Librem 5 accessories now available: battery, modem, SD card, OpenPGP card, SIM card, and privacy screen shop.puri.sm/product-cate…
πŸ‘︎ 39
πŸ“°︎ r/Purism
πŸ’¬︎
πŸ‘€︎ u/FaidrosE
πŸ“…︎ Nov 24 2020
🚨︎ report
OpenPGP in Thunderbird 78 blog.thunderbird.net/2020…
πŸ‘︎ 434
πŸ“°︎ r/linux
πŸ’¬︎
πŸ‘€︎ u/resoluti0n_
πŸ“…︎ Sep 07 2020
🚨︎ report
An example of decryption using OpenPGP and Bouncy Castle yellowsink.herokuapp.com/…
πŸ‘︎ 4
πŸ“°︎ r/dotnet
πŸ’¬︎
πŸ‘€︎ u/Yellosink
πŸ“…︎ Jan 09
🚨︎ report
OpenPGP pop ups unreadable in dark mode (macOS)

Using Thunderbird 78.6.0 on macOS Catalina (10.15.7), with macOS set to its dark mode.

With Thunderbird's built-in dark theme enabled, or the default theme, the UI is overall much easier on the eyes. However, clicking the OpenPGP button in signed/encrypted emails and then clicking either 'View signer key' or 'View your decryption key' results in an unreadable mess. Image here.

Only the light theme makes all elements readable, but it's unbearable on my eyes (due to disability). Any ideas please? Search didn't show much.

πŸ‘︎ 5
πŸ“°︎ r/Thunderbird
πŸ’¬︎
πŸ‘€︎ u/QGRr2t
πŸ“…︎ Jan 10
🚨︎ report
You need to use a Master Password in Thunderbird if you use OpenPGP ghacks.net/2020/12/07/you…
πŸ‘︎ 6
πŸ“°︎ r/privacy
πŸ’¬︎
πŸ“…︎ Dec 08 2020
🚨︎ report
YubiKey OpenPGP question: can't store signature + encryption + authentication keys on the YubiKey

I'm very much struggling to set up OpenPGP on my new YubiKey 5 NFC. Here is a very brief summary of how I got to this point, and then the issue I'm having:

  1. Firstly, I'm using GPG4Win, and started from scratch (no existing keys)

  2. Generated 4096-bit RSA key pair and E, S & A subkeys (for Encryption, Signing, Authentication):

>pub rsa4096 2020-12-08 [SC] [expires: 2021-12-08]
>
>***KEY-ID***
>
>uid [ultimate] *MY NAME*
>
>sub rsa4096 2020-12-08 [E] [expires: 2021-12-08]
>
>sub rsa4096 2020-12-08 [S] [expires: 2021-12-08]
>
>sub rsa4096 2020-12-08 [A] [expires: 2021-12-08]

  1. Following this guide, I then used --edit-key to begin moving the keys onto the YubiKey

  2. Within the gpg --edit-key tool, entered "toggle" followed by "keytocard", which (I believe) moved my "primary key" to slot 1 on the YubiKey. Continuing with the guide, I then tried adding the signature/encryption/authentication subkeys as well, which is where I ran into trouble. Running the keytocard command only gives me two options for where to store my keys:

https://preview.redd.it/typ44makcx361.png?width=299&format=png&auto=webp&s=6bb3f49a8dd4befa01cc7fbb99c545d41168ea75

There appear to only be two slots, for signature and authentication keys, but nowhere to put the encryption subkey. The guide I linked above says that all three subkeys should be moved to the YubiKey, but I don't see how to do that given these options for where to store the keys.

Also, isn't the primary key already taking up one of these two slots? Because I already executed "keytocard" without selecting a subkey, and put *that* key in slot 1. And of course, the guide wants me to put the encryption subkey into slot 2, which isn't even an option, only slots 1 and 3 seem to exist.

Obviously I'm not understanding something here, can anyone point out where I'm going wrong?

πŸ‘︎ 3
πŸ“°︎ r/yubikey
πŸ’¬︎
πŸ‘€︎ u/daishi55
πŸ“…︎ Dec 08 2020
🚨︎ report
21 years after the request OpenPGP support gets added to Thunderbird bugzilla.mozilla.org/show…
πŸ‘︎ 191
πŸ“°︎ r/programming
πŸ’¬︎
πŸ‘€︎ u/Astro_Z0mbie
πŸ“…︎ Sep 18 2020
🚨︎ report
OpenPGP is not function "invalid ID"

I'm using Yubikey with OpenPGP, but suddenly it's not function. I did a factory reset on Yubikey, but it didn't improve.

When I try to sign it, it returns an "invalid ID" error and does not work.


    ❯ gpg -K
    /home/kugo/.gnupg/pubring.kbx
    -----------------------------
    sec#  rsa4096 2020-12-07 [C]
    8787A2DA7E15F0B67B5A1BE7BAC452A4B60469A5
    uid           [ultimate] ιŠ€ηŒ«γ•γ‚“ (silverscat_3) <[email protected]>
    ssb>  rsa4096 2020-12-07 [S]
    ssb>  rsa4096 2020-12-07 [E]
    ssb>  rsa4096 2020-12-07 [A]
    
    ❯ echo "test" | gpg --clearsign
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    test
    gpg: signing failed: Invalid ID
    gpg: [stdin]: clear-sign failed: Invalid ID

Reader ...........: Yubico YubiKey OTP FIDO CCID 00 00
Application ID ...: ****
Application type .: OpenPGP
Version ..........: 3.4
Manufacturer .....: Yubico
Serial number ....: ****
Name of cardholder: silverscat_3
Language prefs ...: ja
Salutation .......: Mr.
URL of public key : http://pgp.nic.ad.jp/pks/lookup?op=get&search=0xB60469A5
Login data .......: [not set]
Signature PIN ....: forced
Key attributes ...: rsa4096 rsa4096 rsa4096
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 3
Signature counter : 0
KDF setting ......: off
Signature key ....: B5F2 25FF F230 6ABF 594A  5BB9 1CFA EC0D 1831 0863
      created ....: 2020-12-07 05:40:30
Encryption key....: ACA5 6A7D D584 5CB2 9EFE  F845 745C 3383 48FA 31B3
      created ....: 2020-12-07 05:40:48
Authentication key: 29D1 DBC3 9D7A 06E0 92F6  3272 E61F 67AE D867 8D23
      created ....: 2020-12-07 05:41:08
General key info..: sub  rsa4096/1CFAEC0D18310863 2020-12-07 ιŠ€ηŒ«γ•γ‚“ (silverscat_3) <[email protected]>
sec#  rsa4096/BAC452A4B60469A5  created: 2020-12-07  expires: never
ssb>  rsa4096/1CFAEC0D18310863  created: 2020-12-07  expires: never
                                card-no: ****
ssb>  rsa4096/745C338348FA31B3  created: 2020-12-07  expires: never
                                card-no: ****
ssb>  rsa4096/E61F67AED8678D23  created: 2020-12-07  expires: never
                                card-no: ***

Thanks.

πŸ‘︎ 2
πŸ“°︎ r/yubikey
πŸ’¬︎
πŸ‘€︎ u/silverscat_3
πŸ“…︎ Dec 08 2020
🚨︎ report
OpenPGP in Rust sequoia-pgp.org/
πŸ‘︎ 179
πŸ“°︎ r/rust
πŸ’¬︎
πŸ‘€︎ u/marsuplane
πŸ“…︎ Sep 13 2020
🚨︎ report
The state of RFC4880bis draft, updating the OpenPGP standard

RFC4880bis aims to update RFC4880 specification of the OpenPGP standard by deprecating weak ciphers, introducing new cryptographic primitives and key derivation functions, simplifying the format, etc.

This is a welcome development. However, this seems to be still a draft in progress:

https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-10

Does anyone have information about when this draft will be finalized, and implemented in OpenPGP implementations?

πŸ‘︎ 13
πŸ“°︎ r/crypto
πŸ’¬︎
πŸ‘€︎ u/chaplin2
πŸ“…︎ Oct 25 2020
🚨︎ report
PSA: If you are using OpenPGP in Thunderbird, your private key may be stored in plain-text without a passphrase, even if imported from GnuPG bugzilla.mozilla.org/show…
πŸ‘︎ 11
πŸ“°︎ r/privacy
πŸ’¬︎
πŸ“…︎ Dec 06 2020
🚨︎ report
Thunderbird OpenPGP integration isn't asking for a passphrase anymore! /r/techsupport/comments/j…
πŸ‘︎ 11
πŸ“°︎ r/Thunderbird
πŸ’¬︎
πŸ‘€︎ u/Arjab
πŸ“…︎ Nov 23 2020
🚨︎ report
OpenPGP Keyserver

Are there any links, resources or tutorials on how to setup a personal/private OpenPGP Keyserver like the one at http://keys.gnupg.net/

πŸ‘︎ 3
πŸ“°︎ r/GnuPG
πŸ’¬︎
πŸ‘€︎ u/jimbojetset35
πŸ“…︎ Nov 02 2020
🚨︎ report
Librem 5 accessories now available: battery, modem, SD card, OpenPGP card, SIM card, and privacy screen shop.puri.sm/product-cate…
πŸ‘︎ 10
πŸ“°︎ r/Librem5
πŸ’¬︎
πŸ‘€︎ u/InCraigible119
πŸ“…︎ Nov 24 2020
🚨︎ report
Thunderbird OpenPGP integration isn't asking for a passphrase anymore!

Yesterday I migrated from Enigmail to the native OpenPGP integration on Thunderbird and sent an encrypted e-mail today. I was surprised that I wasn't asked for the passphrase like I used to. This seems to be a huge security concern and I think it's really problematic that this is the default setting. How can I change this? Enigmail had a setting, that after a certain amount of time I had to enter my passphrase again. Where is this setting?

EDIT: I just found this and I think it's a really bold move of Mozilla to make this the default behavior and rely on users to use a Master Password, when they were used to use individual passphrases per account. Give us an option to opt-out and use our passphrases again! Replacing the individual passphrase with an automatic password and storing this unprotected is a straight up security flaw per default!

EDIT #2: The more I realize what that means, the more I'm shocked about this decision. Entering no passphrase is worse, but entering the Master-Password once to decrypt all encrypted mails for the entirety the computer is turned on is just unbelievably unsecure. This needs an option to re-enter a password after a relatively short amount of time to prevent people from stealing your laptop in sleep or hibernation or authorities searching your home and finding your running desktop-computer.

I don't know if I'm missing anything crucial here, but I believe Thunderbird just made a huge mistake!

πŸ‘︎ 4
πŸ“°︎ r/techsupport
πŸ’¬︎
πŸ‘€︎ u/Arjab
πŸ“…︎ Nov 20 2020
🚨︎ report
Can I use GnuPG or other OpenPGP tools (free tools) to encrypt my iCloud files?

Currently, I am using Cryptomator and I'd like to use OpenPGP. Does OpenPGP standard online for email and email attachments? Can I use it to encrypt all types of files and folders I back up to my iCloud?

Thank you.

πŸ‘︎ 4
πŸ“°︎ r/privacy
πŸ’¬︎
πŸ‘€︎ u/morty92222
πŸ“…︎ Sep 27 2020
🚨︎ report
ChromeOS OpenPGP?

Are there any software packages/plugins for OpenPGP for ChomeOS?

Or do I need to use the Linux VM with USB pass through?

πŸ‘︎ 3
πŸ“°︎ r/yubikey
πŸ’¬︎
πŸ‘€︎ u/kevinds
πŸ“…︎ Oct 21 2020
🚨︎ report
Windows 10 Thunderbird Smarcard OpenPGP

Hello there,

anyone managed to have the new Thunderbird talk with an external Smartcard on WIndows?

πŸ‘︎ 5
πŸ“°︎ r/privacy
πŸ’¬︎
πŸ‘€︎ u/steilfirn_5000
πŸ“…︎ Oct 08 2020
🚨︎ report
Mozilla Thunderbird 78.1 Released with Full OpenPGP Support, Search in Preferences Tab - 9to5Linux 9to5linux.com/mozilla-thu…
πŸ‘︎ 17
πŸ“°︎ r/Linuxers
πŸ’¬︎
πŸ‘€︎ u/liamdgol
πŸ“…︎ Aug 02 2020
🚨︎ report
21 years after the request OpenPGP support gets added to Thunderbird bugzilla.mozilla.org/show…
πŸ‘︎ 45
πŸ“°︎ r/hackernews
πŸ’¬︎
πŸ‘€︎ u/qznc_bot2
πŸ“…︎ Sep 17 2020
🚨︎ report
No signature packet in OpenPGP with ed25519?

OpenPGP standard has 20 types of packets. A minimal packet list for an encrypted signed message with one recipient and with asymmetric encryption could be something like this:

(public key encrypted packet, encrypted data packet, one-pass signature, literal data, signature packet).

Terms:

  • public key encrypted packet: This is the session key, namely a random string, encrypted with the recipient’s public key. The actual data is encrypted symmetrically with this session key.

  • encrypted data packet: data after encryption (ciphertext), with modification detection integrity check information

  • one-pass signature packet: hash and signature parameters forming a sort of a partial signature. This (arguably strange) packet helps verify the signature with one pass without buffering and back and forth operations.

  • literal data packet: data that is to be signed

  • signature packet: full signature, ie, signed literal data

RSA signature scheme includes a one-pass signature packet as well as a full signature packet, but ed25519 signature scheme includes only a one pass signature (no signature packet).

Why is that the case?

I suppose this is very basic and it has to do with the difference between the RSA and EC signatures. But I wanted to make sure that my signatures are not missing.

πŸ‘︎ 3
πŸ“°︎ r/GnuPG
πŸ’¬︎
πŸ‘€︎ u/chaplin2
πŸ“…︎ Oct 24 2020
🚨︎ report
What’s New in Thunderbird 78: "Thunderbird 78.2, due out in the coming months, will offer a new feature that allows you to end-to-end encrypt your email messages via OpenPGP." blog.thunderbird.net/2020…
πŸ‘︎ 42
πŸ“°︎ r/privacytoolsIO
πŸ’¬︎
πŸ‘€︎ u/ourari
πŸ“…︎ Jul 17 2020
🚨︎ report
What’s New in Thunderbird 78: "Thunderbird 78.2, due out in the coming months, will offer a new feature that allows you to end-to-end encrypt your email messages via OpenPGP." blog.thunderbird.net/2020…
πŸ‘︎ 54
πŸ“°︎ r/privacy
πŸ’¬︎
πŸ‘€︎ u/ourari
πŸ“…︎ Jul 17 2020
🚨︎ report
Help: Encrypting and Decrypting with golang.org/x/crypto/openpgp

Hi,

i have been trying to decrypt and encrypt ASCII armor PGP Messages that i receive and send to a API.

I Wrote a function for decrypting messages and another one for encrypting messages. The Decrypting function Works and i can decrypt the API's messages. But My encrypt function Seems to be broken as Neither the API or my decrypt function can decrypt the Messages encrypted by my encrypt function. Decrypting the encrypted messages from my encrypt function always result in the following error: "Error reading message: openpgp: unsupported feature: unknown SymmetricallyEncrypted version"

i have uploaded a example to the Go Play Ground : https://play.golang.org/p/JhhZ4xWWYvn

Any help is Appreciated.

πŸ‘︎ 7
πŸ“°︎ r/golang
πŸ’¬︎
πŸ‘€︎ u/speatzle_
πŸ“…︎ Aug 17 2020
🚨︎ report
Trying to move to openpgp smartcards, still having small issues

I've been trying to take the next step with my gnupg setup and move to smartcards. It has been mostly pretty ok, but I'm still having some random issues here and there.

I'm using Yubikey for some web site authentication and then openpgp card from Zeitcontrol for the pgp. I could use Yubikey for everything, but I appreciate a real card with secure pin entry. These devices seem to have some conflicts, so sometimes I get some weird issues of initializing readers, but that's rare and most of the time they co-exist quit happily.

More common issue is a strange thing with "pcsc_connect failed: unpowered card" (in the scdaemon log). This seems to be totally random, and happens 2-3 times a day. Removing and inserting the card couple of times resolves the issue.

Because of these annoying little things I've been thinking about removing the pcscd from this picture to see if it gets a bit more reliable. From what I understand, gnupg scdaemon should be able to handle card without pcscd, but how can I can configure it? If I remove pcsc-lite, scdaemon says "failed to open driver libcsclite.so.1". If I just disable the pcscd, scdaemon says "no service". So after all, it seems to be totally dependent of the pcsc-lite?

EDIT: got it working! I just had to create new group "scard", add myself to it, and then define udev rules for my card reader. So now the gnupg is using the card completely without pcsc-lite. Remains to be seen if it is more reliable.

πŸ‘︎ 7
πŸ“°︎ r/GnuPG
πŸ’¬︎
πŸ‘€︎ u/turkja
πŸ“…︎ Sep 11 2020
🚨︎ report
I cannot reset the OpenPGP Applet on the YubiKey!

I bought a Yubikey 5Ci second hand and it have reset all 4 separate applets with no issue, but cannot for the life of me reset the last one, on the list. the OpenPGP Applet. I have tried everything in the article, what am I doing wrong? if anyone can give me any advice, that would be awesome. https://support.yubico.com/support/solutions/articles/15000006421-resetting-the-openpgp-applet-on-your-yubikey

Update 1: nothing has changed. I reached out to Yubico on insta and on their website. Maybe I’ll receive some assistance.

πŸ‘︎ 3
πŸ“°︎ r/yubikey
πŸ’¬︎
πŸ‘€︎ u/Liquidb0ss
πŸ“…︎ Aug 08 2020
🚨︎ report
When I tried to add a repository, I got an error saying " no valid OpenPGP data found. ". How can I solve this error ?
πŸ‘︎ 22
πŸ“°︎ r/linux4noobs
πŸ’¬︎
πŸ‘€︎ u/be_a_nobody
πŸ“…︎ May 24 2020
🚨︎ report

Please note that this site uses cookies to personalise content and adverts, to provide social media features, and to analyse web traffic. Click here for more information.