shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.

Administered by:

Server stats:

259
active users

#gpg

1 post1 participant0 posts today
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://fosstodon.org/@whynothugo" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>whynothugo</span></a></span> interesting...</p><p>Maybe <span class="h-card" translate="no"><a href="https://social.nitrokey.com/@nitrokey" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>nitrokey</span></a></span> can hint at things...</p><p>As for <a href="https://infosec.space/tags/GPG" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GPG</span></a> backups, frontends like <a href="https://infosec.space/tags/Kleopatra" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Kleopatra</span></a> allow exporting all the keys and settings.</p><ul><li>However you should only fiddle with the keyring of a user, never with a system and on some systems like <a href="https://infosec.space/tags/macOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>macOS</span></a> deleting the <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PGP</span></a> Keyring will brick the login for the user in question.</li></ul>
JayVii<p>Does anyone have experience with either <a href="https://social.jayvii.de/tags/Yubikey" class="hashtag" rel="nofollow noopener noreferrer" target="_blank">#Yubikey</a>, <a href="https://social.jayvii.de/tags/Nitrokey" class="hashtag" rel="nofollow noopener noreferrer" target="_blank">#Nitrokey</a> or any other hardware security token for both <a href="https://social.jayvii.de/tags/MFA" class="hashtag" rel="nofollow noopener noreferrer" target="_blank">#MFA</a>/<a href="https://social.jayvii.de/tags/2FA" class="hashtag" rel="nofollow noopener noreferrer" target="_blank">#2FA</a> as well as <a href="https://social.jayvii.de/tags/encryption" class="hashtag" rel="nofollow noopener noreferrer" target="_blank">#encryption</a> via <a href="https://social.jayvii.de/tags/PGP" class="hashtag" rel="nofollow noopener noreferrer" target="_blank">#PGP</a>/<a href="https://social.jayvii.de/tags/GPG" class="hashtag" rel="nofollow noopener noreferrer" target="_blank">#GPG</a> or <a href="https://social.jayvii.de/tags/SMIME" class="hashtag" rel="nofollow noopener noreferrer" target="_blank">#SMIME</a>?</p><p>In particular, I am looking at the <a href="https://shop.nitrokey.com/de/shop/nk3an-nitrokey-3a-nfc-147?search=nitrokey+3#attr=" rel="nofollow noopener noreferrer" target="_blank">Nitrokey 3A NFC</a>. As far as I can tell, Yubico only sells <a href="https://social.jayvii.de/tags/MFA" class="hashtag" rel="nofollow noopener noreferrer" target="_blank">#MFA</a> tokens(?), unless the <a href="https://www.yubico.com/de/product/yubikey-5-fips-series/yubikey-5-nfc-fips/" rel="nofollow noopener noreferrer" target="_blank">YubiKey 5 FIPS Series</a> can hold encryption keys as well?</p><p>Both price and open hardware aspect definitely speak for Nitrokey, but I do not know anyone who owns such a token... Anyone who I can talk to?</p>
Dimly Lit Corners<p>The PGP Problem </p><p><a href="https://www.latacora.com/blog/2019/07/16/the-pgp-problem/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">latacora.com/blog/2019/07/16/t</span><span class="invisible">he-pgp-problem/</span></a></p><p><a href="https://fosstodon.org/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenPGP</span></a> <a href="https://fosstodon.org/tags/GnuPG" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GnuPG</span></a> <a href="https://fosstodon.org/tags/PGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PGP</span></a> <a href="https://fosstodon.org/tags/GPG" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GPG</span></a> <a href="https://fosstodon.org/tags/PublicKey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PublicKey</span></a> <a href="https://fosstodon.org/tags/Email" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Email</span></a> </p><p><a href="https://fosstodon.org/tags/AgeEncryption" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AgeEncryption</span></a> <a href="https://age-encryption.org" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">age-encryption.org</span><span class="invisible"></span></a><br><a href="https://fosstodon.org/tags/Minisign" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Minisign</span></a> <a href="https://jedisct1.github.io/minisign/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">jedisct1.github.io/minisign/</span><span class="invisible"></span></a></p><p><a href="https://fosstodon.org/tags/AgePublicKey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AgePublicKey</span></a> <br>age1s3n5ehvm8h3xjkc985hzjznw9cv0lk9ezj5heyy4m7l654rkzslq07ylps</p><p><a href="https://fosstodon.org/tags/MinisignPublicKey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MinisignPublicKey</span></a><br>RWRK8XFYuCHjYX1J/7cKCUy6eQKNYVAurb/70Q6pK8kjGHALVORZGJ+o</p>
`Da Elf<p>Interesting.</p><p>Collabora CODE server won't install on Alma Linux 9 ... beeecauuuse their Repo gpg key is using a SHA1 hash and Alma 9 says Nuh-Uh.</p><p>*Blink *Blink</p><p>Now I can set the policy to use SHA1 if I want to, aaaand I don't really want to.</p><p>THey're going to make me run this in a docker, aren't they.</p><p><a href="https://mstdn.social/tags/CollaboraOfficeOnline" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CollaboraOfficeOnline</span></a> <a href="https://mstdn.social/tags/AlmaLinux9" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AlmaLinux9</span></a> <a href="https://mstdn.social/tags/GPG" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GPG</span></a> <a href="https://mstdn.social/tags/SHA1" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SHA1</span></a> <a href="https://mstdn.social/tags/OMGWTF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OMGWTF</span></a> <a href="https://mstdn.social/tags/SysAdmin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SysAdmin</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://blah.rako.space/users/rakoo" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>rakoo</span></a></span> <span class="h-card" translate="no"><a href="https://fedicy.us.to/cy" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>cy</span></a></span> yeah, tho <span class="h-card" translate="no"><a href="https://mastodon.online/@thunderbird" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>thunderbird</span></a></span> nowadays has <a href="https://infosec.space/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenPGP</span></a> / <a href="https://infosec.space/tags/GPG" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GPG</span></a> - support built in ( <a href="https://infosec.space/tags/Enigmail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Enigmail</span></a> ) and that just works.</p><ul><li><p>But <span class="h-card" translate="no"><a href="https://chaos.social/@delta" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>delta</span></a></span> / <a href="https://infosec.space/tags/deltaChat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>deltaChat</span></a> does make things way easier for <em>"<a href="https://infosec.space/tags/TechIlliterate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechIlliterate</span></a> <a href="https://infosec.space/tags/Normies" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Normies</span></a>"</em> and provides them with a familiar <a href="https://infosec.space/tags/UI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UI</span></a> &amp; <a href="https://infosec.space/tags/UX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UX</span></a> from other <a href="https://infosec.space/tags/Messengers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Messengers</span></a> whilst also not requiring <em>"yet another <a href="https://infosec.space/tags/server" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>server</span></a> / <a href="https://infosec.space/tags/service" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>service</span></a>"</em> to be spun up, which is a major <em>no-no</em> in many organizations, espechally <a href="https://infosec.space/tags/businesses" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>businesses</span></a>. </p></li><li><p>Whereas DeltaChat using <a href="https://infosec.space/tags/eMail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>eMail</span></a> as it's backbone infrastructure works fine, and that is an important point for it like <a href="https://infosec.space/tags/business" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>business</span></a> use [i.e. <a href="https://infosec.space/tags/Germany" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Germany</span></a>] where all business communications have to be archived for at least 10 years for <em>tax auditability reasons</em>, and the whole <a href="https://infosec.space/tags/MailArchival" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MailArchival</span></a> issue has been "solved" by multiple providers and solutions so it makes sense to just do a <code>+chat</code> suffix, filter said messages and have them in the same <a href="https://infosec.space/tags/inbox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>inbox</span></a> as all other eMails. </p></li></ul><p>I just wished <a href="https://infosec.space/tags/Thunderbird" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Thunderbird</span></a> would also support displaying such chats similar to deltaChat to provide a <a href="https://infosec.space/tags/unified" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>unified</span></a> experience across platforms...</p>
Seth Larson<p>Python 3.14 beta is now available, and there is no GPG signatures per PEP 751. Please test your verification of Python artifacts using Sigstore :)</p><p><a href="https://fosstodon.org/tags/python" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>python</span></a> <a href="https://fosstodon.org/tags/gpg" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>gpg</span></a> <a href="https://fosstodon.org/tags/sigstore" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sigstore</span></a> <a href="https://fosstodon.org/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://fosstodon.org/tags/oss" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>oss</span></a> <a href="https://fosstodon.org/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>opensource</span></a></p><p><a href="https://peps.python.org/pep-0761/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">peps.python.org/pep-0761/</span><span class="invisible"></span></a></p>
Tommi 🤯<p>I am moving away from <a href="https://pan.rent/tags/ProtonMail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ProtonMail</span></a> and my main reservation about switching to another provider is that when I don’t use end-to-end encryption (e2ee) my emails would be stored unencrypted in its server, whereas Proton Mail stores all emails with no-access encryption.</p><p>I really don’t want sensitive emails that I receive without PGP encryption (medical info, personal government communications…) to be stored without any sort of server-side encryption.</p><p>So I’m wondering if it exist some tool that encrypts emails saved in a mailserver even when they are not end-to-end encrypted. Something like <span class="h-card" translate="no"><a href="https://mastodon.online/@cryptomator" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>cryptomator</span></a></span>, but for emails.</p><p>Thoughts? Tips?</p><p>(<span class="h-card" translate="no"><a href="https://mastodon.online/@thunderbird" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>thunderbird</span></a></span> is the main client I would be using)</p><p><strong>Edit</strong>: someone suggested Posteo, but I have to use my own custom domain, and Posteo does not allow it.</p><p><a href="https://pan.rent/tags/Proton" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Proton</span></a> <a href="https://pan.rent/tags/PGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PGP</span></a> <a href="https://pan.rent/tags/GPG" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GPG</span></a> <a href="https://pan.rent/tags/e2ee" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>e2ee</span></a> <a href="https://pan.rent/tags/encryption" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>encryption</span></a> <a href="https://pan.rent/tags/mail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mail</span></a> <a href="https://pan.rent/tags/email" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>email</span></a> <a href="https://pan.rent/tags/Cryptomator" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cryptomator</span></a> <a href="https://pan.rent/tags/Thunderbird" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Thunderbird</span></a></p>
Preston Maness ☭<p><span class="h-card" translate="no"><a href="https://mastodon.ml/@Xeniax" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Xeniax</span></a></span> Totally nerdsniped :D I'd love to be a part of the study.</p><p>I don't think that <a href="https://tenforward.social/tags/KeyServers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>KeyServers</span></a> are dead. I think they evolved into Verifying Key Servers (VKS), like the one run by a few folks from the OpenPGP ecosystem at <a href="https://keys.openpgp.org/about" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">keys.openpgp.org/about</span><span class="invisible"></span></a> . More generally, I believe that <a href="https://tenforward.social/tags/PGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PGP</span></a> / <a href="https://tenforward.social/tags/GPG" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GPG</span></a> / <a href="https://tenforward.social/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenPGP</span></a> retains important use-cases where accountability is prioritized, as contrasted with ecosystems (like <a href="https://tenforward.social/tags/Matrix" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Matrix</span></a>, <a href="https://tenforward.social/tags/SignalMessenger" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SignalMessenger</span></a>) where deniability (and Perfect Forward Secrecy generally) is prioritized. Further, PGP can still serve to bootstrap those other ecosystems by way of signature notations (see the <a href="https://tenforward.social/tags/KeyOxide" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>KeyOxide</span></a> project).</p><p>Ultimately, the needs of asynchronous and synchronous cryptographic systems are, at certain design points, mutually exclusive (in my amateur estimation, anyway). I don't think that implies that email encryption is somehow a dead-end or pointless. Email merely, by virtue of being an asynchronous protocol, cannot meaningfully offer PFS (or can it? Some smart people over at crypto.stackexchange.com seem to think there might be papers floating around that can get at it: <a href="https://crypto.stackexchange.com/questions/9268/is-asynchronous-perfect-forward-secrecy-possible" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">crypto.stackexchange.com/quest</span><span class="invisible">ions/9268/is-asynchronous-perfect-forward-secrecy-possible</span></a>).</p><p>To me, the killer feature of PGP is actually not encryption per se. It's certification, signatures, and authentication/authorization. I'm more concerned with "so-and-so definitely said/attested to this" than "i need to keep what so-and-so said strictly private/confidential forever and ever." What smaller countries like Croatia have done with <a href="https://tenforward.social/tags/PKI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PKI</span></a> leaves me green with envy.</p>
Nonilex<p>“Unless you are using <a href="https://masto.ai/tags/GPG" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GPG</span></a>, email is not end-to-end encrypted, &amp; the contents of a message can be intercepted &amp; read at many points, including on Google’s email servers,” said Eva Galperin, director of <a href="https://masto.ai/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> at the Electronic Frontier Foundation.<br>
<a href="https://masto.ai/tags/NationalSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NationalSecurity</span></a> experts have expressed alarm over the <a href="https://masto.ai/tags/Trump" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Trump</span></a> admin’s denial that the leaked <a href="https://masto.ai/tags/Signal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Signal</span></a> chat contained <a href="https://masto.ai/tags/classified" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>classified</span></a> information.</p><p><a href="https://masto.ai/tags/Gmail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Gmail</span></a> <a href="https://masto.ai/tags/Signalgate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Signalgate</span></a> <a href="https://masto.ai/tags/Signal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Signal</span></a> <a href="https://masto.ai/tags/OpSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpSec</span></a> <a href="https://masto.ai/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://masto.ai/tags/military" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>military</span></a> <a href="https://masto.ai/tags/idiocracy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>idiocracy</span></a> <a href="https://masto.ai/tags/kakistocracy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>kakistocracy</span></a></p>
Austin Huang ❤️<p>To those still concerned with <a href="https://mstdn.party/tags/Proton" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Proton</span></a> <a href="https://mstdn.party/tags/ProtonMail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ProtonMail</span></a>: I've been trying out Lacre (<a href="https://lacre.io" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">lacre.io</span><span class="invisible"></span></a>), which encrypts incoming <a href="https://mstdn.party/tags/email" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>email</span></a> with your <a href="https://mstdn.party/tags/GPG" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GPG</span></a> key, on <a href="https://mstdn.party/tags/Disroot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Disroot</span></a>. So far it has worked fairly well! If you have an account with them, see <a href="https://disroot.org/en/blog/disnews-24.11" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">disroot.org/en/blog/disnews-24</span><span class="invisible">.11</span></a> for enrollment, though the admin had a backlog when I requested it... And if you don't, consider trying it out! (Custom domains are available: <a href="https://disroot.org/en/perks" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">disroot.org/en/perks</span><span class="invisible"></span></a>, which I have for my main email right now.)</p>
Nayab Sayed<p>I've created a guide on <a href="https://mastodon.social/tags/PGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PGP</span></a> keys, covering generation, integration with <a href="https://mastodon.social/tags/Git" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Git</span></a>, backup, and restoration of PGP keys. Check it out using the following link:</p><p><a href="https://www.nayab.dev/opensource/tools/pgp-guide.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">nayab.dev/opensource/tools/pgp</span><span class="invisible">-guide.html</span></a></p><p><a href="https://mastodon.social/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> <a href="https://mastodon.social/tags/PGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PGP</span></a> <a href="https://mastodon.social/tags/GPG" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GPG</span></a> <a href="https://mastodon.social/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSource</span></a> <a href="https://mastodon.social/tags/Linuxtools" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linuxtools</span></a></p>
Preston Maness ☭<p><a href="https://tenforward.social/tags/gpg" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>gpg</span></a> key expirations have been updated for another two-year bump. I also removed <a href="https://tenforward.social/tags/twitter" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>twitter</span></a> / X signature notation (I've deleted my account there), and added a bunch of other signature notations for other places I am online. It's making my <a href="https://tenforward.social/tags/keyoxide" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>keyoxide</span></a> page look dirty, but I intend to try and add support for as many of these as possible in the next few months.</p><p>Also, I updated my <a href="https://tenforward.social/tags/tails" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tails</span></a> <a href="https://tenforward.social/tags/TailsOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TailsOS</span></a> installation while I was at it. I do most of my GPG key work from that environment.</p><p><a href="https://tenforward.social/tags/pgp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pgp</span></a> <a href="https://tenforward.social/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenPGP</span></a></p>
Replied in thread

@Natanox @djvdq I do agree in that regard as in that a lot of #FLOSS doesn't do good #UI & #UX but I've yet to see an issue that wasn't already covered well-enough (even for #GnuPG / #GPG there's #Kleopatra as a nice #GUI!) to the point that even on #Windows or #macOS you'd have to use a #CLI tool for that...

In fact, they don't give a s**t about tje underlying OS. Most don't even care if they use #Firefox or #Chrome and #Google or #DuckDuckGo.

  • All they want is get shit done! And these.folks are eadily helped with a hands-on on a good #Linux dostro and maybe preinstalling some #RemoteSupport tool like #Dayon where one can help them if there ever was a need to do anything...

Holy shit is verifying a file through GPG a pain in the ass on Windows. Turns out the problem I was running into is the asc file for the main download was coming out as a txt file. When I finally tried the Github version, it downloaded as an asc and it worked no problem.

Fuck though.

That took like, an hour.

Replied to Andrew Helwer

@ahelwer I've been using smartcards for about a decade now. Works well enough for keeping three 4096-bit RSA subkeys around on a more-secure-than-not environment. But rather than have the card generate the private keys, I generated the private keys on an airgapped machine, and keep encrypted copies elsewhere (USB drives) for when I needed to change smart cards, which has happened once so far.

The only sane way to manage GPG keys these days is to get a hardware crypto wallet (the industry's only arguably positive contribution to the world) right? So you can back up the private key seed and restore it if the wallet hardware is destroyed and then the private key is kept in a separate secure element instead of in a file on your computer. Otherwise whenever I get an email encrypted with PGP (like once every few years) I can't decrypt it because the private key is long gone since I didn't back it up anywhere. Any better ideas?