0 Persons are tagged with #gpg

#gpg

utzer@social.yl.ms
utzer [Friendica]

Upload some #GPG / #PGP key from CLI does not work. Why?

gpg --keyserver pgp.mit.edu --send-keys FB3110E80DAA7AE33E45850DA3401A895B9295A2
gpg: sending key A3401A895B9295A2 to hkp://pgp.mit.edu
gpg: keyserver send failed: Server indicated a failure

#Linux

2 Likes
3 Comments
anonymiss@despora.de
anonymiss

How to send a #password securely over an unsecured #connection

A relatively common task for me as a hacktivist is to set up secure #communication channels for technologically innocent newbies. I could of course explain to them how #GPG works, but this often fails due to the lack of will to understand and download and install the programs. Very often I use #XMPP server inside the #onion network (TOR) for #communication. The target must install the Tor #browser for this and can then use an XMPP web client. I can set all that up. The only problem is how do I send the authentication data for the XMPP access securely over an unencrypted connection?

I use #PrivateBin for this #problem: https://privatebin.info

PrivateBin is a #PastBin with encryption and burn after reading features. I post a message on PrivateBin with all the information and burn after reading. The message is encrypted and can only be decrypted with a parameter send together with the URI. The URI can look like this:

https://privatebin.net/?55ac2c8792cb12b9#3fQw1R8SAAQUUGsoa7nDdkYwq34Pzw6GQeSA56v5nusq

If the user can log in, then the authentication data has reached him without being compromised. After that, everything else can be discussed over an encrypted connection. If the user cannot log in, the data may have been intercepted. If you operate the PrivateBin server yourself, you can see which IP has accessed it. You should change the XMPP server and create new authentication in this case.

It can happen that with a weak internet connection the page cannot be loaded completely and when you press reload, of course it doesn't work because the page only works once due to the "burn after reading". Then you have to send the whole thing again with a newly generated URI. But if this does not work several times you should be very careful. Secret service agents like to play the fool in order to tempt you to use unsecured communication channels that are easier for them to wiretap.

#wisdom #knowledge #internet #instruction #security #privacy #surveillance #encryption

5 Likes
3 Comments
1 Shares
57b731e9@nerdpol.ch
A6BDBF57_57B731E9

Version 4.49.4 of EasyGPG is Published

EasyGPG is an easy-to-use GUI for GPG that uses Zenity and XClip.

This is a bug-fix version.

  • A bug was fixed that could cause someone updating from a very old version to lose keys from the keyrings.

The sha256sum of this new version of easygpg.sh is 14a1ddcabd47e760a829ba41d0023ce5375022d62d49c2ba41a77d937f586315.

To update to this new version, just double-click Check for a new version of EasyGPG in the EasyGPG-Actions folder (or, if your version is earlier than 4.0, select Check for a new version of EasyGPG in the main menu).

If you update from a very old version, check to make sure you have the latest version. If not, update again.

To update a copy of EasyGPG older than 3.0, use the installer (below), but select your already-existing EasyGPG folder. If you do this correctly, you will be asked whether or not you want to replace the existing EasyGPG. Click “Replace” to replace your old version of EasyGPG with the latest version.

To install EasyGPG for the first time, click on one of the following links. This is a tar.gz file. Extract the contents of the file, which will be a folder called EasyGPG-Installer. Open the folder, and double-click Install EasyGPG. This will create your new EasyGPG folder, and build all the files and folders inside it.

If the Desktop files (all the Actions and the main Desktop file) do not work, you will need to install a graphical file manager that complies with the XDG standards: nemo, caja, pcmanfm, thunar, or dolphin.

https://archive.org/download/easygpg/EasyGPG-Installer.tar.gz
https://codeberg.org/giXzkGsc/EasyGPG/raw/branch/main/EasyGPG-Installer.tar.gz

[The installer is also available at
http://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/EasyGPG-Installer.tar.gz (Onionland),
http://easygpg2.i2p/EasyGPG-Installer.tar.gz (I2P), and
http://127.0.0.1:43110/1EiCNMUtTVvY34bp4XynVSaR8UdrzvngRi/EasyGPG-Installer.tar.gz (ZeroNet).]

EasyGPG Web Sites
https://archive.org/details/easygpg Internet Archive (clearnet)
https://codeberg.org/giXzkGsc/EasyGPG Codeberg (clearnet)
http://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/ Tor Onion Service site
http://easygpg2.i2p/ I2P eepsite
http://127.0.0.1:43110/1EiCNMUtTVvY34bp4XynVSaR8UdrzvngRi/ ZeroNet zite

For news about EasyGPG, click on the #easygpg tag.

This project has never been on GitHub, though another project with the same name has. This project is not related in any way to the German government, though another project with the same name is.

When using software, the greatest threat to privacy and security is the Internet. EasyGPG will not attempt to communicate with the Internet unless you tell it to read text from the Internet or check for a new version. I will make no attempt to discover who is using my software, where, when, how, or for what purpose.

#easygpg #gpg #encryption #privacy #surveillance #security #cryptography

1 Shares
grey@pod.tchncs.de
grey

In no particular order, web sites like OpenStreetMap, Wikipedia, Archive.Org, Sci-Hub, tools like I2P, Tor, IRC, GPG, OMEMO, OTR, and open and federated protocols like Jabber, Email, Diaspora and ActivityPub are the most important projects on the internet and should be protected and exalted.

#openstreetmap #osm #android #wikipedia #wiki #archive #archive.org #scihub #sci-hub #diaspora #email #jabber #xmpp #activitypub #mastodon #email #freesoftware #internet #thefederation #irc #gpg #pgp #omemo #otr

14 Likes
2 Shares
hucste@framasphere.org
hucste { Pengouin(BSD|Pdt) }

#Debian : #apt-key obsolète depuis 2020. Comment faire pour gérer correctement l'ajout des clés #GPG, maintenant, pour l'utilisation avec #apt ?!

Ce sujet "collaboratif" tente d'apporter une réponse viable, facile à comprendre, bien que légèrement compliquée pour un débutant :

PS : Pour rappel, apt-key n'existera plus après Debian 11 !
Lire le man page ;-)

Apt : ajout correct d'une clé GPG

Depuis 2020, ajouter une clé GPG pour les dépôts utilisés par apt ne doit plus se faire par le biais de la commande apt-key ; celle-ci est déclaré obsolète ET ne doit plus être utilisée - même s’il y a de « vieux grincheux » qui s’y essayent...

salinger3@diaspora-fr.org
Salinger 3

We Should All Have Something To Hide

Jun 12, 2013

Suddenly, it feels like 2000 again. Back then, surveillance programs like Carnivore, Echelon, and Total Information Awareness helped spark a surge in electronic privacy awareness. Now a decade later, the recent discovery of programs like PRISM, Boundless Informant, and FISA orders are catalyzing renewed concern.

The programs of the past can be characterized as “proximate” surveillance, in which the government attempted to use technology to directly monitor communication themselves. The programs of this decade mark the transition to “oblique” surveillance, in which the government more often just goes to the places where information has been accumulating on its own, such as email providers, search engines, social networks, and telecoms.

Both then and now, privacy advocates have typically come into conflict with a persistent tension, in which many individuals don’t understand why they should be concerned about surveillance if they have nothing to hide. It’s even less clear in the world of “oblique” surveillance, given that apologists will always frame our use of information-gathering services like a mobile phone plan or GMail as a choice.

-----> We’re All One Big Criminal Conspiracy

https://moxie.org/2013/06/12/we-should-all-have-something-to-hide.html

#internet #privacy #signal #moxie #pgp #security #law #gpg #encryption

4 Likes
dredmorbius@joindiaspora.com
Doc Morbius (moved to Glasswings)

Tom Ptacek on PGP/GPG alternatives

The high bit of the right answer to this question is that you don’t want to replace PGP; one of the things we’ve learned in 29 years is that you don’t want a single tool to do lots of different cryptographic things, because different applications have different cryptographic needs.

For package signing: use something in the signify/minisign family.

To encrypt a network transport, use WireGuard.

To protect a web transaction on the wire, TLS 1.3.

For transferring files: use Magic Wormhole.

For backups: use something like Tarsnap or restic.

For messaging: use something that does Signal Protocol.

To protect files at rest, use encrypted DMGs (or your OS’s equivalent, like encrypted loop mounts).

To encrypt individual files — a niche ask — use Filippo’s ungooglable “age”.

From an HN thread: https://news.ycombinator.com/item?id=27430624

#pgp #gpg #gnupg #encryption #cryptography #pki #signing #privacy #dataSecurity #TomPtacek #tptacek

9 Likes
14 Comments
11 Likes
6 Comments
2 Shares
wisbit@diasp.org
Wisbit

I am reading more and more articles about how it's very important to encrypt / sign all communications, hence the use of gpg etc ... so I'm polling around. among my relatives and "regular" friends, I get laughs or simply "this is a bit too complicated don't you think ... is it really necessary, I don't have anything to hide ...blahblahblah ..." ... now among my online friends, what's the rating of people here actually encrypting all mails using private/public keys

mail encryption

#encryption #gpg #gnupg #pgp #pki #protectyourcoms #dataencryption

zem42@diasp.eu
Carsten

Mal eine Frage an die Community. Ich benutze seit kurzer Zeit mit zunehmender Begeisterung DeltaChat in der aktuellen Version auf F-Droid.
Auf meinem Rechner und Laptop läuft Gentoo mit jeweils stable Thunderbird-60.7.2, Enigmail-2.0.8 und GPG-2.2.17.
Bisher hat jeder Versuch meinen privaten Schlüssel per Autocrypt-Nachricht in Thunderbird zu importieren zur Meldung geführt ich habe den falschen Code eingegeben (trotz mehrfacher Versuche und penibler Kontrolle), ein paar Mal kam auch die Meldung der zu importierende Key sei kaputt.
Auch der einmalige Versuch den Key zu exportieren und über GPG dann händisch zu importieren scheiterte an einem kaputten Key. Oder daran, dass ich seit Jahren nichts mehr mit GPG auf der Kommandozeile gemacht und mich dumm angestellt habe.
Ist irgendwer über ein vergleichbares Problem gestolpert und kann mir 'nen Tipp geben was ich übersehe? Danke!
#deltachat #enigmail #thunderbird #pgp #gpg #linux #gentoo

koobaa@diasp.eu
KooBaa

#OpenPGP and GPG and S/MIME mail client vulnerbilities

To make it clear: There is no problem with #GPG, #PGP.
Nobody can read your encrypted emails in transit.
There is a problem with the your #mailclient the way it handles this emails!

The email clients are responsible to mitigate this (known) vulnerabilities.
You can see the problems with the mail clients in the graphic.
Here is the paper from the efail researchers.

Also see the answer of the GPG lead developer:

Here is how to mitigate the problem with #GPG emails in #Thunderbird:
Deactivate loading external content in the #Thunderbird settings „Privacy“ tab to disallow remote content in messages. Also choose 'View' > 'Message Body as' > 'Plain Text'.

There is currently no good solution for S/MIME. Don't use it if possible.

You can also consider using good and secure alternative messengers for communication, like Matrix, Wire, Threema or Signal.