#openpgp

Mein neuer PGP-Schlüsselpaar-Generator ist online!

Ich habe einen selbst erstellten PGP-Schlüsselpaar-Generator, den ich noch leicht optimiert habe, als Goodie auf meiner Website hinzugefügt.

Erstellt werden können folgende Schlüssel:

RSA - 4096 Bit
RSA - 8192 Bit

Für jeden öffentlichen Schlüssel wird automatisch ein Fingerprint erstellt

Die generierten PGP-Schlüsselpaare werden – wie bei meinem Passwortgenerator – vollständig clientseitig im Browser erzeugt. Es werden keine Daten auf dem Server gespeichert oder übertragen. Deine Daten bleiben bei dir.

Probier ihn aus und lass mich wissen, wie er dir gefällt!

PGP-Schlüsselpaar-Generator: https://secunis.de/pgp-schl%C3%BCsselpaargenerator.html

#Secunis #PGP #Datenschutz #Verschlüsselung #IT-Security #OpenPGP #Privatsphäre

"CVE-2025-47934 – Spoofing OpenPGP.js signature verification"

https://codeanlabs.com/blog/research/cve-2025-47934-spoofing-openpgp-js-signatures/

#security #cybersecurity #infosec #openpgp #openpgpjs

@gerowen Now try to do the same with my #python library for #openpgp please https://johnnycanencrypt.readthedocs.io/en/latest/ :)

Comparing #XMPP against #email protocols is too limited. What sets #deltachat apart is *vertical integration* and being driven by UI/UX considerations. Cross-platform Apps and Bots use the Rust core library which connects with #chatmail relays and classic email servers based on a higher level API -- abstracting over SMTP, MIME, #OpenPGP etc. See https://chatmail.at

#webxdc apps in turn use an even higher level stable API abstracting over email/xmpp/... see https://webxdc.org/docs/

I just released version 0.1.2 of rsop-oct, a stateless #OpenPGP ("SOP") CLI tool for use with OpenPGP card hardware devices:

https://crates.io/crates/rsop-oct/

Like its sibling project #rsop, rsop-oct is based on @rpgp

This update makes integration with https://crates.io/crates/openpgp-card-state optional.

rsop-oct can now implicitly use persisted PINs via openpgp-card-state, or explicitly provided ones via the standard SOP CLI parameter '--with-key-password'.

For more on #SOP, see https://datatracker.ietf.org/doc/draft-dkg-openpgp-stateless-cli/

#PGP #GnuPG

New release: #rPGP version 0.16.0

https://github.com/rpgp/rpgp/releases/tag/v0.16.0

#OpenPGP implemented in pure #Rust, permissively licensed

This release features streaming message support: Now rPGP can process arbitrarily large messages, with modest memory requirements.

It adds experimental support for the upcoming OpenPGP #PQC IETF standard https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-pqc

This release also brings various improvements for key generation, support for X448/Ed448, and many minor fixes.

our friends over at @rpgp just published a monster milestone, humbly tagged 0.16 with

- streaming decryption and encryption

- post-qauntum-cryptography

- API streamlining.

#rPGP is a full Rust implementation of #openpgp which counts among the fastest and most compliant implementations today, and includes security audits. Note: #deltachat uses a restricted subset of OpenPGP, and follows best practices (eg using the same ed25519 keys implementation as #signal) https://github.com/rpgp/rpgp/

We need something that has the decentralised web of trust of #OpenPGP and the edit verification/provenance of #C2PA (no X.509 CAs that nobody is going to customise)

Don't use PGP with emails.

> Security researchers are sounding the alarm over a fresh flaw in the JavaScript implementation of OpenPGP (OpenPGP.js) that allows both signed and encrypted messages to be spoofed.

> Discovered by Codean Labs' Edoardo Geraci and Thomas Rinsma, the vulnerability essentially undermines the core purpose of using public key cryptography to secure communications.

**OpenPGP.js bug enables encrypted message spoofing**

https://www.theregister.com/2025/05/20/openpgp_js_flaw/

#OpenPGP #PGP #Encryption

A critical flaw in #OpenPGP.js lets attackers spoof message signatures
https://securityaffairs.com/178131/uncategorized/a-openpgp-js-flaw-lets-attackers-spoof-message-signatures.html
#securityaffairs #hacking

Ojo con OpenPGP.js
CVE-2025-47934 | Nivel de riesgo: alto (8.7)

OpenPGP.js es una librería en JavaScript que se usa para cifrar y firmar mensajes

Alguien puede modificar un mensaje y hacer que parezca firmado, aunque no lo esté de verdad.

Si trabajás con OpenPGP.js o lo usa tu app, revisá si hay actualizaciones y no lo dejes pasar.

#Seguridad #OpenPGP #JavaScript #Criptografía #CorreoSeguro #DesarrolloWeb #security

»OpenPGP.js bug enables encrypted message spoofing:
Security researchers are sounding the alarm over a fresh flaw in the JavaScript implementation of OpenPGP (OpenPGP.js) that allows both signed and encrypted messages to be spoofed.«

I hope this will be resolved as soon as possible and the web email hosters will then also use the current version.

https://www.theregister.com/2025/05/20/openpgp_js_flaw/

#openpgp #javascript #email #secirity #privacy #spoofing #itsecurity #itsec #itsec #poc #flaw

Somewhat concerning for anyone who uses Proton Mail: there is a flaw in the OpenPGP javascript library that they use (and are the maintainers for) which means that it's possible for spoofed authentication signatures to be created.

https://www.theregister.com/2025/05/20/openpgp_js_flaw/

#OpenPGP #Encryption #Security #Proton #ProtonMail #Cryptography

I implemented changes for the tool that is used to manage the kernel’s #OpenPGP keyring repo. If @monsieuricon merges it, that makes my trust path degenerate from current trust paths to trust path without SHA-1. For others it’s worse …

New blog article on "Post-quantum cryptography in #OpenPGP":

https://openpgp.foo/posts/2025-05-pqc/

#PQC #IETF

I'm launching a new site about #OpenPGP:

https://openpgp.foo/

This site is a personal writing project with a focus on learning OpenPGP's concepts by playful hands-on use.

My goal is to empower readers to make sense of more advanced material (including https://openpgp.dev/), and become proficient in whatever subset of OpenPGP they are interested in.

The site is far from complete, I hope to continue writing on it. Let me know what you think, and what additional content you'd like to see!

Wenn ihr neuen code schreiben würdet wo crypto signaturen und encryption von objekten/nachichten vorkommen soll, sowie authentication von hierarichischen Personen/Organisationen mit web of trust - also ugf. alles was openpgp auch machen will, euch aber #openpgp zu kompliziert ist ... was nimmt man da? s/mime + x509 oder gibts da schlankeres?

Цифровая электронная подпись бесплатно в OpenKeychain и GPG4win

Эта статья о том, как создавать, подписывать, экспортировать, импортировать и проверять подписи OpenPGP в OpenKeychain и GPG4win с видеоинструкцией. Для того чтобы прочитать статью и применить написанное на практике, не нужно знать кодинг и разбираться в шифровании. Цель статьи — объяснить основы цифровой безопасности простыми словами обычным людям.

https://habr.com/ru/articles/910236/

#электронная_подпись #цифровая_подпись #шифрование #OpenPGP #GPG4win #OpenKeychain

Glaubt ihr in eurer lifetime wird es nochmal einfach zu benutzende und weit verbreitete end-to-end Verschlüsselung für Email geben?
#openPGP