There was a bug in an OpenPGP library which finally gave us an excuse to tear encrypted email via PGP to shreds. Our special guest William Woodruff joined us to help explain the vuln and indulge our gnashing of teeth on why email was never meant to be encrypted and how other modern tools do the job much, much better. Watch on YouTube: https://www.youtube.com/watch?v=IoL3LfIozJo Links: William Woodruff: https://yossarian.net/ https://www.latacora.com/blog/2020/02/19/stop-using-encrypted/https:...| Security Cryptography Whatever
I held a talk at CoSin 2024 titled «Propagation of OpenPGP Keys using WKD, WKS and DANE».| s3lph made
Vortrag: «Verbreitung von OpenPGP-Keys mit WKD, WKS und DANE» 2024-06-29, 00:00 de en Talks Vorträge OpenPGP WKD WKS DANE DNSSEC Ich habe auf der CoSin 2024 einen Vortrag mit dem Titel «Verbreitung von OpenPGP-Keys mit WKD, WKS und DANE» gehalten. Die Folien sind im Konferenzarchiv verfügbar:…| s3lph.me
Let’s reflect on some of my recent work that started with understanding Trisquel GNU/Linux, improving transparency into apt-archives, working on reproducible builds of Trisquel, strengthening verification of apt-archives with Sigstore, and finally thinking about security device threat models. A theme Continue reading How To Trust A Machine→| Simon Josefsson's blog
I’d like to describe and discuss a threat model for computational devices. This is generic but we will narrow it down to security-related devices. For example, portable hardware dongles used for OpenPGP/OpenSSH keys, FIDO/U2F, OATH HOTP/TOTP, PIV, payment cards, wallets Continue reading A Security Device Threat Model: The Substitution Attack→| Simon Josefsson's blog
The Debian operating system is what I have been using on my main computer for what is probably around 20 years. I am now in the process of installing the hopefully soon released Debian 11 “bullseye” on my Lenovo X201 Continue reading OpenPGP smartcard with GNOME on Debian 11 Bullseye→| Simon Josefsson's blog
Debian buster is almost released, and today I celebrate midsummer by installing (a pre-release) of it on my Lenovo X201 laptop. Everything went smooth, except for the usual issues with smartcards under GNOME. I use a FST-01G running Gnuk, but Continue reading OpenPGP smartcard under GNOME on Debian 10 Buster→| Simon Josefsson's blog
The FST-01G device that you order from the FSF shop runs NeuG. To be able to use the device as a OpenPGP smartcard, you need to install Gnuk. While Niibe covers this on his tutorial, I found the steps a Continue reading Installing Gnuk on FST-01G running NeuG→| Simon Josefsson's blog
I have created a new OpenPGP key and will be transitioning away from my old key. If you have signed my old key, I would appreciate signatures on my new key as well. I have created a transition statement that Continue reading OpenPGP 2019 Key Transition Statement→| Simon Josefsson's blog
I’m the process of migrating to a new OpenPGP key. I have been using GnuPG with keys stored on external hardware (smartcards) for a long time, and I’m firmly committed to that choice. Algorithm wise, RSA was the best choice Continue reading Planning for a new OpenPGP key→| Simon Josefsson's blog
Back in early 2012 I had been helping with system administration of a number of Debian/Ubuntu-based machines, and the odd Solaris machine, for a couple of years at $DAYJOB. We had a combination of hand-written scripts, documentation notes that we Continue reading Cosmos – A Simple Configuration Management System→| Simon Josefsson's blog
If you manage a bunch of server machines, you will undoubtedly have run into the following OpenSSH question: The authenticity of host 'host.example.org (1.2.3.4)' can't be established. RSA key fingerprint is 1b:9b:b8:5e:74:b1:31:19:35:48:48:ba:7d:d0:01:f5. Are you sure you want to continue connecting Continue reading SSH Host Certificates with YubiKey NEO→| Simon Josefsson's blog
After I moved to a new OpenPGP key (see key transition statement) I have received comments about the short life length of my new key. When I created the key (see my GnuPG setup) I set it to expire after Continue reading The Case for Short OpenPGP Key Validity Periods→| Simon Josefsson's blog
I have moved to a new OpenPGP key. There are many tutorials and blog posts on GnuPG key generation around, but none of them matched exactly the setup I wanted to have. So I wrote down the steps I took, Continue reading Offline GnuPG Master Key and Subkeys on YubiKey NEO Smartcard→| Simon Josefsson's blog
I have created a new OpenPGP key 54265e8c and will be transitioning away from my old key. If you have signed my old key, I would appreciate signatures on my new key as well. I have created a transition statement Continue reading OpenPGP Key Transition Statement→| Simon Josefsson's blog
I’m in the process of moving to a new OpenPGP key, and I want to include a small JPEG image of myself in it. The OpenPGP specification describes, in section 5.12.1 of RFC 4880, how an OpenPGP packet can contain Continue reading Creating a small JPEG photo for your OpenPGP key→| Simon Josefsson's blog
I have several backup servers that run the excellent rsnapshot software, which uses Secure Shell (SSH) for remote access. The SSH private key of the backup server can be a weak link in the overall security. To see how it Continue reading Unattended SSH with Smartcard→| Simon Josefsson's blog
In the digital age where privacy and data protection are paramount, we continually strive to enhance the security features offered by Stalwart Mail Server. Today, we're thrilled to announce our latest upgrade – Encryption at Rest!| stalw.art
I was not able to describe SOS itself accurately in ECC in OpenPGP by SOS.| www.gniibe.org
In this article, I try to explain a specific way to improve current| www.gniibe.org
In this bug report, I describe how we can improve OpenPGP| www.gniibe.org