Superbacked is a "backup and succession planning app" for passwords, access to cryptocurrency keys, and such. You have a password manager with all your passwords, a phone that is locked, 2-factor authentication (2FA) or TOTP access credentials (this refers to things like Google Authenticator), and you want to be able to pass these on to your spouse or children if you pass away but remain in control while you're alive.

The solution here is to enable you to type all of this information into a big "secret box" that gets encrypted and printed out as a giant 2D bar code (like a QR code but much bigger) that can be scanned back in. The extra twist here is that one printout by itself isn't enough -- it uses a cryptographic algorithm called Shamir's Secret Sharing to require multiple to decrypt the secret -- your choice of 2 of 3, 3 of 5, or 4 of 7. (It will also let you do it without Shamir's Secret Sharing -- 1 of 1.) If you chose, for example, 2 of 3, and gave one to your spouse or children, put one in a safe deposit box, and gave the other to a lawyer designated with power of attorney after you die, then 2 out of those 3 would need to be brought together and scanned together to reveal the secret. Any 1 person acting alone will not be able to reveal the secret.

Introducing Superbacked, possibly the world's most advanced backup and succession planning app - Sun Knudsen

#solidstatelife #cryptography

"Shufflecake is a tool for Linux that allows creation of multiple hidden volumes on a storage device in such a way that it is very difficult, even under forensic inspection, to prove the existence of such volumes. Each volume is encrypted with a different secret key, scrambled across the empty space of an underlying existing storage medium, and indistinguishable from random noise when not decrypted. Even if the presence of the Shufflecake software itself cannot be hidden -- and hence the presence of secret volumes is suspected -- the number of volumes is also hidden. This allows a user to create a hierarchy of plausible deniability, where 'most hidden' secret volumes are buried under 'less hidden' decoy volumes, whose passwords can be surrendered under pressure. In other words, a user can plausibly 'lie' to a coercive adversary about the existence of hidden data, by providing a password that unlocks 'decoy' data. Every volume can be managed independently as a virtual block device, i.e. partitioned, formatted with any filesystem of choice, and mounted and dismounted like a normal disc. The whole system is very fast, with only a minor slowdown in I/O throughput compared to a bare LUKS-encrypted disk, and with negligible waste of memory and disc space."

"You can consider Shufflecake a 'spiritual successor' of tools such as Truecrypt and Veracrypt, but vastly improved. First of all, it works natively on Linux, it supports any filesystem of choice, and can manage up to 15 nested volumes per device, so to make deniability of the existence of these partitions really plausible."

Introducing Shufflecake: plausible deniability for multiple hidden filesystems on Linux

#solidstatelife #cryptography #steganography

Emperor Charles V's secret code cracked after five centuries | Spain | The Guardian

#science #history #cryptography

https://www.theguardian.com/world/2022/nov/24/emperor-charles-vs-secret-code-cracked-after-five-centuries

Signal is blocked in Iran but apparently it's possible to set up proxy servers inside the country that enable the app to work.

#solidstatelife #cryptography #geopolitics #iran

https://www.vice.com/en/article/v7vz58/signal-is-asking-people-around-the-world-to-help-iranians-access-the-encrypted-app

"The image in this tweet displays its own MD5 hash. You can download and hash it yourself, and it should still match - 1337e2ef42b9bee8de06a4d223a51337. I think this is the first PNG/MD5 hashquine."

I downloaded the image and calculated the MD5 hash and sure enough, MD5 (hashquine_by_retro0id.png) = 1337e2ef42b9bee8de06a4d223a51337.

The image in this tweet displays its own MD5 hash

#cryptography

NIST’s Post-Quantum Cryptography Standards

https://www.schneier.com/blog/archives/2022/08/nists-post-quantum-cryptography-standards.html

The moral is the need for cryptographic agility. It’s not enough to implement a single standard; it’s vital that our systems be able to easily swap in new algorithms when required. We’ve learned the hard way how algorithms can get so entrenched in systems that it can take many years to update them: in the transition from DES to AES, and the transition from MD4 and MD5 to SHA, SHA-1, and then SHA-3.

#privacy #security #surveillance #cryptography #encryption #quantum-computing #quantum-computers #quantum-resistant-algorithms #post-quantum-cryptography #nist #algorithms #cryptanalysis #quantum-cryptography

Post-Quantum Cryptography: Another Candidate Falls

NIST has already selected CRYSTALS-KYBER as a quantum-resistant TLS algorithm, but was still considering four others for future selection. Now only three.

SIKE has been broken, with an ordinary PC. Now it's just BIKE, Classic McEliece, and HQC as possible alternatives to CRYSTALS-KYBER.

https://csrc.nist.gov/Projects/post-quantum-cryptography/round-4-submissions
https://csrc.nist.gov/Projects/post-quantum-cryptography/selected-algorithms-2022
https://arstechnica.com/information-technology/2022/08/sike-once-a-post-quantum-encryption-contender-is-koed-in-nist-smackdown/

#cryptography #quantum-computer #quantum-computers #quantum-computing #privacy #safety #security #surveillance #tls #transport-security

Постквантовая криптография как новый стандарт

Появление достаточно мощного квантового компьютера сделает неактуальными традиционные средства криптографии, поэтому уже сейчас разрабатываются постквантовые алгоритмы инкапсуляции ключа и электронной подписи. Они основаны на принципиально других математических задачах, которые останутся вычислительно сложными даже для квантовых процессоров. Такие исследовательские работы всё активнее ведутся в последние годы — как в России, так и за рубежом.

В июне специалисты российской компании «Криптонит» предоставили Техническому комитету по стандартизации «Криптографическая защита информации» (ТК26) Росстандарта пакет документов по разработанной ими постквантовой электронной подписи (ЭП) «Шиповник» (подробнее о ней см. статью «От Штерна до «Шиповника»: как изменится ЭЦП в постквантовую эру»).

Стойкость этой схемы базируется на задаче декодирования случайного линейного кода, которая является вычислительно сложной. Иными словами, в основу схемы подписи легли коды, исправляющие ошибки. Они часто применяются в телекоммуникациях, а их свойства хорошо изучены.

В пакет документов вошло описание схемы, теоретическое обоснование её стойкости, обоснование выбора параметров, а также модельная реализация. Теперь в течение нескольких месяцев лучшие эксперты России по кодам будут заниматься верификацией и обсуждением переданных материалов. При успешном прохождении проверок схема «Шиповник» может стать первым постквантовым криптографическим стандартом в России. У нас есть все основания рассчитывать на это — ведь статья с её обоснованием уже принята в печать в журнале «Прикладная дискретная математика», который рецензируется Scopus и Web of Science. Выход статьи запланирован на сентябрь этого года.

На Западе аналогичные работы начались раньше и проводятся более масштабно. В начале июля 2022 г. американский национальный институт стандартов и технологий (NIST) завершил третий этап конкурса постквантовых схем инкапсуляции ключа и электронной подписи, стартовавший в 2016 году.

В первом раунде было представлено 69 алгоритмов. Из них до финала дошли только 3 схемы ЭП: две из них, CRYSTALS-Dilithium и Falcon, построены на основе целочисленных решёток, а третья — SPHINCS+, строится на основе хэш-функций. Схемы подписи на кодах, исправляющих ошибки, в финал не вошли.

Скорее всего, это связано с тем, что к моменту старта конкурса (2016 год) в научном сообществе не было четкого понимания, какой именно должна быть электронная подпись на кодах. Из-за этого в каждом из предложенных на конкурс вариантов были найдены критические ошибки, и соответствующие работы не смогли пройти даже во второй тур конкурса.

«При работе над нашей схемой подписи мы решили не ориентироваться на NIST, а пойти своим путём. С ним тоже не все так гладко — размер подписи измеряется в сотнях килобайт. Но зато нет вопросов к безопасности схемы — в ней мы уверены», — поясняет специалист-исследователь лаборатории криптографии компании «Криптонит» Виктория Высоцкая.

Схема «Шиповник» обладает рядом значительных преимуществ, выделяющих её на фоне других. Среди них – небольшой размер открытого ключа, что ускоряет обмен ключами и уменьшает трафик. По этому параметру «Шиповник» превосходит все подписи на решетках. Самое же главное — стойкость схемы была полностью обоснована, причём доказательство построено с опорой лишь на те математические задачи, которые уже являются доказано сложными.

Про электронные подписи, вышедшие в финал конкурса NIST, такого сказать нельзя. Так, строгое обоснование стойкости приведено только в схемах CRYSTALS-Dilithium и SPHINCS+. Однако даже они строятся на предположении о сложности ряда задач, сложность которых не доказана. Из всех финалистов алгоритм SPHINCS+ самый трудный в реализации, да и работает он медленнее. Однако этот алгоритм был оставлен как резервный вариант, поскольку он единственный построен на другом математическом базисе — на основе хэш-функций, а не решёток.

Помимо схем электронной подписи, в финал NIST прошла одна схема инкапсуляции ключа — CRYSTALS-Kyber. Она обеспечивает защищённый механизм инкапсуляции ключей на основе ассиметричного шифрования и преобразования Фуджисаки–Окамото. Среди её преимуществ члены жюри отметили сравнительно небольшие ключи шифрования, которыми легко обмениваться, а также высокую скорость работы. При этом её доказательство строится на основе предположений о сложности задач, которые не являются доказано сложными.

Аббревиатура CRYSTALS расшифровывается как «криптографический пакет для алгебраических решеток». Существующий консенсус среди математиков состоит в том, что, по мере увеличения размерности решёток, требуемое для решения этих задач время будет расти экспоненциально. Поэтому задачи на решётках считаются стойкими к атакам с использованием классического компьютера. Однако вопрос стойкости к квантовым атакам остается открытым.

Ещё четыре схемы инкапсуляции ключа были оставлены членами жюри на дальнейшее рассмотрение. Среди них одна схема построена на изогениях (SIKE), а три – на кодах, исправляющих ошибки (McEliece, BIKE и HQC).

В рамках работ ТК26 компания «Криптонит» разрабатывает отечественный аналог схемы инкапсуляции ключа на основе кодов, исправляющих ошибки. В схеме будут использованы самые перспективные решения, аналоги которых предложены в прошедших отбор схемах с конкурса NIST.

Руководители NIST рассчитывают представить черновой вариант постквантового криптографического стандарта к 2025 году. Российские специалисты готовы разработать его примерно в те же сроки, причём с более строгим обоснованием стойкости каждого алгоритма.

Как признается разработчик трёх из четырёх вышедших в финал алгоритмов Питер Швабе: «Некоторые люди сомневаются в работе NIST, опасаясь, что агентство может стандартизировать методы шифрования по указанию АНБ, оставив бэкдоры для американской разведывательной службы. Мы точно знаем, что это уже происходило в прошлом. Однако теперь в проверку предложенных на конкурс алгоритмов вовлечены не только специалисты NIST, но и всё глобальное криптографическое сообщество».

#шифрование #криптография #CRYSTALS-Dilithium #Falcon #SPHINCS+ #стандарт #NIST #защита #математика #lang_ru #lang-ru #encryption #cryptography #standard #protection #mathematics

Источник

Version 4.57.1 of EasyGPG is Published

EasyGPG is an easy-to-use GUI for GPG that uses Zenity and XClip.

The following changes were made.

• Parsing of the URL has been improved in the Read text from the Internet Action (command-line --ru).

The sha256sum of this new version of easygpg.sh is 23e00144b5ea57126dd8d7c60488f487c5051d5fc403aa0317fb5d517f7a8a1c.

---

To update to this new version, just double-click Check for a new version of EasyGPG in the EasyGPG-Actions folder (or, if your version is earlier than 4.0, select Check for a new version of EasyGPG in the main menu).

If you update from a very old version, check to make sure you have the latest version. If not, update again.

To update a copy of EasyGPG older than 3.0, use the installer (below), but select your already-existing EasyGPG folder. If you do this correctly, you will be asked whether or not you want to replace the existing EasyGPG. Click “Replace” to replace your old version of EasyGPG with the latest version.

To install EasyGPG for the first time, click on one of the following links. This is a tar.gz file. Extract the contents of the file, which will be a folder called EasyGPG-Installer. Open the folder, and double-click Install EasyGPG. This will create your new EasyGPG folder, and build all the files and folders inside it. Refresh the GUI file manager window to ensure the icons are correctly displayed.

If the Desktop files (all the Actions and the main Desktop file) do not work, you will need to install a graphical file manager that complies with the XDG standards: nemo, caja, pcmanfm, thunar, or dolphin. None of these has to be made the default graphical file manager. You only need to install one or more of them.

https://codeberg.org/giXzkGsc/EasyGPG/raw/branch/main/EasyGPG-Installer.tar.gz
https://archive.org/download/easygpg/EasyGPG-Installer.tar.gz

[The installer is also available at
http://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/EasyGPG-Installer.tar.gz (Onionland) and
http://easygpg2.i2p/EasyGPG-Installer.tar.gz (I2P).]

EasyGPG Web Sites
https://codeberg.org/giXzkGsc/EasyGPG Codeberg (clearnet)
https://archive.org/details/easygpg Internet Archive (clearnet)
http://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/ Tor Onion Service web site
http://easygpg2.i2p/ I2P eepsite

EasyGPG Tor Onion Gopher Hole
gopher://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/

EasyGPG Tor Onion Minus Server
minus://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/

For news about EasyGPG, click on the #easygpg tag.

---

This project has never been on GitHub, though another project with the same name has. This project is not related in any way to the German government, though another project with the same name is.

When using software, the greatest threat to privacy and security is the Internet. EasyGPG will not attempt to communicate with the Internet unless you tell it to read a file from the Internet or check for a new version. I will make no attempt to discover who is using my software, where, when, how, or for what purpose.

#easygpg #gpg #encryption #privacy #surveillance #security #cryptography

Visual Cryptography For Physical Keyrings

#mischacks #cryptography #lasercut #visual #hackaday
posted by pod_feeder_v2

Why You Should Totally Roll Your Own AES Cryptography

#softwaredevelopment #aes #cryptography #security #software #hackaday
posted by pod_feeder_v2

Version 4.57 of EasyGPG is Published

EasyGPG is an easy-to-use GUI for GPG that uses Zenity and XClip.

The following changes were made.

• Read text from the Internet is now Read a file from the Internet. The command-line option, --ru, has not changed.
• Read a file from the Internet will try, first, to read a file as text. If that fails, it will offer to download the file to a file on your machine. This feature makes EasyGPG an almost complete Minus client. It will certainly serve as a "stopgap" until I or others can write a complete client.
• Previous versions of EasyGPG, when updating, checked that easygpg.asc was completely downloaded before verifying its signature. This new version also checks that version.txt was properly downloaded before comparing the version numbers.

The sha256sum of this new version of easygpg.sh is f9479bead7442fa67e1016ea4b26b0d077a1900be5a3f34bbed42e47b34daef7.

---

To update to this new version, just double-click Check for a new version of EasyGPG in the EasyGPG-Actions folder (or, if your version is earlier than 4.0, select Check for a new version of EasyGPG in the main menu).

If you update from a very old version, check to make sure you have the latest version. If not, update again.

To update a copy of EasyGPG older than 3.0, use the installer (below), but select your already-existing EasyGPG folder. If you do this correctly, you will be asked whether or not you want to replace the existing EasyGPG. Click “Replace” to replace your old version of EasyGPG with the latest version.

To install EasyGPG for the first time, click on one of the following links. This is a tar.gz file. Extract the contents of the file, which will be a folder called EasyGPG-Installer. Open the folder, and double-click Install EasyGPG. This will create your new EasyGPG folder, and build all the files and folders inside it. Refresh the GUI file manager window to ensure the icons are correctly displayed.

If the Desktop files (all the Actions and the main Desktop file) do not work, you will need to install a graphical file manager that complies with the XDG standards: nemo, caja, pcmanfm, thunar, or dolphin. None of these has to be made the default graphical file manager. You only need to install one or more of them.

https://codeberg.org/giXzkGsc/EasyGPG/raw/branch/main/EasyGPG-Installer.tar.gz
https://archive.org/download/easygpg/EasyGPG-Installer.tar.gz

[The installer is also available at
http://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/EasyGPG-Installer.tar.gz (Onionland) and
http://easygpg2.i2p/EasyGPG-Installer.tar.gz (I2P)]

EasyGPG Web Sites
https://codeberg.org/giXzkGsc/EasyGPG Codeberg (clearnet)
https://archive.org/details/easygpg Internet Archive (clearnet)
http://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/ Tor Onion Service web site
http://easygpg2.i2p/ I2P eepsite

EasyGPG Tor Onion Gopher Hole
gopher://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/

EasyGPG Tor Onion Minus Server
minus://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/

For news about EasyGPG, click on the #easygpg tag.

---

This project has never been on GitHub, though another project with the same name has. This project is not related in any way to the German government, though another project with the same name is.

When using software, the greatest threat to privacy and security is the Internet. EasyGPG will not attempt to communicate with the Internet unless you tell it to read text from the Internet or check for a new version. I will make no attempt to discover who is using my software, where, when, how, or for what purpose.

#easygpg #gpg #encryption #privacy #surveillance #security #cryptography

Lift the Veil On RSA With This RSA Calculator

#securityhacks #calculator #cryptography #rsa #rsaencryption #hackaday
posted by pod_feeder_v2

End-to-end encryption’s central role in modern self-defense

Encryption has never been more important for protection—and civil disobedience.

https://arstechnica.com/information-technology/2022/07/end-to-end-encryptions-central-role-in-modern-self-defense/

Lackey points out that there are parallels between encryption and firearms, as laid out in the Second Amendment, an observation that others have explored at times. The crucial element, though, is the connection to a right to self-defense, which the Supreme Court’s Second Amendment absolutists cite repeatedly as the law’s “central component.”

In fact, at one time useful encryption software was regulated as a munition.

I think this is an important point to make. Encryption is self-defense. It's a kind of self-defense that we should have a legal right to use.

#encryption #cryptography #privacy #surveillance #security #self-defense

EasyGPG’s Tor Onion Service Has Upgraded to Tor 0.4.7.8

EasyGPG is an easy-to-use GUI for GPG that uses Zenity and XClip.

This affects all three of the services: the HTTP server, the Gopher server, and the Minus server.

http://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/
gopher://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/
minus://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/

The most recent release of the Tor Browser also uses this same version of Tor.

Changes in version 0.4.7.8 - 2022-06-17
  This version fixes several bugfixes including a High severity security issue
  categorized as a Denial of Service. Everyone running an earlier version
  should upgrade to this version.

  o Major bugfixes (congestion control, TROVE-2022-001):
    - Fix a scenario where RTT estimation can become wedged, seriously
      degrading congestion control performance on all circuits. This
      impacts clients, onion services, and relays, and can be triggered
      remotely by a malicious endpoint. Tracked as CVE-2022-33903. Fixes
      bug 40626; bugfix on 0.4.7.5-alpha.

  o Minor features (fallbackdir):
    - Regenerate fallback directories generated on June 17, 2022.

  o Minor features (geoip data):
    - Update the geoip files to match the IPFire Location Database, as
      retrieved on 2022/06/17.

  o Minor bugfixes (linux seccomp2 sandbox):
    - Allow the rseq system call in the sandbox. This solves a crash
      issue with glibc 2.35 on Linux. Patch from pmu-ipf. Fixes bug
      40601; bugfix on 0.3.5.11.

  o Minor bugfixes (logging):
    - Demote a harmless warn log message about finding a second hop to
      from warn level to info level, if we do not have enough
      descriptors yet. Leave it at notice level for other cases. Fixes
      bug 40603; bugfix on 0.4.7.1-alpha.
    - Demote a notice log message about "Unexpected path length" to info
      level. These cases seem to happen arbitrarily, and we likely will
      never find all of them before the switch to arti. Fixes bug 40612;
      bugfix on 0.4.7.5-alpha.

  o Minor bugfixes (relay, logging):
    - Demote a harmless XOFF log message to from notice level to info
      level. Fixes bug 40620; bugfix on 0.4.7.5-alpha.

#easygpg #gpg #encryption #privacy #surveillance #security #cryptography #tor

EasyGPG Installer 1.22 is Published

EasyGPG is an easy-to-use GUI for GPG that uses Zenity and XClip.

This new version of the installer uses the EasyGPG Tor Onion Minus server to download EasyGPG, instead of the Tor Onion Gopher hole.

---

To install EasyGPG for the first time, click on one of the following links. This is a .tar.gz file. Extract the contents of the file, which will be a folder called EasyGPG-Installer. Open the folder, and double-click Install EasyGPG. This will create your new EasyGPG folder, and build all the files and folders inside it.

https://archive.org/download/easygpg/EasyGPG-Installer.tar.gz
https://codeberg.org/giXzkGsc/EasyGPG/raw/branch/main/EasyGPG-Installer.tar.gz

[The installer is also available at
http://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/EasyGPG-Installer.tar.gz (Onionland web site),
http://easygpg2.i2p/EasyGPG-Installer.tar.gz (I2P),
minus://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/EasyGPG-Installer.tar.gz (Onionland Minus server), and
gopher://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/9/EasyGPG-Installer.tar.gz (Onionland gopher hole)]

EasyGPG on the Internet
https://archive.org/details/easygpg Internet Archive (clearnet)
https://codeberg.org/giXzkGsc/EasyGPG Codeberg (clearnet)
http://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/ Tor Onion Service web site
http://easygpg2.i2p/ I2P eepsite
gopher://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/ Tor Onion Service gopher hole
minus://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/ Tor Onion Service Minus server

For news about EasyGPG, click on the #easygpg tag.

#easygpg #gpg #encryption #privacy #surveillance #security #cryptography

Version 4.56 of EasyGPG is Published

EasyGPG is an easy-to-use GUI for GPG that uses Zenity and XClip.

The following changes were made.

• When Tor is available, EasyGPG now uses the Tor Onion Service Minus server to update instead of the Gopher server.
• Some code has been consolidated making this new version 117 bytes smaller than the previous version.

I plan to update the EasyGPG installer soon. It will also use the Minus server instead of the Gopher server.

In several hours I plan to publish a simple but complete Minus server, implemented as a BASH script. The server will meet all the requirements of the published Minus specification. I will also publish a new version of the specification which corrects a small error in my choice of words.

Finally, I also plan to publish some scripts to make your Minus server available as a Tor Onion Service.

The sha256sum of this new version of easygpg.sh is 4742e66b2cfee8b9d8143a25c5a7b8fdaa2464a95398dfc31c4fbbb5e7e46609.

---

To update to this new version, just double-click Check for a new version of EasyGPG in the EasyGPG-Actions folder (or, if your version is earlier than 4.0, select Check for a new version of EasyGPG in the main menu).

If you update from a very old version, check to make sure you have the latest version. If not, update again.

To update a copy of EasyGPG older than 3.0, use the installer (below), but select your already-existing EasyGPG folder. If you do this correctly, you will be asked whether or not you want to replace the existing EasyGPG. Click “Replace” to replace your old version of EasyGPG with the latest version.

To install EasyGPG for the first time, click on one of the following links. This is a tar.gz file. Extract the contents of the file, which will be a folder called EasyGPG-Installer. Open the folder, and double-click Install EasyGPG. This will create your new EasyGPG folder, and build all the files and folders inside it. Refresh the GUI file manager window to ensure the icons are correctly displayed.

If the Desktop files (all the Actions and the main Desktop file) do not work, you will need to install a graphical file manager that complies with the XDG standards: nemo, caja, pcmanfm, thunar, or dolphin. None of these has to be made the default graphical file manager. You only need to install one or more of them.

https://codeberg.org/giXzkGsc/EasyGPG/raw/branch/main/EasyGPG-Installer.tar.gz
https://archive.org/download/easygpg/EasyGPG-Installer.tar.gz

[The installer is also available at
http://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/EasyGPG-Installer.tar.gz (Onionland) and
http://easygpg2.i2p/EasyGPG-Installer.tar.gz (I2P)]

EasyGPG Web Sites
https://codeberg.org/giXzkGsc/EasyGPG Codeberg (clearnet)
https://archive.org/details/easygpg Internet Archive (clearnet)
http://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/ Tor Onion Service web site
http://easygpg2.i2p/ I2P eepsite

EasyGPG Tor Onion Gopher Hole
gopher://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/

EasyGPG Tor Onion Minus Server
minus://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/

For news about EasyGPG, click on the #easygpg tag.

---

This project has never been on GitHub, though another project with the same name has. This project is not related in any way to the German government, though another project with the same name is.

When using software, the greatest threat to privacy and security is the Internet. EasyGPG will not attempt to communicate with the Internet unless you tell it to read text from the Internet or check for a new version. I will make no attempt to discover who is using my software, where, when, how, or for what purpose.

#easygpg #gpg #encryption #privacy #surveillance #security #cryptography

Version 4.55 of EasyGPG is Published

EasyGPG is an easy-to-use GUI for GPG that uses Zenity and XClip.

The following changes were made.

• The Read text from the Internet Action now does a better job of recognizing URLs in the copied text.
• The Read text from the Internet Action now supports the Minus protocol.

The Read text from the Internet Action was intended to make it easy to import PGP keys and read PGP messages directly from the Internet. Now it also provides a "stopgap" way to browse Minus sets, like the EasyGPG Minus set.

The EasyGPG Gopher hole is not the only Tor Onion Service Gopher hole, so EasyGPG may also be a "stopgap" Tor Onion Gopher browser.

I hope to develop a stand-alone browser for both Gopher and Minus in the next several weeks. It may not, at first, be as easy to follow links with this browser as we would like. Perhaps others will develop better alternatives.

The sha256sum of this new version of easygpg.sh is c415c4121d0bd7da385af17b5012bf35f31e08b13469671e138fe71f88d0cd4c.

---

To update to this new version, just double-click Check for a new version of EasyGPG in the EasyGPG-Actions folder (or, if your version is earlier than 4.0, select Check for a new version of EasyGPG in the main menu).

If you update from a very old version, check to make sure you have the latest version. If not, update again.

To update a copy of EasyGPG older than 3.0, use the installer (below), but select your already-existing EasyGPG folder. If you do this correctly, you will be asked whether or not you want to replace the existing EasyGPG. Click “Replace” to replace your old version of EasyGPG with the latest version.

To install EasyGPG for the first time, click on one of the following links. This is a tar.gz file. Extract the contents of the file, which will be a folder called EasyGPG-Installer. Open the folder, and double-click Install EasyGPG. This will create your new EasyGPG folder, and build all the files and folders inside it. Refresh the GUI file manager window to ensure the icons are correctly displayed.

If the Desktop files (all the Actions and the main Desktop file) do not work, you will need to install a graphical file manager that complies with the XDG standards: nemo, caja, pcmanfm, thunar, or dolphin. None of these has to be made the default graphical file manager. You only need to install one or more of them.

https://codeberg.org/giXzkGsc/EasyGPG/raw/branch/main/EasyGPG-Installer.tar.gz
https://archive.org/download/easygpg/EasyGPG-Installer.tar.gz

[The installer is also available at
http://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/EasyGPG-Installer.tar.gz (Onionland) and
http://easygpg2.i2p/EasyGPG-Installer.tar.gz (I2P)]

EasyGPG Web Sites
https://codeberg.org/giXzkGsc/EasyGPG Codeberg (clearnet)
https://archive.org/details/easygpg Internet Archive (clearnet)
http://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/ Tor Onion Service web site
http://easygpg2.i2p/ I2P eepsite

EasyGPG Tor Onion Gopher Hole
gopher://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/

EasyGPG Tor Onion Minus Server
minus://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/

For news about EasyGPG, click on the #easygpg tag.

---

This project has never been on GitHub, though another project with the same name has. This project is not related in any way to the German government, though another project with the same name is.

When using software, the greatest threat to privacy and security is the Internet. EasyGPG will not attempt to communicate with the Internet unless you tell it to read text from the Internet or check for a new version. I will make no attempt to discover who is using my software, where, when, how, or for what purpose.

#easygpg #gpg #encryption #privacy #surveillance #security #cryptography

Minus Protocol and EasyGPG 4.55

Work on adding Minus support to EasyGPG is finished. I will wait 24 to 48 hours before I publish EasyGPG 4.55 to be certain that it is ready.

EasyGPG's Read text from the Internet will be the only way to read the EasyGPG Minus server until I (and possibly others) can produce some Minus clients.

Minus is based on Gopher. It is Gopher without the odd type codes and Gopher menus. Gopher menus are not human-readable. A Gopher client is necessary to present these menus in a human-friendly way.

Because Minus is based on Gopher, it is possible to translate Minus URLs into Gopher URLs. While you are waiting on EasyGPG 4.55, you can use EasyGPG 4.54.7 to browse the EasyGPG Minus server.

gopher://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion:1990/9/

This just replaces minus:// with gopher:// and adds :1990/9 after the TLD of the domain. This is actually the simple way that EasyGPG 4.55 supports Minus.

Of course, you must have Tor to use .onion domains. However, using EasyGPG, it is only necessary to have the Tor Browser running, and curl installed.

In the next few days I want to start development of a very simple Minus client and server that others can use. These will be implemented as BASH scripts. The CLI client will probably not make Minus URLs links, as required by the specification, so it will not yet be a complete client implementation. It will, however, handle Tor in the same user-friendly way that EasyGPG does.

I hope to make the server and client so easy to read and understand that others will produce their own better alternatives. This applies especially to Minus clients.

#internet #protocol #tcp #file-server #hypertext #http #gemini #gopher #minus #minus-protocol #easygpg #gpg #encryption #privacy #surveillance #security #cryptography

European Commission prefers breaking privacy to protecting kids

As always, an interesting read from Ross Anderson:

So there we have it: an attack on cryptography, designed to circumvent EU laws against bulk surveillance by using a populist appeal to child protection, appears likely to harm children instead..

https://www.lightbluetouchpaper.org/2022/05/11/european-commission-prefers-breaking-privacy-to-protecting-kids/

Why not listen to the experts, @{https://social.network.europa.eu/@EU_Commission} ?

#crypto #cryptography #privacy #eu #politics