#gnupg

apt-listchanges: News
---------------------

gnupg2 (2.4.7-4) experimental; urgency=medium

The upstream GnuPG project now explicitly and deliberately diverges from
the OpenPGP standard. Debian's own workflows rely heavily on OpenPGP,
and we ship several different OpenPGP implementations, so
interoperability via standardization is a priority for the project.

While Debian still has significant dependencies on GnuPG, the version of
GnuPG shipped in Debian will default to emitting only OpenPGP-compatible
artifacts if at all possible. As of 2.4.7-4, the default
is --compliance=openpgp, and we apply several patches to ensure that
this mode is respected.

If you observe GnuPG in Debian emitting a non-OpenPGP artifact in a
scenario where a standard OpenPGP artifact is intended or expected,
please open a critical bug report in the Debian BTS.

If you want Debian's GnuPG to emit non-standardized artifacts, in line
with upstream's deliberate divergence, you can explicitly pass
--compliance=gnupg (or set the corresponding option in
~/.gnupg/gpg.conf). If you revert to compliance with upstream defaults,
do not expect the material you produce to be interoperable with other
OpenPGP implementations.

-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Fri, 07 Feb 2025 23:35:29 -0500

I have a mini Intel Atom-powered home server in my house.

However, I’ve overlooked two things:

How do I back up data and keep it safe (from both security and quality perspectives)?

I’m still a newbie at GnuPG Privacy Guard. How do I secure the backup of my private keys?

#gpg #gnupg #privacy #security #homeserver #server #backup #cloudstorage #datahoarding #selfhosting #linux #openbsd #freebsd

Meine Datenschutz und Privatsphäre Übersicht 2025, für die Allgemeinheit

Teilen er­be­ten

als PDF:

https://cryptpad.digitalcourage.de/file/#/2/file/NdmBgSYkRCto8B+JmJkE9mQ4/

 #DSGVO #TDDDG ( #unplugtrump )
#Datenschutz #Privatsphäre #sicherheit #Verschlüsselung
#encryption #WEtell #SoloKey #NitroKey #Email #Cybersecurity #Pixelfed #Massenűberwachung
#Google #Metadaten #WhatsApp #Threema #Cryptpad #Signal
#Hateaid #Cyberstalking #Messenger #Browser #Youtube #NewPipe #Chatkontrolle #nichtszuverbergen #ÜberwachungsKapitalismus #Microsoft #Apple #Windows #Linux #Matrix #Mastodon #Friendica #Fediverse #Mastodir #Loops #2FA #Ransomware #Foss #VeraCrypt #HateAid #Coreboot #Volksverpetzer #Netzpolitik #Digitalisierung #FragdenStaat #Shiftphone  #OpenSource #GrapheneOS #CCC #Mail #Mullvad #PGP #GnuPG #DNS #Gaming #linuxgaming #Lutris #Protondb #eOS #Enshittification
#Bloatware #TPM #Murena  #LiberaPay #GnuTaler #Taler #PreppingforFuture
#FediLZ #BlueLZ #InstaLZ #ThreatModel
#FLOSS #UEFI #Medienkompetenz

07.03.2025: GnuPG announces release of 2.5.5 for public testing, finalized PQC algorithms are supported.
Source: https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html

11.03.2025: NIST selects HQC as fifth algorithm for post-quantum encryption.
Source: https://www.nist.gov/news-events/news/2025/03/nist-selects-hqc-fifth-algorithm-post-quantum-encryption

PQC: https://wikipedia.org/wiki/Post-quantum_cryptography
GnuPG: https://mastodon.online/@blueghost/111974048270035570
Harvest now, decrypt later: https://mastodon.online/@blueghost/111357939714657018

#PQC #PostQuantum #Cryptography #GnuPG #GPG #Encryption #E2EE #InfoSec #Security #Privacy #CyberSecurity #QuantumSafe

@hko @treefit @lns

If you have specific questions about #GnuPG, please ask them. There are a few ways to do so, for example https://forum.gnupg.org/c/gnupg/8 or https://lists.gnupg.org/pipermail/gnupg-users/ .

(Note that #GnuPG is a mature crypto engine and the command line interfaces are more like a multitool for experts or advanced users who do not mind to use the command line. However there are many good workflow oriented frontends, like email clients or file managers. No need to use `gpg` on the command line.)

@vlpatton The classic method is a key signing party. Get a bunch of people in the same room with legal photo identification and their fingerprints, and go around the room checking everyone else’s ID. Then, go home and sign everyone’s keys. Send the signed key to the key owner. Import signed keys and collect signatures!

Key servers sharing signatures haven’t been a thing since the attacks years ago. Any modern keyserver will strip the signatures, so you’ll have to distribute your key with signatures some other way (WKD, DNS, a file on your web site, etc.).

CAcert will do PGP key endorsements if you get enough assurances on their platform. Everyone with a signed key has had two forms of ID checked by two people. However, their infrastructure can only work on old-school RSA keys right now (they’re working on modernizing).

#PGP #GnuPG #CAcert #KeySigningParty #cryptoparty #WebOfTrust

how does one perhaps acquire signatures for their PGP key? I'm wanting to build a web of trust, but I'm unsure if there's anyone I know personally (and especially in-person) who would be able to sign my keys...

fwiw, I use my keys to sign Git commits, mostly.

#PGP #Encryption #WebOfTrust #GnuPG

Dentro de unos meses veremos un toot de @audricd en plan:

#ayuda fediverso
he conseguido acceder a los sistemas de defensa rusos, pero necesito ayuda con unas claves #GnuPG para tener autorización de uso de sus misiles termonucleares.

se agradece #boost

Today I migrated my #GnuPG self compile assistance project (WIP) from incubator repository to a dedicated repository (including the new version number 2.5.5):

https://codeberg.org/fmg/diy-gnupg

The March release for #GnuPG in the PQC public testing release series is here: v2.5.5 only has a few fixes, but those seem important ... removing potential "hangs" on windows and elsewhere.

https://dev.gnupg.org/T7530
https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html

#FreeSoftware #EndtoEndSecurity #LibrePGP #OpenPGPv4

Has anyone here on #fedi figured out the correct recipe for dealing with #OpenPGP, #DMARC and #mailman ?

The problem, by default mailman will modify messages and this will break the dkim signature.
https://gitlab.com/mailman/mailman/-/issues/1079

Mailman provides two DMARC mitigation options (other option is reject or discard which is not useful in this case).

1. Replace the from address with list address
2. Wrap original message in an envelope

thunderbird flags 1 and fails 2.
#askfedi #gnupg #gpg #thunderbird

Everybody should learn how to use GPG.

https://gnupg.org/

#gpg #gnupg #encryption #security #privacy #cybersecurity #linux #pgp

Periodic reminder that #gnupg exists & has for a long time.
#GPA for #Linux is a super easy utility to encrypt & sign text.
A Windows version exists, too, but I trust MS about as far as I can throw Gates.

#encryption #foss

https://gnupg.org/

Использование #OMEMO в тех же #XMPP клиентах опирается на Perfect forward secrecy. Чем выгодно отличается от задействование #GnuPG \ #GPG для сквозного шифрования в чатах.

Потому что при Perfect forward secrecy #PFS ключи шифрования не хранятся на устройстве, а эфемерны — постоянно меняются.

Изъятие смартфона или компьютера не дают возможности расшифровать когда-то в прошлом перехваченные сообщения. Например те, что хранятся на xmpp-сервере для синхронизации между несколькими клиентскими устройствами.

Это и есть то самое Liberty ради Safety — противовесом к «freedom» техногигантов с монополистами в сфере различных платформ доставки контента. И попыток лепить из пользователей товар для рекламодателей, в обмен на предоставление людям бесплатных сервисов.

#e2ee #криптография #приватность #privacy #crypto #cryptography #encryption #InfoSec #ИБ

@GnuPG The 2.5.* #GnuPG package had some issues with path structure due to the speedo makefile (from the w32 tarball, AFAIK not intended to create #Debian style packages) which were fixed Thursday during a testing session. The file gpgconf.ctl contained a rootdir value not appropriate for a deb package. This prevented dirmngr from starting. Latest version: 2.5.4-1~shimps3

Loading Client Manager...
XMPP> connect
XMPP Connect - JID> demo@domain.tld
XMPP Connect - PWD> 123456
XMPP> Client has been connected with XMPP Server

XMPP> presence
XMPP> message
XMPP Message - JID> stefan@domain.tld
XMPP Message - Text> Hallo! Das ist ein Test :)
XMPP> Message from stefan@domain.tld/Coffein: Hallo. Die Nachricht ist angekommen.

g_signal_connect_object(connection, "connected",
G_CALLBACK(cxmpp_connected), connection,
G_CONNECT_SWAPPED);

g_signal_connect_object(connection, "new-contact",
G_CALLBACK(new_contact), connection,
G_CONNECT_SWAPPED);

g_signal_connect_object(connection, "new-chat-message",
G_CALLBACK(new_chat_message), connection,
G_CONNECT_SWAPPED);

FWIW, I also had an interview (German) on the #PGP and #GnuPG history at a #bitcoin podcast:

https://muenzweg21.podbean.com/e/munzgasse-47-auf-den-schultern-von-hackern-mit-werner-koch-und-blue/

Last year the inventor of #GnuPG appeared in a podcast interview (almost one hour) which is IMHO worth of attention. More details:
https://blog.shimps.org/blogpost365-Werner-Koch-at-The-Linux-Inlaws

12.02.2025: GnuPG announces release of 2.5.4 for public testing, finalized PQC algorithms are supported.
Source: https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000490.html

PQC: https://wikipedia.org/wiki/Post-quantum_cryptography
GnuPG: https://mastodon.online/@blueghost/111974048270035570
Harvest now, decrypt later: https://mastodon.online/@blueghost/111357939714657018

#PQC #PostQuantum #Cryptography #GnuPG #GPG #Encryption #E2EE #InfoSec #Security #Privacy #QuantumSafe #PGP #CyberSecurity