treefit<p><span class="h-card" translate="no"><a href="https://fosstodon.org/@lns" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>lns</span></a></span> sorry, but no. gnupgp UX sucks so hard that even I don't get it without extensive internet searching.</p><p>And I heard horrible stuff about integration into programs, like that they need to kill the <a href="https://fosstodon.org/tags/gpg" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>gpg</span></a> daemon regularly to make it work.</p><p>Let's rather invest our efforts into making modern alternatives like <a href="https://fosstodon.org/tags/rpgp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rpgp</span></a> and <a href="https://fosstodon.org/tags/rsop" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rsop</span></a><br><a href="https://crates.io/crates/rsop/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">crates.io/crates/rsop/</span><span class="invisible"></span></a> great.</p>
#gpg
0 posts0 participants0 posts today
#TIL that @GnuPG appears to use the #ustar tar archive format, likely the version from POSIX.1-1988, for #gpgtar rather than either the #POSIX or Star formats from POSIX.1-2001. Since ustar has serious limitations on filename and pathname lengths, can't store certain file types or metadata, and has a 2GB file size limit, it seems unsuitable for most modern use cases.
If gpgtar is actually using star, pax, or the GNU tar POSIX mode, it's not in the #GnuPG user documentation which explicitly says it uses ustar. I have a lot of respect for the #GPG devs, so I hope this is either just a documentary oversight or something that they can easily fix by linking with newer libraries. In either case, ustar is totally unsuitable for writing large archives to tape, and doesn't even offer the options GNU tar does for creating a separate index file, encrypted or not.
The gnutar command line doesn't offer the option to write a separate index, and requires a separate pass to list out the index. For example if you wanted to encrypt a 20TiB archive with a separate, encrypted index to make finding files easier, you'd either have to pipe tar through gpg (which can cause shoe-shining or buffering issues on #LTFS) and then encrypt GNU/BSD tar's index, or have triple the online HDD/SDD capacity of your archived data so you can tar up your files, run another pass with GnuPG to extract the index, and then encrypt both the tarball and index separately before writing them out to tape.
That seems...unreasonable. #OpenPGP doesn't support the AES-256-GCM mode built into current #LTO drives, so gpgtar needs to keep up with the massive growth of data storage capacity rather than remaining an afterthought utility. Especially for #SOHO LTO drives, the ability to write encrypted gpgtar archives and indexes directly to LTFS could be a real game-changer!
Please be aware of the switching from a 1024-bit DSA #GPG key to a 4096-bit RSA GPG key. This switchover is necessary to meet current #security recommendations. #openSUSE Find out more at https://news.opensuse.org/2024/06/12/new-NVIDIA-signing-key/
openSUSE NewsNew signing key for NVIDIA repositoriesThe third-party repository for NVIDIA graphics drivers is soon switching from a 1024-bit DSA GPG key to a 4096-bit RSA GPG key. This switchover is necessary ...
Meet oct-git, a new #OpenPGP signing and verification tool for use with the #Git distributed version control system:
https://crates.io/crates/openpgp-card-tool-git 
oct-git focuses exclusively on ergonomic use with OpenPGP card-based signing keys
It is designed to be easy to set up, standalone (no long running processes), and entirely hands-off to use (no repeated PIN entry required, by default). It comes with desktop notifications for touch confirmation (if required)
crates.iocrates.io: Rust Package Registry
Proton Mail automatically encrypts/decrypts messages between Proton Mail accounts via OpenPGP/PGP.
Proton Mail supports automatically encrypting/decrypting messages between Proton Mail accounts and external email accounts that support OpenPGP/PGP or GnuPG/GPG.
Instructions: https://proton.me/support/how-to-use-pgp
GnuPG: https://mastodon.online/@blueghost/111974048270035570
Website: https://proton.me
Mastodon: @protonprivacy
Continued thread
Pretty great for remote-specific 
GPG #git commit signing configuration, too!
Did someone say encryption? Encryption helps protect the privacy of people you communicate with, and makes life difficult for bulk surveillance systems. Learn more with our Email Self Defense guide: https://u.fsf.org/1df #GPG #PGP #E2E #encryption
u.fsf.orgEmail Self-Defense - a guide to fighting surveillance with GnuPG
encryptionEmail surveillance violates our fundamental
rights and makes free speech risky. This guide will teach you email
self-defense in 40 minutes with GnuPG.
Replied in thread
@GnuPG @todd_a_jacobs@infosec.exchange @todd_a_jacobs @letsencrypt AFAICT, the App Store version is 2021.4, and there have been a lot of CVEs and improvements in #GPG since then. I'm reluctant to rely on outdated software, esp. if its #libgcrypt or #ObjectivePGP haven't been updated since 2021 by the developer (listed as Luca Naef).
I'm not an Apple or #Swift developer. The code is GPLv3, so it could be forked if unmaintained.
GitHubGitHub - lucanaef/PGPro: OpenPGP En- & Decryption App for iOSOpenPGP En- & Decryption App for iOS. Contribute to lucanaef/PGPro development by creating an account on GitHub.
This is more of a security question, but I currently know way more people on ruby.social than infosec.exchange. I want to use a #Yubikey for #SMIME or #GPG signing on #iOS & #iPadOS, but can't find:
1. Any documentation about how to integrate it with Apple Mail.
2. Anyplace that offers #x509 certificates for S/MIME at zero or minimal cost the way @letsencrypt offers free #SSL certs.
Self-signed S/MIME certs are a non-starter, and there are no full-featured #OpenPGP apps on iOS. Suggestions?
PSA: WKD Checker (https://metacode.biz/openpgp/web-key-directory) will be officially sunsetted on 1.05.2024.
The reasons are two-fold: on one hand the service already succeeded in raising awareness of the protocol on the other I lack the resources to maintain and develop it and leaving unmaintained online services is not the smartest move.
The service was powered by an open-source component so in case someone badly needs it it’s always possible to host your own: https://gitlab.com/wiktor/wkd-checker
Thanks for all your support and kind words! 
metacode.bizWeb Key Directory
(:KaiE) If you use #GnuPG #GPG, and you would like to ensure interoperability with Thunderbird, you might consider to disable the use of #LibrePGP features, by using option --rfc4880 in your configuration (e.g. by adding a line with the word "rfc4880" to your gpg.conf file.)
At this time it is undecided whether future Thunderbird versions will support LibrePGP or the upcoming refresh of the #IETF #OpenPGP specification, or both, or none of them. Hopefully we'll eventually see a new universal standard.
Did someone say encryption? Encryption helps protect the privacy of people you communicate with, and makes life difficult for bulk surveillance systems. Learn more with our Email Self Defense guide: https://u.fsf.org/1df #GPG #PGP #E2E #encryption
u.fsf.orgEmail Self-Defense - a guide to fighting surveillance with GnuPG
encryptionEmail surveillance violates our fundamental
rights and makes free speech risky. This guide will teach you email
self-defense in 40 minutes with GnuPG.
Did someone say encryption? Encryption helps protect the privacy of people you communicate with, and makes life difficult for bulk surveillance systems. Learn more with our Email Self Defense guide: https://u.fsf.org/1df #GPG #PGP #E2E #encryption
u.fsf.orgEmail Self-Defense - a guide to fighting surveillance with GnuPG
encryptionEmail surveillance violates our fundamental
rights and makes free speech risky. This guide will teach you email
self-defense in 40 minutes with GnuPG.
Did someone say encryption? Encryption helps protect the privacy of people you communicate with, and makes life difficult for bulk surveillance systems. Learn more with our Email Self Defense guide: https://u.fsf.org/1df #GPG #PGP #E2E #encryption
u.fsf.orgEmail Self-Defense - a guide to fighting surveillance with GnuPG
encryptionEmail surveillance violates our fundamental
rights and makes free speech risky. This guide will teach you email
self-defense in 40 minutes with GnuPG.
Did someone say encryption? Encryption helps protect the privacy of people you communicate with, and makes life difficult for bulk surveillance systems. Learn more with our Email Self Defense guide: https://u.fsf.org/1df #GPG #PGP #E2E #encryption
u.fsf.orgEmail Self-Defense - a guide to fighting surveillance with GnuPG
encryptionEmail surveillance violates our fundamental
rights and makes free speech risky. This guide will teach you email
self-defense in 40 minutes with GnuPG.
Did someone say encryption? Encryption helps protect the privacy of people you communicate with, and makes life difficult for bulk surveillance systems. Learn more with our Email Self Defense guide: https://u.fsf.org/1df #GPG #PGP #E2E #encryption
u.fsf.orgEmail Self-Defense - a guide to fighting surveillance with GnuPG
encryptionEmail surveillance violates our fundamental
rights and makes free speech risky. This guide will teach you email
self-defense in 40 minutes with GnuPG.
Did someone say encryption? Encryption helps protect the privacy of people you communicate with, and makes life difficult for bulk surveillance systems. Learn more with our Email Self Defense guide: https://u.fsf.org/1df #GPG #PGP #E2E #encryption
u.fsf.orgEmail Self-Defense - a guide to fighting surveillance with GnuPG
encryptionEmail surveillance violates our fundamental
rights and makes free speech risky. This guide will teach you email
self-defense in 40 minutes with GnuPG.