Collaborate Disseminate
A security researcher has discovered a critical vulnerability in some of the world’s most popular and widely used email encryption clients that use OpenPGP standard and rely on GnuPG for encrypting and digitally signing messages.
The disclosure comes … Continue reading GnuPG Flaw in Encryption Tools Lets Attackers Spoof Anyone’s Signature
I am a little confused (as many others) about the concept of subkeys as related to the primary key. gpg by default (at least it seems on my system — using RSA), upon gpg –gen-key creates a masterkey and a subkey. The maste… Continue reading GPG masterkey and subkey for encryption and signature and default keys
I found Android has not a good gpg application. (I know OpenKeyChain, but it’s lost some important feature.) So I want to create a project.
Now, I open the gpg-connect-agent. But I’m not found any command to encrypt or decry… Continue reading Can I use gpg-agent to encrypt & decrypt a file?
The proposed method
Brief and simplified description of the attack:
Any and every single encrypted block B of the encrypted message can be surrounded by Trojan psuedo-encrypted data to give a multiblock encrypted message AB… Continue reading Will this method allow EFAIL-safe sending of OpenPGP encrypted messages to otherwise EFAIL-unsafe readers?
In OpenPGP, when encrypting with public key — is it possible to not include the RSA key id as plaintext in the metadata?
I need to encrypt messages, but I want it to be impossible to identity the receiver. Only the true rec… Continue reading In OpenPGP, when encrypting with public key — is it possible to not include the RSA key id?
The flaws threaten to expose corporate communications in Outlook as well as the messages of at-risk users like political dissidents. Continue reading EFAIL Opens Up Encrypted Email to Prying Eyes
With a heavy heart, security researchers have early released the details of a set of vulnerabilities discovered in email clients for two widely used email encryption standards—PGP and S/MIME—after someone leaked their paper on the Internet, which was a… Continue reading Here’s How eFail Attack Works Against PGP and S/MIME Encrypted Emails
There’s a lot of talk about EFAIL:
The EFAIL attacks exploit vulnerabilities in the OpenPGP and S/MIME standards to reveal the plaintext of encrypted emails. In a nutshell, EFAIL abuses active content of HTML emails, for … Continue reading What actions should I, as an end user, take in response to EFAIL?
I want to implement a filter in Thunderbird, which allows me to differently highlight (i.e. mark/tag) incoming emails which are encrypted using different public keys. Therefore, I wanted to check the email headers for differe… Continue reading Getting the public key from a PGP message
When a person A signs a PGP key whose uid is: “Max Anderson < max.anderson@example.com > “, so he is assuring that this key really belongs to the person whose name is Max Anderson and whose email address is max.anderson@example.com, so … Continue reading What identifies an entity in PGP?