In days gone by I used to use #Enigmail to #ecrypt #e-mail messages where possible (precious few of my correspondents use encryption, sadly). This used to be an addon for #Thunderbird but support for it was dropped some time ago as native support for #OpenPGP was incorporated into it. After a long hiatus, I decided to get back to seeing how to use the new interface, particularly with version 102 of Thunderbird. It looks pretty easy once you've configured the settings.
"The market of the software to replace #GnuPG and the #OpenPGP infrastructure appears to be quite a topic on itself, the precondition to replace GnuPG being its complexity (which has gone to levels so high the official library to interface with GnuPG, gpgme, is literally a command-line wrapper[^1] to GnuPG)" gemini://tdem.in/post/pgp-alternatives.gmi
● NEWS ● #SequoiaPGP #Confidentiality ☞ #OpenPGP Card Support In Sequoia https://sequoia-pgp.org/blog/2021/12/20/202112-openpgp-card-ci/
"In this post I want to share how easy it is to use OpenPGP using the Stateless #OpenPGP Protocol (SOP)." https://blog.jabberhead.tk/2021/10/10/a-simple-openpgp-api/ #PGPainless
Source: https://www.zdnet.com/article/major-linux-rpm-problem-uncovered/
Why? Because RPM had never properly checked revoked certificate key handling. Specifically, as Linux and lead RPM developer Panu Matilainen explained: "Revocation is one of the many unimplemented things in rpm's #OpenPGP support. In other words, you're not seeing a bug as such; it's just not implemented at all, much like expiration is not."
This is a bad #security #vulnerability but with open source you have the chance to find it and better late than never. You can't say this often enough: "Open source can increase your security but someone with experience has to do a #codereview. If no one checked the code then everything is possible :(
#update #installation #software #opensource #floss #foss #centos #bug #certificate #patch #antipov #suse #redhat #enterprise #signature #fail
21.05.2021 Heise Newsticker: Mail-Verschlüsselung: Thunderbird schlampte mit PGP-Schlüsseln
GNARF! Sie hätten es wirklich bei Enigmail belassen sollen, bis ihr eigenes Produkt ausgereift ist. Alternative wäre gewesen, Enigmail zu integrieren, statt das Rad neu erfinden zu wollen.
To make it clear: There is no problem with #GPG, #PGP.
Nobody can read your encrypted emails in transit.
There is a problem with the your #mailclient the way it handles this emails!
The email clients are responsible to mitigate this (known) vulnerabilities.
You can see the problems with the mail clients in the graphic.
Here is the paper from the efail researchers.
Also see the answer of the GPG lead developer:
Here is how to mitigate the problem with #GPG emails in #Thunderbird:
Deactivate loading external content in the #Thunderbird settings „Privacy“ tab to disallow remote content in messages. Also choose 'View' > 'Message Body as' > 'Plain Text'.
There is currently no good solution for S/MIME. Don't use it if possible.
You can also consider using good and secure alternative messengers for communication, like Matrix, Wire, Threema or Signal.
eine zeimlich gute einführung in #pgp http://www.hauke-laging.de/sicherheit/openpgp.html #secureweb #crypto #weboftrust #trustedcomputing #thunderbird #openpgp #gnu #gnupg
