0 Persons are tagged with #gpg

#gpg

57b731e9@nerdpol.ch
A6BDBF57_57B731E9

Version 4.58 of EasyGPG is Published

EasyGPG is an easy-to-use GUI for GPG that uses Zenity and XClip.

The following changes were made.

  • EasyGPG now, once again, works with Tails, if nemo or another graphical file manager that follows the FreeDesktop.org guidelines is installed. From now on, using nemo or one of the others, you can use EasyGPG with Tails pretty much the same way as with other distros.

The sha256sum of this new version of easygpg.sh is 4788bf28aeacb164af7cb0818977bd0ca59671c0307e2827c9993d418887f0ae.

Tails Users

This one time, because of the changes to Tails, you will have to update in a special way.

  1. Install nemo or another graphical file manager that follows the FreeDesktop.org guidelines. Make sure it is marked to be installed every time you start Tails.
  2. Download https://codeberg.org/giXzkGsc/EasyGPG/raw/branch/main/easygpg.asc
  3. Move easygpg.asc to the Persistent folder.
  4. Open a terminal window and cd to the Persistent folder. Then type gpg -d easygpg.asc | tar -x. This should create a file in your Persistent folder named easygpg.sh.
  5. Open a window to Persistent with nemo or whatever else you installed. Move easygpg.sh into your EasyGPG folder, replacing the copy already there.
  6. Double-click Rebuild EasyGPG to rebuild your EasyGPG folder.

Other Users

To update to this new version, just double-click Check for a new version of EasyGPG in the EasyGPG-Actions folder (or, if your version is earlier than 4.0, select Check for a new version of EasyGPG in the main menu).

If you update from a very old version, check to make sure you have the latest version. If not, update again.

To update a copy of EasyGPG older than 3.0, use the installer (below), but select your already-existing EasyGPG folder. If you do this correctly, you will be asked whether or not you want to replace the existing EasyGPG. Click “Replace” to replace your old version of EasyGPG with the latest version.

To install EasyGPG for the first time, click on one of the following links. This is a tar.gz file. Extract the contents of the file, which will be a folder called EasyGPG-Installer. Open the folder, and double-click Install EasyGPG. This will create your new EasyGPG folder, and build all the files and folders inside it. Refresh the GUI file manager window to ensure the icons are correctly displayed.

If the Desktop files (all the Actions and the main Desktop file) do not work, you will need to install a graphical file manager that complies with the XDG standards: nemo, caja, pcmanfm, thunar, or dolphin. None of these has to be made the default graphical file manager. You only need to install one or more of them.

https://codeberg.org/giXzkGsc/EasyGPG/raw/branch/main/EasyGPG-Installer.tar.gz
https://archive.org/download/easygpg/EasyGPG-Installer.tar.gz

[The installer is also available at
http://easygpg2.i2p/EasyGPG-Installer.tar.gz (I2P).]

EasyGPG Web Sites
https://codeberg.org/giXzkGsc/EasyGPG Codeberg (clearnet)
https://archive.org/details/easygpg Internet Archive (clearnet)
http://easygpg2.i2p/ I2P eepsite

EasyGPG Tor Onion Gopher Hole
gopher://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/

EasyGPG Minus Library
[minus://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/](minus://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/)

For news about EasyGPG, click on the #easygpg tag.

This project has never been on GitHub, though another project with the same name has. This project is not related in any way to the German government, though another project with the same name is.

When using software, the greatest threat to privacy and security is the Internet. EasyGPG will not attempt to communicate with the Internet unless you tell it to read a file from the Internet or check for a new version. I will make no attempt to discover who is using my software, where, when, how, or for what purpose.

#easygpg #gpg #encryption #privacy #surveillance #security #cryptography

1 Shares
57b731e9@nerdpol.ch
A6BDBF57_57B731E9

New Version of EasyGPG Is Coming Soon

This is only important to users of Tails.

The most recent version of Tails removes all support for FreeDesktop.org Desktop files. This is a problem for EasyGPG because, beginning with version 4.0, EasyGPG has used Desktop files for almost everything.

** Until the new version is published**, here is what you should do. Install nemo. Nemo is the default graphical file manager for the Cinnamon DE. It supports FreeDesktop.org Desktop files. To install nemo type this into a terminal window.

sudo apt update
This reads all of the Tails repos. Then type this.
sudo apt install nemo
This installs Nemo. Be sure to mark nemo to be installed every time you start Tails.

Nemo will be the second item in the Accessories sub-menu of the Applications menu labeled "Files." Using Nemo, no other workarounds for Tails will be necessary. I will publish a new version of EasyGPG in the near future that will work with Tails much more like the way it works with other distros.

#easygpg #gpg #encryption #privacy #surveillance #security #cryptography

aktionfsa@diasp.eu
Aktion Freiheit statt

29.12.2023 Gesundheitsdaten nur bedingt sicher

KIM = Kaos in der Medizin

Eigentlich sollte KIM ein sicherer E-Mail Service für die Medizin, also die Kommunikation zwischen Krankenkassen und Ärzten sein. Etwas ähnliches gibt es auch seit Jahren im Bereich der Justiz für Gerichte und Anwälte. Insofern handelt es sich nicht um die grandiosiste Innovation.

Trotzem ging es schief. Wie auf dem 37. CCC Kongress in Hamburg von dem Münsteraner Sicherheitsforscher Christoph Saatjohann vom Fraunhofer-Institut für Sichere Informationstechnologie (SIT) in Münster und Sebastian Schinzel berichtet wurde, haben insgesamt acht Krankenkassen durch die Gematik den gleichen S/MIME-Key erhalten. Sichere E-Mail beruht auf dem seit den 80-iger Jahren von Phil Zimmermann entwickelten Public-Private-Key Verfahren. In öffentlichen Einrichtungen geschieht das nach dem Standard X.509, während im privaten Umfeld Jede/r seine Schlüsselpaare selbst generieren kann.

Wenn jedoch die Zertifizierungsstellen (CAs) für verschiedene Akteure die gleichen Schlüssel verteilen, dann war es das mit der Sicherheit sensibler medizinischer Daten. Das ist der GAU in der PKI - der Public Key Infrastructure.

Laut den Sicherheitsforschern hatten, wie Heise.de schreibt, einmal drei Krankenkassen denselben im September 2021 ausgestellten Schlüssel, bei einem zweiten Schlüssel fünf. 28% der Bürgerinnen und Bürger seien über diese acht Krankenkassen versichert gewesen. Dieser Vorfall war nicht der erste mit KIM. 2022 wurde eine Log4J-Schwachstelle im KIM-Clientmodul von T-Systems gefunden.

Künftig werden die Schlüssel nun monatlich auf Dopplungen geprüft.

Mehr dazu bei https://www.heise.de/news/37C3-Schluessel-fuer-E-Mail-Dienst-KIM-fuer-das-Medizinwesen-mehrfach-vergeben-9583275.html
Kategorie[21]: Unsere Themen in der Presse Short-Link dieser Seite: a-fsa.de/d/3y7
Link zu dieser Seite: https://www.aktion-freiheitstattangst.org/de/articles/8633-20231229-gesundheitsdaten-nur-bedingt-sicher.html
Link im Tor-Netzwerk: http://a6pdp5vmmw4zm5tifrc3qo2pyz7mvnk4zzimpesnckvzinubzmioddad.onion/de/articles/8633-20231229-gesundheitsdaten-nur-bedingt-sicher.html
Tags: #KIM #Gematik #Telekom #Scheinsicherheit #CCC #X.509 #Zertifizierungsstellen #doppelt #Keys #Schlüssel #Email #PP #GPG #Verbraucherdatenschutz #Datensicherheit #Datenpannen #Datenskandale #eGK #ePA #Datenverluste #Anwaltspostfach

Besonderes elektronisches Anwaltspostfach: Anwälte sollen unterschreiben lassen

Mit dem Tausch der abgelaufenen Signaturkarten wählt die BRAK abermals eine sonderliche Lösung, die noch nicht von jeder Kanzleisoftware unterstützt wird.

4 Likes
aktionfsa@diasp.eu
Aktion Freiheit statt

23.11.2023 E-Mail Programm kommt in die Jahre

Einfach - und funktioniert seit Jahrzehnten

Das E-Mail Protokoll wurde in den 80-iger Jahren erfunden, um Nachrichten von einem Rechner zum nächsten zu schicken. Dafür wurde schon 1982 das @-Zeichen verwendet. Um irgendwelche Sicherheitsfeatures musste man sich keine Sorgen machen, denn das Internet war noch nicht erfunden. So konnten sich Mail Server über das SMTP-Protokoll, das Simple Mail Transport Protocol, mit einem einfachen HELO anrufen und ihre Daten verschicken.

Inzwischen geschieht das natürlich verschlüsselt aber immer noch mit SMTP, Mail abholen geht ebenfalls seit Jahrzehnten mit POP3 oder IMAP - auch verschlüsselt. Und es geht seit 30 Jahren sogar mit beliebigen MIME-codierten Dateianhängen (Multipurpose Internet Mail Extensions), solange diese nicht zu groß sind (vereinbart wurden max 5MB) - egal ob der Rechner Mac, Windows oder Linux spricht, ein Android oder ein Apple Smartphone ist. Das ist der Vorteil eines vereinbarten Protokoll, an das sich alle halten müssen.

Und die Nachteile?

  1. Der wohl am meisten gehasste Nachteil sind die massenhaften Spam Nachrichten, die wir sekündlich erhalten. Spam zu versenden ist mit SMTP super einfach, man braucht nur massenhaft SMTP-Sitzungen eröffnen und kann dann Nachrichten bei anderen Servern abladen. Inzwischen gibt es zwar relativ intelligente Spam Filter, aber denen kann leicht eine wichtige Nachricht zum Opfer fallen oder sie sind so eingestellt, dass immer noch Spam durchrutscht - ärgerlich. Viel gravierender ist, dass der Spamanteil an den umlaufenden Mails einen erheblichen Teil des Internetverkehrs ausmachen und dafür Energie verbraucht wird. Oft werden auch Server, die viele Mails (z.B. Newsletter) versenden fälschlicherweise als Spam-Schleuder betrachtet und von anderen blockiert. (Das passiert unserem Verein regelmäßig durch microsoft365.com und wir müssen denen dann klar machen, dass wir die Guten sind ... Auch Heise.de berichtet von ähnlichen Erlebnisse mit Googles gmail Postfächern.)

  2. Spoofing: Jeder kann sich als Jeder ausgeben, z.B. als Obama@WhiteHouse.gov. Zwar kann man so etwas auch leicht als Fake erkennen, aber dazu muss man in den Header der Mail schauen, um zu sehen woher sie wirklich kommt.

  3. ASCII-Zeichensatz: In den 80-igern gab es (in den USA) nur den American Standard for Character Information Interchange (ASCII), der einen 7-bit Zeichensatz für E-Mail definierte. Drum herum wurden Wege für andere Zeichensätze gefunden, aber der aus der Zeit gefallene ASCII Zeichensatz blieb leider als Kern erhalten.

  4. Verschlüsselung: Mail Server reden in der Regel TLS-verschlüsselt, aber das ist nicht verpflichtend.

  5. Ende-zu-Ende-Verschlüsselung: Die Transportverschlüsselung mit TLS zwischen den Servern reicht uns aber nicht aus. Wir möchten, dass auch auf den Zwischenknoten die Inhalte unserer Mails nicht gelesen werden. Dazu ist eine Ende-zu-Ende-Verschlüsselung, z.B. mit GPG notwendig, die das Mailprotokoll nicht vorsieht. Dazu sind zusätzliche Programme notwendig, die nicht alle Mailprogramme vor sich aus mitbringen. Thunderbird für alle PC-Betriebssystem kann es und auch K9-Mail für Android.

Völlig unverständlich ist, dass die für viele - leider nicht alle - verfügbare Ende-zu-Ende-Verschlüsselung nur zu weniger als 10% der wirklich real wichtigen Mails genutzt wird. Selbst das staatlich geförderte Projekt DE-Mail - sicher verschlüsselte Mail für Deutschland wurde für Post und Telekom ein Verlust und wurde wieder eingestampft. Auch andere "Zusätze", wie das "besondere elektronische Anwaltspostfach" für den Verkehr zwischen Anwälten und Gerichten hatten viele Anlaufprobleme. Für das Gesundheitswesen baut die Gematik an der Telematik-Infrastruktur, über deren andauernde Probleme wir schon oft berichten mussten.

Statt einer grundsätzlich neuen Struktur für den Nachrichtenaustausch haben private Firmen in den letzten 10 Jahren eigene Messenger aufgebaut, denen (absichtlich) die Interoperabilität fehlt mit anderen Messengern Nachrichten auzutauschen. Es gibt auch bei diesen Messengern einige - die natürlich nicht von den Big5 kommen, denen man vertrauen kann, wie z.B. Signal, Threema, Gajim, Session, u.v.a.

Mehr dazu bei https://www.heise.de/news/So-kaputt-ist-die-E-Mail-und-sie-wird-trotzdem-nicht-sterben-c-t-3003-9532199.html
Kategorie[21]: Unsere Themen in der Presse Short-Link dieser Seite: a-fsa.de/d/3xs
Link zu dieser Seite: https://www.aktion-freiheitstattangst.org/de/articles/8595-20231123-e-mail-programm-kommt-in-die-jahre.html
Link im Tor-Netzwerk: http://a6pdp5vmmw4zm5tifrc3qo2pyz7mvnk4zzimpesnckvzinubzmioddad.onion/de/articles/8595-20231123-e-mail-programm-kommt-in-die-jahre.html
Tags: #E-Mail #SMTP #POP3 #IMAP #Messenger #SimpleMailTransportProtocol #MIME #ASCII #Verbraucherdatenschutz #Datenschutz #Datensicherheit #DE-Mail #GPG #Anonymisierung #Persönlichkeitsrecht #Privatsphäre #Verhaltensänderung #Smartphone #Handy #Android

2 Likes
57b731e9@nerdpol.ch
A6BDBF57_57B731E9

Version 4.57.6 of EasyGPG is Published

EasyGPG is an easy-to-use GUI for GPG that uses Zenity and XClip.

The following changes were made.

  • One of the windows that appears when EasyGPG is first installed was too wide with recent versions of zenity. This bug is now fixed.

The sha256sum of this new version of easygpg.sh is f5116f0ed08d6f43875de800a19a3e29e1274232536e90fa80c26583cf03b380.

To update to this new version, just double-click Check for a new version of EasyGPG in the EasyGPG-Actions folder (or, if your version is earlier than 4.0, select Check for a new version of EasyGPG in the main menu).

If you update from a very old version, check to make sure you have the latest version. If not, update again.

To update a copy of EasyGPG older than 3.0, use the installer (below), but select your already-existing EasyGPG folder. If you do this correctly, you will be asked whether or not you want to replace the existing EasyGPG. Click “Replace” to replace your old version of EasyGPG with the latest version.

To install EasyGPG for the first time, click on one of the following links. This is a tar.gz file. Extract the contents of the file, which will be a folder called EasyGPG-Installer. Open the folder, and double-click Install EasyGPG. This will create your new EasyGPG folder, and build all the files and folders inside it. Refresh the GUI file manager window to ensure the icons are correctly displayed.

If the Desktop files (all the Actions and the main Desktop file) do not work, you will need to install a graphical file manager that complies with the XDG standards: nemo, caja, pcmanfm, thunar, or dolphin. None of these has to be made the default graphical file manager. You only need to install one or more of them.

https://codeberg.org/giXzkGsc/EasyGPG/raw/branch/main/EasyGPG-Installer.tar.gz
https://archive.org/download/easygpg/EasyGPG-Installer.tar.gz

[The installer is also available at
http://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/EasyGPG-Installer.tar.gz (Onionland) and
http://easygpg2.i2p/EasyGPG-Installer.tar.gz (I2P).]

EasyGPG Web Sites
https://codeberg.org/giXzkGsc/EasyGPG Codeberg (clearnet)
https://archive.org/details/easygpg Internet Archive (clearnet)
http://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/ Tor Onion Service web site
http://easygpg2.i2p/ I2P eepsite

EasyGPG Tor Onion Gopher Hole
gopher://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/

EasyGPG Minus Library
[minus://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/](minus://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/)

For news about EasyGPG, click on the #easygpg tag.

This project has never been on GitHub, though another project with the same name has. This project is not related in any way to the German government, though another project with the same name is.

When using software, the greatest threat to privacy and security is the Internet. EasyGPG will not attempt to communicate with the Internet unless you tell it to read a file from the Internet or check for a new version. I will make no attempt to discover who is using my software, where, when, how, or for what purpose.

#easygpg #gpg #encryption #privacy #surveillance #security #cryptography

One person like that
4 Comments
1 Shares
mkwadee@diasp.eu
Khurram Wadee

In days gone by I used to use #Enigmail to #ecrypt #e-mail messages where possible (precious few of my correspondents use encryption, sadly). This used to be an addon for #Thunderbird but support for it was dropped some time ago as native support for #OpenPGP was incorporated into it. After a long hiatus, I decided to get back to seeing how to use the new interface, particularly with version 102 of Thunderbird. It looks pretty easy once you've configured the settings.

#Encryption #GPG #PGP

One person like that
3 Comments
57b731e9@nerdpol.ch
A6BDBF57_57B731E9

Version 4.57.1 of EasyGPG is Published

EasyGPG is an easy-to-use GUI for GPG that uses Zenity and XClip.

The following changes were made.

  • Parsing of the URL has been improved in the Read text from the Internet Action (command-line --ru).

The sha256sum of this new version of easygpg.sh is 23e00144b5ea57126dd8d7c60488f487c5051d5fc403aa0317fb5d517f7a8a1c.

To update to this new version, just double-click Check for a new version of EasyGPG in the EasyGPG-Actions folder (or, if your version is earlier than 4.0, select Check for a new version of EasyGPG in the main menu).

If you update from a very old version, check to make sure you have the latest version. If not, update again.

To update a copy of EasyGPG older than 3.0, use the installer (below), but select your already-existing EasyGPG folder. If you do this correctly, you will be asked whether or not you want to replace the existing EasyGPG. Click “Replace” to replace your old version of EasyGPG with the latest version.

To install EasyGPG for the first time, click on one of the following links. This is a tar.gz file. Extract the contents of the file, which will be a folder called EasyGPG-Installer. Open the folder, and double-click Install EasyGPG. This will create your new EasyGPG folder, and build all the files and folders inside it. Refresh the GUI file manager window to ensure the icons are correctly displayed.

If the Desktop files (all the Actions and the main Desktop file) do not work, you will need to install a graphical file manager that complies with the XDG standards: nemo, caja, pcmanfm, thunar, or dolphin. None of these has to be made the default graphical file manager. You only need to install one or more of them.

https://codeberg.org/giXzkGsc/EasyGPG/raw/branch/main/EasyGPG-Installer.tar.gz
https://archive.org/download/easygpg/EasyGPG-Installer.tar.gz

[The installer is also available at
http://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/EasyGPG-Installer.tar.gz (Onionland) and
http://easygpg2.i2p/EasyGPG-Installer.tar.gz (I2P).]

EasyGPG Web Sites
https://codeberg.org/giXzkGsc/EasyGPG Codeberg (clearnet)
https://archive.org/details/easygpg Internet Archive (clearnet)
http://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/ Tor Onion Service web site
http://easygpg2.i2p/ I2P eepsite

EasyGPG Tor Onion Gopher Hole
gopher://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/

EasyGPG Tor Onion Minus Server
minus://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/

For news about EasyGPG, click on the #easygpg tag.

This project has never been on GitHub, though another project with the same name has. This project is not related in any way to the German government, though another project with the same name is.

When using software, the greatest threat to privacy and security is the Internet. EasyGPG will not attempt to communicate with the Internet unless you tell it to read a file from the Internet or check for a new version. I will make no attempt to discover who is using my software, where, when, how, or for what purpose.

#easygpg #gpg #encryption #privacy #surveillance #security #cryptography

57b731e9@nerdpol.ch
A6BDBF57_57B731E9

Version 4.57 of EasyGPG is Published

EasyGPG is an easy-to-use GUI for GPG that uses Zenity and XClip.

The following changes were made.

  • Read text from the Internet is now Read a file from the Internet. The command-line option, --ru, has not changed.
  • Read a file from the Internet will try, first, to read a file as text. If that fails, it will offer to download the file to a file on your machine. This feature makes EasyGPG an almost complete Minus client. It will certainly serve as a "stopgap" until I or others can write a complete client.
  • Previous versions of EasyGPG, when updating, checked that easygpg.asc was completely downloaded before verifying its signature. This new version also checks that version.txt was properly downloaded before comparing the version numbers.

The sha256sum of this new version of easygpg.sh is f9479bead7442fa67e1016ea4b26b0d077a1900be5a3f34bbed42e47b34daef7.

To update to this new version, just double-click Check for a new version of EasyGPG in the EasyGPG-Actions folder (or, if your version is earlier than 4.0, select Check for a new version of EasyGPG in the main menu).

If you update from a very old version, check to make sure you have the latest version. If not, update again.

To update a copy of EasyGPG older than 3.0, use the installer (below), but select your already-existing EasyGPG folder. If you do this correctly, you will be asked whether or not you want to replace the existing EasyGPG. Click “Replace” to replace your old version of EasyGPG with the latest version.

To install EasyGPG for the first time, click on one of the following links. This is a tar.gz file. Extract the contents of the file, which will be a folder called EasyGPG-Installer. Open the folder, and double-click Install EasyGPG. This will create your new EasyGPG folder, and build all the files and folders inside it. Refresh the GUI file manager window to ensure the icons are correctly displayed.

If the Desktop files (all the Actions and the main Desktop file) do not work, you will need to install a graphical file manager that complies with the XDG standards: nemo, caja, pcmanfm, thunar, or dolphin. None of these has to be made the default graphical file manager. You only need to install one or more of them.

https://codeberg.org/giXzkGsc/EasyGPG/raw/branch/main/EasyGPG-Installer.tar.gz
https://archive.org/download/easygpg/EasyGPG-Installer.tar.gz

[The installer is also available at
http://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/EasyGPG-Installer.tar.gz (Onionland) and
http://easygpg2.i2p/EasyGPG-Installer.tar.gz (I2P)]

EasyGPG Web Sites
https://codeberg.org/giXzkGsc/EasyGPG Codeberg (clearnet)
https://archive.org/details/easygpg Internet Archive (clearnet)
http://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/ Tor Onion Service web site
http://easygpg2.i2p/ I2P eepsite

EasyGPG Tor Onion Gopher Hole
gopher://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/

EasyGPG Tor Onion Minus Server
minus://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/

For news about EasyGPG, click on the #easygpg tag.

This project has never been on GitHub, though another project with the same name has. This project is not related in any way to the German government, though another project with the same name is.

When using software, the greatest threat to privacy and security is the Internet. EasyGPG will not attempt to communicate with the Internet unless you tell it to read text from the Internet or check for a new version. I will make no attempt to discover who is using my software, where, when, how, or for what purpose.

#easygpg #gpg #encryption #privacy #surveillance #security #cryptography

57b731e9@nerdpol.ch
A6BDBF57_57B731E9

EasyGPG’s Tor Onion Service Has Upgraded to Tor 0.4.7.8

EasyGPG is an easy-to-use GUI for GPG that uses Zenity and XClip.

This affects all three of the services: the HTTP server, the Gopher server, and the Minus server.

http://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/
gopher://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/
minus://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/

The most recent release of the Tor Browser also uses this same version of Tor.

Changes in version 0.4.7.8 - 2022-06-17
  This version fixes several bugfixes including a High severity security issue
  categorized as a Denial of Service. Everyone running an earlier version
  should upgrade to this version.

  o Major bugfixes (congestion control, TROVE-2022-001):
    - Fix a scenario where RTT estimation can become wedged, seriously
      degrading congestion control performance on all circuits. This
      impacts clients, onion services, and relays, and can be triggered
      remotely by a malicious endpoint. Tracked as CVE-2022-33903. Fixes
      bug 40626; bugfix on 0.4.7.5-alpha.

  o Minor features (fallbackdir):
    - Regenerate fallback directories generated on June 17, 2022.

  o Minor features (geoip data):
    - Update the geoip files to match the IPFire Location Database, as
      retrieved on 2022/06/17.

  o Minor bugfixes (linux seccomp2 sandbox):
    - Allow the rseq system call in the sandbox. This solves a crash
      issue with glibc 2.35 on Linux. Patch from pmu-ipf. Fixes bug
      40601; bugfix on 0.3.5.11.

  o Minor bugfixes (logging):
    - Demote a harmless warn log message about finding a second hop to
      from warn level to info level, if we do not have enough
      descriptors yet. Leave it at notice level for other cases. Fixes
      bug 40603; bugfix on 0.4.7.1-alpha.
    - Demote a notice log message about "Unexpected path length" to info
      level. These cases seem to happen arbitrarily, and we likely will
      never find all of them before the switch to arti. Fixes bug 40612;
      bugfix on 0.4.7.5-alpha.

  o Minor bugfixes (relay, logging):
    - Demote a harmless XOFF log message to from notice level to info
      level. Fixes bug 40620; bugfix on 0.4.7.5-alpha.

#easygpg #gpg #encryption #privacy #surveillance #security #cryptography #tor

1 Shares
57b731e9@nerdpol.ch
A6BDBF57_57B731E9

EasyGPG Installer 1.22 is Published

EasyGPG is an easy-to-use GUI for GPG that uses Zenity and XClip.

This new version of the installer uses the EasyGPG Tor Onion Minus server to download EasyGPG, instead of the Tor Onion Gopher hole.

To install EasyGPG for the first time, click on one of the following links. This is a .tar.gz file. Extract the contents of the file, which will be a folder called EasyGPG-Installer. Open the folder, and double-click Install EasyGPG. This will create your new EasyGPG folder, and build all the files and folders inside it.

https://archive.org/download/easygpg/EasyGPG-Installer.tar.gz
https://codeberg.org/giXzkGsc/EasyGPG/raw/branch/main/EasyGPG-Installer.tar.gz

[The installer is also available at
http://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/EasyGPG-Installer.tar.gz (Onionland web site),
http://easygpg2.i2p/EasyGPG-Installer.tar.gz (I2P),
minus://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/EasyGPG-Installer.tar.gz (Onionland Minus server), and
gopher://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/9/EasyGPG-Installer.tar.gz (Onionland gopher hole)]

EasyGPG on the Internet
https://archive.org/details/easygpg Internet Archive (clearnet)
https://codeberg.org/giXzkGsc/EasyGPG Codeberg (clearnet)
http://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/ Tor Onion Service web site
http://easygpg2.i2p/ I2P eepsite
gopher://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/ Tor Onion Service gopher hole
minus://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/ Tor Onion Service Minus server

For news about EasyGPG, click on the #easygpg tag.

#easygpg #gpg #encryption #privacy #surveillance #security #cryptography

57b731e9@nerdpol.ch
A6BDBF57_57B731E9

Version 4.56 of EasyGPG is Published

EasyGPG is an easy-to-use GUI for GPG that uses Zenity and XClip.

The following changes were made.

  • When Tor is available, EasyGPG now uses the Tor Onion Service Minus server to update instead of the Gopher server.
  • Some code has been consolidated making this new version 117 bytes smaller than the previous version.

I plan to update the EasyGPG installer soon. It will also use the Minus server instead of the Gopher server.

In several hours I plan to publish a simple but complete Minus server, implemented as a BASH script. The server will meet all the requirements of the published Minus specification. I will also publish a new version of the specification which corrects a small error in my choice of words.

Finally, I also plan to publish some scripts to make your Minus server available as a Tor Onion Service.

The sha256sum of this new version of easygpg.sh is 4742e66b2cfee8b9d8143a25c5a7b8fdaa2464a95398dfc31c4fbbb5e7e46609.

To update to this new version, just double-click Check for a new version of EasyGPG in the EasyGPG-Actions folder (or, if your version is earlier than 4.0, select Check for a new version of EasyGPG in the main menu).

If you update from a very old version, check to make sure you have the latest version. If not, update again.

To update a copy of EasyGPG older than 3.0, use the installer (below), but select your already-existing EasyGPG folder. If you do this correctly, you will be asked whether or not you want to replace the existing EasyGPG. Click “Replace” to replace your old version of EasyGPG with the latest version.

To install EasyGPG for the first time, click on one of the following links. This is a tar.gz file. Extract the contents of the file, which will be a folder called EasyGPG-Installer. Open the folder, and double-click Install EasyGPG. This will create your new EasyGPG folder, and build all the files and folders inside it. Refresh the GUI file manager window to ensure the icons are correctly displayed.

If the Desktop files (all the Actions and the main Desktop file) do not work, you will need to install a graphical file manager that complies with the XDG standards: nemo, caja, pcmanfm, thunar, or dolphin. None of these has to be made the default graphical file manager. You only need to install one or more of them.

https://codeberg.org/giXzkGsc/EasyGPG/raw/branch/main/EasyGPG-Installer.tar.gz
https://archive.org/download/easygpg/EasyGPG-Installer.tar.gz

[The installer is also available at
http://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/EasyGPG-Installer.tar.gz (Onionland) and
http://easygpg2.i2p/EasyGPG-Installer.tar.gz (I2P)]

EasyGPG Web Sites
https://codeberg.org/giXzkGsc/EasyGPG Codeberg (clearnet)
https://archive.org/details/easygpg Internet Archive (clearnet)
http://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/ Tor Onion Service web site
http://easygpg2.i2p/ I2P eepsite

EasyGPG Tor Onion Gopher Hole
gopher://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/

EasyGPG Tor Onion Minus Server
minus://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/

For news about EasyGPG, click on the #easygpg tag.

This project has never been on GitHub, though another project with the same name has. This project is not related in any way to the German government, though another project with the same name is.

When using software, the greatest threat to privacy and security is the Internet. EasyGPG will not attempt to communicate with the Internet unless you tell it to read text from the Internet or check for a new version. I will make no attempt to discover who is using my software, where, when, how, or for what purpose.

#easygpg #gpg #encryption #privacy #surveillance #security #cryptography

57b731e9@nerdpol.ch
A6BDBF57_57B731E9

Version 4.55 of EasyGPG is Published

EasyGPG is an easy-to-use GUI for GPG that uses Zenity and XClip.

The following changes were made.

  • The Read text from the Internet Action now does a better job of recognizing URLs in the copied text.
  • The Read text from the Internet Action now supports the Minus protocol.

The Read text from the Internet Action was intended to make it easy to import PGP keys and read PGP messages directly from the Internet. Now it also provides a "stopgap" way to browse Minus sets, like the EasyGPG Minus set.

The EasyGPG Gopher hole is not the only Tor Onion Service Gopher hole, so EasyGPG may also be a "stopgap" Tor Onion Gopher browser.

I hope to develop a stand-alone browser for both Gopher and Minus in the next several weeks. It may not, at first, be as easy to follow links with this browser as we would like. Perhaps others will develop better alternatives.

The sha256sum of this new version of easygpg.sh is c415c4121d0bd7da385af17b5012bf35f31e08b13469671e138fe71f88d0cd4c.

To update to this new version, just double-click Check for a new version of EasyGPG in the EasyGPG-Actions folder (or, if your version is earlier than 4.0, select Check for a new version of EasyGPG in the main menu).

If you update from a very old version, check to make sure you have the latest version. If not, update again.

To update a copy of EasyGPG older than 3.0, use the installer (below), but select your already-existing EasyGPG folder. If you do this correctly, you will be asked whether or not you want to replace the existing EasyGPG. Click “Replace” to replace your old version of EasyGPG with the latest version.

To install EasyGPG for the first time, click on one of the following links. This is a tar.gz file. Extract the contents of the file, which will be a folder called EasyGPG-Installer. Open the folder, and double-click Install EasyGPG. This will create your new EasyGPG folder, and build all the files and folders inside it. Refresh the GUI file manager window to ensure the icons are correctly displayed.

If the Desktop files (all the Actions and the main Desktop file) do not work, you will need to install a graphical file manager that complies with the XDG standards: nemo, caja, pcmanfm, thunar, or dolphin. None of these has to be made the default graphical file manager. You only need to install one or more of them.

https://codeberg.org/giXzkGsc/EasyGPG/raw/branch/main/EasyGPG-Installer.tar.gz
https://archive.org/download/easygpg/EasyGPG-Installer.tar.gz

[The installer is also available at
http://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/EasyGPG-Installer.tar.gz (Onionland) and
http://easygpg2.i2p/EasyGPG-Installer.tar.gz (I2P)]

EasyGPG Web Sites
https://codeberg.org/giXzkGsc/EasyGPG Codeberg (clearnet)
https://archive.org/details/easygpg Internet Archive (clearnet)
http://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/ Tor Onion Service web site
http://easygpg2.i2p/ I2P eepsite

EasyGPG Tor Onion Gopher Hole
gopher://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/

EasyGPG Tor Onion Minus Server
minus://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/

For news about EasyGPG, click on the #easygpg tag.

This project has never been on GitHub, though another project with the same name has. This project is not related in any way to the German government, though another project with the same name is.

When using software, the greatest threat to privacy and security is the Internet. EasyGPG will not attempt to communicate with the Internet unless you tell it to read text from the Internet or check for a new version. I will make no attempt to discover who is using my software, where, when, how, or for what purpose.

#easygpg #gpg #encryption #privacy #surveillance #security #cryptography

57b731e9@nerdpol.ch
A6BDBF57_57B731E9

Minus Protocol and EasyGPG 4.55

Work on adding Minus support to EasyGPG is finished. I will wait 24 to 48 hours before I publish EasyGPG 4.55 to be certain that it is ready.

EasyGPG's Read text from the Internet will be the only way to read the EasyGPG Minus server until I (and possibly others) can produce some Minus clients.

Minus is based on Gopher. It is Gopher without the odd type codes and Gopher menus. Gopher menus are not human-readable. A Gopher client is necessary to present these menus in a human-friendly way.

Because Minus is based on Gopher, it is possible to translate Minus URLs into Gopher URLs. While you are waiting on EasyGPG 4.55, you can use EasyGPG 4.54.7 to browse the EasyGPG Minus server.

gopher://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion:1990/9/

This just replaces minus:// with gopher:// and adds :1990/9 after the TLD of the domain. This is actually the simple way that EasyGPG 4.55 supports Minus.

Of course, you must have Tor to use .onion domains. However, using EasyGPG, it is only necessary to have the Tor Browser running, and curl installed.

In the next few days I want to start development of a very simple Minus client and server that others can use. These will be implemented as BASH scripts. The CLI client will probably not make Minus URLs links, as required by the specification, so it will not yet be a complete client implementation. It will, however, handle Tor in the same user-friendly way that EasyGPG does.

I hope to make the server and client so easy to read and understand that others will produce their own better alternatives. This applies especially to Minus clients.

#internet #protocol #tcp #file-server #hypertext #http #gemini #gopher #minus #minus-protocol #easygpg #gpg #encryption #privacy #surveillance #security #cryptography

2 Likes
1 Shares