from the w32 tarball, AFAIK not intended to create <a href="https://mstdn.social/tags/Debian" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Debian</span></a> style packages) which were fixed Thursday during a testing session. The file gpgconf.ctl contained a rootdir value not appropriate for a deb package. This prevented dirmngr from starting. Latest version: 2.5.4-1~shimps3</p>
DD9JN<p>FWIW, I also had an interview (German) on the <a href="https://social.darc.de/tags/PGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PGP</span></a> and <a href="https://social.darc.de/tags/GnuPG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GnuPG</span></a> history at a <a href="https://social.darc.de/tags/bitcoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bitcoin</span></a> podcast: </p><p><a href="https://muenzweg21.podbean.com/e/munzgasse-47-auf-den-schultern-von-hackern-mit-werner-koch-und-blue/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">muenzweg21.podbean.com/e/munzg</span><span class="invisible">asse-47-auf-den-schultern-von-hackern-mit-werner-koch-und-blue/</span></a></p>
Frank Guthausen<p>Last year the inventor of <a href="https://mstdn.social/tags/GnuPG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GnuPG</span></a> appeared in a podcast interview (almost one hour) which is IMHO worth of attention. More details:<br><a href="https://blog.shimps.org/blogpost365-Werner-Koch-at-The-Linux-Inlaws" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.shimps.org/blogpost365-We</span><span class="invisible">rner-Koch-at-The-Linux-Inlaws</span></a></p>
GnuPG<p>I think I've seen <a href="https://mstdn.social/tags/GnuPG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GnuPG</span></a> 2.5.4 there as well. Did somebody install and use this package already?</p>
GnuPG<p>And here is <a href="https://mstdn.social/tags/GnuPG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GnuPG</span></a> 2.5.4 a month after 2.5.3. Remember: this is a public beta release series, adding a post quantum cryptography algorithm for encryption (kyber768 an kyber1024) so you can play with the future! :)<br><a href="https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000490.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">lists.gnupg.org/pipermail/gnup</span><span class="invisible">g-announce/2025q1/000490.html</span></a> <a href="https://dev.gnupg.org/T7480" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">dev.gnupg.org/T7480</span><span class="invisible"></span></a></p>
GnuPG<p>Admins and experts who want to play with the public testing line of <a href="https://mstdn.social/tags/GnuPG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GnuPG</span></a> 2.5.3 (offering PQC) can check out the Debian style community contributed repository from <a href="https://blog.shimps.org/blogpost296-GnuPG-Upstream-packaged-in-Debian-style" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.shimps.org/blogpost296-Gn</span><span class="invisible">uPG-Upstream-packaged-in-Debian-style</span></a>. Thanks to Frank Guthausen, who is happy to receive feedback <a href="https://lists.gnupg.org/pipermail/gnupg-users/2024-December/067439.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">lists.gnupg.org/pipermail/gnup</span><span class="invisible">g-users/2024-December/067439.html</span></a></p>
GnuPG<p>For those following the "public testing" release series of <a href="https://mstdn.social/tags/GnuPG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GnuPG</span></a> that includes support for post-quantum cryptographc (PQC), a new version 2.5.3 is available -- with only minor improvements.<br><a href="https://dev.gnupg.org/T7442" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">dev.gnupg.org/T7442</span><span class="invisible"></span></a> and <a href="https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000489.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">lists.gnupg.org/pipermail/gnup</span><span class="invisible">g-announce/2025q1/000489.html</span></a></p>
DD9JN<p><a href="https://social.darc.de/tags/gnupg" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>gnupg</span></a> 2.5.2 released; see <a href="https://lists.gnupg.org/pipermail/gnupg-announce/2024q4/000488.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">lists.gnupg.org/pipermail/gnup</span><span class="invisible">g-announce/2024q4/000488.html</span></a></p><p>Also released a *beta* of <a href="https://social.darc.de/tags/gpg4win" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>gpg4win</span></a> 5 see <a href="https://www.gpg4win.org/version5.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">gpg4win.org/version5.html</span><span class="invisible"></span></a></p>
GnuPG<p>Better handling of certificates and public keys<br>with <a href="https://mstdn.social/tags/Gpg4win" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Gpg4win</span></a> v4.4.0's improved crypto manager _Kleopatra_.</p><p>It also comes with <a href="https://mstdn.social/tags/GnuPG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GnuPG</span></a> v2.4.7 for Windows. Workflows that profit from several signatures on a file<br>profit as well.</p><p><a href="https://gpg4win.org/version4.4.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">gpg4win.org/version4.4.html</span><span class="invisible"></span></a> <-- see what else is new.</p><p><a href="https://mstdn.social/tags/LibrePGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LibrePGP</span></a> <a href="https://mstdn.social/tags/OpenPGPv4" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenPGPv4</span></a> <a href="https://mstdn.social/tags/EndtoEndCrypto" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EndtoEndCrypto</span></a> <a href="https://mstdn.social/tags/FreeSoftware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FreeSoftware</span></a></p>
GnuPG<p><a href="https://mstdn.social/tags/GnuPG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GnuPG</span></a> 2.4.6 is available. Accumulated fixes and small improvements over the last 7 months. There is even a new tool `gpg-mail-tube` to encrypt an email automatically in a pipe. Give it a try, especially if you use hardware tokens.</p><p><a href="https://lists.gnupg.org/pipermail/gnupg-announce/2024q4/000486.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">lists.gnupg.org/pipermail/gnup</span><span class="invisible">g-announce/2024q4/000486.html</span></a></p><p><a href="https://dev.gnupg.org/T7030" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">dev.gnupg.org/T7030</span><span class="invisible"></span></a></p><p><a href="https://mstdn.social/tags/FreeSoftware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FreeSoftware</span></a> <a href="https://mstdn.social/tags/EndtoEndSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EndtoEndSecurity</span></a> <a href="https://mstdn.social/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenPGP</span></a> <a href="https://mstdn.social/tags/LibrePGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LibrePGP</span></a></p>
GnuPG<p>Discovered <a href="https://useplaintext.email/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">useplaintext.email/</span><span class="invisible"></span></a> ✉️ which is quite nice. As a number of <a href="https://mstdn.social/tags/GnuPG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GnuPG</span></a> devs have filters in place that only let plain text emails pass (allowing attachments and OpenPGP/MIME signatures of course) I've updated our <a href="https://wiki.gnupg.org/EMailClients/Thunderbird" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">wiki.gnupg.org/EMailClients/Th</span><span class="invisible">underbird</span></a> recommendations. <a href="https://mstdn.social/tags/Thunderbird" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Thunderbird</span></a> ⛈️ 🐦 <a href="https://mstdn.social/tags/FreeSoftware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FreeSoftware</span></a> 📨</p>
DD9JN<p><a href="https://social.darc.de/tags/GnuPG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GnuPG</span></a> has now <a href="https://social.darc.de/tags/FIPS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FIPS</span></a>-203 compliant <a href="https://social.darc.de/tags/PQC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PQC</span></a> encryption support (<a href="https://social.darc.de/tags/Kyber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Kyber</span></a>+ECC). For details see<br><a href="https://lists.gnupg.org/pipermail/gnupg-announce/2024q3/000485.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">lists.gnupg.org/pipermail/gnup</span><span class="invisible">g-announce/2024q3/000485.html</span></a></p>
Theia Institute™<p><span class="h-card" translate="no"><a href="https://mstdn.social/@GnuPG" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>GnuPG</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@todd_a_jacobs" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>todd_a_jacobs</span></a></span> Using <a href="https://infosec.exchange/tags/LTFS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LTFS</span></a> to store <a href="https://infosec.exchange/tags/encrypteddata" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>encrypteddata</span></a> outside of hyper scaler environments without the dedicated <a href="https://infosec.exchange/tags/KMS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KMS</span></a> components expensive tape libraries use to enable <a href="https://infosec.exchange/tags/LTO9" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LTO9</span></a> drives' built-in, hardware <a href="https://infosec.exchange/tags/AES256GCM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AES256GCM</span></a> support is an area the institute is evaluating, and thinking about how <a href="https://infosec.exchange/tags/GPG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GPG</span></a> might fit in has been a facet of our research process.</p><p>All recent generations of <a href="https://infosec.exchange/tags/LTO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LTO</span></a> drives support strong, on-the-fly, hardware-accelerated encryption on the drives themselves. Sadly, it's essentially useless in the standalone drives sold to individuals, the <a href="https://infosec.exchange/tags/SOHO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SOHO</span></a> market, or to other non-enterprise customers because of the high cost of the tape library hardware required to activate it.</p><p>In some ways, the situation is much like the early Intel 386 computers that shipped with missing or disabled math coprocessors even when it stopped being a cost issue. In part, that was a strategic market segmentation decision, and the institute currently believes the lack of accessible LTFS encryption for all encryption-capable drives is no different. </p><p>Even though <a href="https://infosec.exchange/tags/GnuPG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GnuPG</span></a> is usually thought of as primarily an email tool, it's actually an important "Swiss Army knife" for a variety of <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> use cases. It's also on a tragically short list of <a href="https://infosec.exchange/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenPGP</span></a> and telatrd <a href="https://infosec.exchange/tags/cryptography" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cryptography</span></a> tools that remains fully <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opensource</span></a>.</p><p>We're putting this topic on our agenda for further exploration and discussion. Meanwhile, these community conversations and the viewpoints of respected tool developers is an invaluable resource to everyone.</p>
GnuPG<p>Hi <span class="h-card" translate="no"><a href="https://infosec.exchange/@todd_a_jacobs" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>todd_a_jacobs</span></a></span> </p><p>> If gpgtar is actually using star, pax, or the GNU tar POSIX mode, it's not in the <a href="https://mstdn.social/tags/GnuPG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GnuPG</span></a> user documentation which explicitly says it uses ustar.</p><p>That is a documentary oversight, I've created <a href="https://dev.gnupg.org/T7271" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">dev.gnupg.org/T7271</span><span class="invisible"></span></a> </p><p>As for the separate index capability or other things, this sounds like a feature request to me. Feel free to suggest it. Traditionally <a href="https://mstdn.social/tags/GnuPG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GnuPG</span></a> has been about encrypting single files and emails (and thus do one task well and leave another task to another tool).</p>
PGPkeys EU<p>In recent weeks, a theoretical downgrade attack against the new default encryption mode used by GnuPG 2.5 has been published. This comes two years after a theoretical downgrade attack was announced against GnuPG's new default *signature* format. Both issues have been addressed in the latest update to the official OpenPGP specification, but GnuPG has declared that it will not implement the fixes.</p><p><a href="https://infosec.exchange/tags/gnupg" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>gnupg</span></a> <a href="https://infosec.exchange/tags/openpgp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openpgp</span></a> <a href="https://infosec.exchange/tags/librepgp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>librepgp</span></a> </p><p><a href="https://blog.pgpkeys.eu/security-issues-librepgp-2024-08.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.pgpkeys.eu/security-issue</span><span class="invisible">s-librepgp-2024-08.html</span></a></p>
Dr. Todd A. Jacobs<p><a href="https://infosec.exchange/tags/TIL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TIL</span></a> that <span class="h-card" translate="no"><a href="https://mstdn.social/@GnuPG" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>GnuPG</span></a></span> appears to use the <a href="https://infosec.exchange/tags/ustar" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ustar</span></a> tar archive format, likely the version from POSIX.1-1988, for <a href="https://infosec.exchange/tags/gpgtar" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>gpgtar</span></a> rather than either the <a href="https://infosec.exchange/tags/POSIX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>POSIX</span></a> or Star formats from POSIX.1-2001. Since ustar has serious limitations on filename and pathname lengths, can't store certain file types or metadata, and has a 2GB file size limit, it seems unsuitable for most modern use cases.</p><p>If gpgtar is actually using star, pax, or the GNU tar POSIX mode, it's not in the <a href="https://infosec.exchange/tags/GnuPG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GnuPG</span></a> user documentation which explicitly says it uses ustar. I have a lot of respect for the <a href="https://infosec.exchange/tags/GPG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GPG</span></a> devs, so I hope this is either just a documentary oversight or something that they can easily fix by linking with newer libraries. In either case, ustar is totally unsuitable for writing large archives to tape, and doesn't even offer the options GNU tar does for creating a separate index file, encrypted or not.</p><p>The gnutar command line doesn't offer the option to write a separate index, and requires a separate pass to list out the index. For example if you wanted to encrypt a 20TiB archive with a separate, encrypted index to make finding files easier, you'd either have to pipe tar through gpg (which can cause shoe-shining or buffering issues on <a href="https://infosec.exchange/tags/LTFS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LTFS</span></a>) and then encrypt GNU/BSD tar's index, or have <em>triple</em> the online HDD/SDD capacity of your archived data so you can tar up your files, run another pass with GnuPG to extract the index, and then encrypt both the tarball and index separately before writing them out to tape.</p><p>That seems...unreasonable. <a href="https://infosec.exchange/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenPGP</span></a> doesn't support the AES-256-GCM mode built into current <a href="https://infosec.exchange/tags/LTO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LTO</span></a> drives, so gpgtar needs to keep up with the massive growth of data storage capacity rather than remaining an afterthought utility. Especially for <a href="https://infosec.exchange/tags/SOHO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SOHO</span></a> LTO drives, the ability to write encrypted gpgtar archives and indexes directly to LTFS could be a real game-changer!</p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
LoginDrag & drop to upload