Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
bolha.us is one of the many independent Mastodon servers you can use to participate in the fediverse.
We're a Brazilian IT Community. We love IT/DevOps/Cloud, but we also love to talk about life, the universe, and more. | Nós somos uma comunidade de TI Brasileira, gostamos de Dev/DevOps/Cloud e mais!

Administered by:

Server stats:

255
active users

bolha.us: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

#gpg

2 posts2 participants0 posts today
Public
daltux
"The treta has been planted."

@ :debian: Sid

apt-listchanges: News
---------------------

gnupg2 (2.4.7-4) experimental; urgency=medium

  The upstream GnuPG project now explicitly and deliberately diverges from
  the OpenPGP standard.  Debian's own workflows rely heavily on OpenPGP,
  and we ship several different OpenPGP implementations, so
  interoperability via standardization is a priority for the project.

  While Debian still has significant dependencies on GnuPG, the version of
  GnuPG shipped in Debian will default to emitting only OpenPGP-compatible
  artifacts if at all possible.  As of 2.4.7-4, the default
  is --compliance=openpgp, and we apply several patches to ensure that
  this mode is respected.

  If you observe GnuPG in Debian emitting a non-OpenPGP artifact in a
  scenario where a standard OpenPGP artifact is intended or expected,
  please open a critical bug report in the Debian BTS.

  If you want Debian's GnuPG to emit non-standardized artifacts, in line
  with upstream's deliberate divergence, you can explicitly pass
  --compliance=gnupg (or set the corresponding option in
  ~/.gnupg/gpg.conf).  If you revert to compliance with upstream defaults,
  do not expect the material you produce to be interoperable with other
  OpenPGP implementations.

 -- Daniel Kahn Gillmor <dkg@fifthhorseman.net>  Fri, 07 Feb 2025 23:35:29 -0500
#Debian #GnuPG #GPG #OpenPGP #GNU
Replied in thread
Public
Preston Maness ☭

@Xeniax Totally nerdsniped :D I'd love to be a part of the study.

I don't think that #KeyServers are dead. I think they evolved into Verifying Key Servers (VKS), like the one run by a few folks from the OpenPGP ecosystem at keys.openpgp.org/about . More generally, I believe that #PGP / #GPG / #OpenPGP retains important use-cases where accountability is prioritized, as contrasted with ecosystems (like #Matrix, #SignalMessenger) where deniability (and Perfect Forward Secrecy generally) is prioritized. Further, PGP can still serve to bootstrap those other ecosystems by way of signature notations (see the #KeyOxide project).

Ultimately, the needs of asynchronous and synchronous cryptographic systems are, at certain design points, mutually exclusive (in my amateur estimation, anyway). I don't think that implies that email encryption is somehow a dead-end or pointless. Email merely, by virtue of being an asynchronous protocol, cannot meaningfully offer PFS (or can it? Some smart people over at crypto.stackexchange.com seem to think there might be papers floating around that can get at it: crypto.stackexchange.com/quest).

To me, the killer feature of PGP is actually not encryption per se. It's certification, signatures, and authentication/authorization. I'm more concerned with "so-and-so definitely said/attested to this" than "i need to keep what so-and-so said strictly private/confidential forever and ever." What smaller countries like Croatia have done with #PKI leaves me green with envy.

keys.openpgp.orgkeys.openpgp.org
Public
Oscar Pernia

I recently realized that Git commits could be made on your behalf without your consent.

This could happen because either you left your computer unlocked in a public place (or any place actually), your computer got stolen and the disk wasn't encrypted or any of those combinations.

To prevent this, Git has a "signing" mechanism that proves without any doubt that you made that commit.

It uses GPG, and with power of cryptography, it protects your work from being hacked.

#git#pgp#gpg
Public
Pirate Praveen

Has anyone here on #fedi figured out the correct recipe for dealing with #OpenPGP, #DMARC and #mailman ?

The problem, by default mailman will modify messages and this will break the dkim signature.
gitlab.com/mailman/mailman/-/i

Mailman provides two DMARC mitigation options (other option is reject or discard which is not useful in this case).

1. Replace the from address with list address
2. Wrap original message in an envelope

thunderbird flags 1 and fails 2.
#askfedi #gnupg #gpg #thunderbird

GitLabAdd DMARC conformity mode (do not modify DKIM signed headers and body) (#1079) · Issues · GNU Mailman / Mailman Core · GitLabCRITICAL I deployed mm3 to my e-mail server working with the large Linux developer community and we are facing DMARC issues [1]. It seems that...
Public
Austin Huang ❤️

To those still concerned with #Proton #ProtonMail: I've been trying out Lacre (lacre.io), which encrypts incoming #email with your #GPG key, on #Disroot. So far it has worked fairly well! If you have an account with them, see disroot.org/en/blog/disnews-24 for enrollment, though the admin had a backlog when I requested it... And if you don't, consider trying it out! (Custom domains are available: disroot.org/en/perks, which I have for my main email right now.)

lacre.ioLacre | Lacre.ioOpen source end-to-end mailbox encryption for your postfix server.
Public
Abimelech B. 🐧🇩🇪| wörk ™️

#TIL
Man kann den #passwortmanager #pass von passwordstore.org/ tatsächlich in knapp einer Stunde auch auf Windows zum Laufen bekommen (KAF = kids acceptance factor). Man braucht nur noch #gpg und #git und dann kann es auch schon losgehen:

github.com/mbos/Pass4Win#readm + gpg4win.de/download-de.html

Das Kind ist total happy, dass es die Passworte nun nicht mehr nur auf dem #iphone #ios hat 😃 Das andere hat sich für die "Passwörter" #app auf #ios entschieden. Mal sehen wie lange noch 😉

www.passwordstore.orgPass: The Standard Unix Password ManagerPass is the standard unix password manager, a lightweight password manager that uses GPG and Git for Linux, BSD, and Mac OS X.
#security#selfhost#selfhosted
Public
Carsten

Ich habe ein neues Programm in meinem Portfolio:

codeberg.org/CarstenHa/gpg-one

Mit diesem kann man den öffentlichen GnuPG-Schlüssel seines Schlüsselpaares mit nur einer bestimmten Mailadresse
exportieren. Dies ist besonders praktisch, wenn man für seinen Schlüssel mehrere UIDs angelegt hat und nicht alle
seine Mailadressen mit dem öffentlichen Schlüssel mitteilen möchte.

Codeberg.orggpg-oneuidProgramm, um den öffentlichen Schlüssel eines GnuPG-Schlüsselpaares mit nur einer Mailadresse zu generieren.
#gpgoneuid#shell#bash
Public
gyptazy

#FOSDEM 2025 - anyone interested into #GPG key signing?

If you're interested:
* Provide a printed snippet of your fingerprint (gpg-key2ps)
* I will send you the signing to your email (instead of uploading them to key servers [gpg-mailkeys])
* You can find my key at gpg.gyptazy.com and you're allowed to upload them to key servers.
* Have you passport / ID card with you to validate your identity
* I'll probably be mostly in the #BSDDevroom but you can also ping me on Matrix

Happy key signing!

gpg.gyptazy.comgyptazy | GPG Key
#encryption#freebsd#bsd
ExploreLive feeds
About