Collaborate Disseminate
Cisco CVE-2019-1804 Some switches in Cisco’s 9000 series are susceptible to a remote vulnerability. It’s a bit odd to call it a vulnerability, actually, because the software is operating as intended. Cisco shipped out these switches with the same private key hardcoded in software for all root SSH logins. Anyone …read more
I saw this question about which out of those two protocols is more secure. The question was from 2016, but Efail was discovered late 2017. I understand that some email programs were affected while others were not, plaintext was somehow sne… Continue reading Were PGP/MIME and PGP/Inline equally affected by EFAIL?
I have the PGP public key of an entity I wish to E-mail, what is the best way that I should message this entity with their Public Key? And how would I go about messaging them?
I used my desktop to setup my GPG keys, added them to my Yubikey, and then removed them from my desktop so that when I am prompted for the key it asks me to use my Yubikey –instead of asking for a password.
On my laptop I h… Continue reading Import/Register GPG keys from a SmartCard/Yubi
I tried to use gpg –delete-secret-keys to delete some revoked subkeys but ended up accidentally deleting my primary key instead.
I was able to reproduce my mistake with the following commands:
$ gpg –batch –passphrase ” –quick-gener… Continue reading How do I delete secret subkeys correctly?
The instructions at https://tutorials.ubuntu.com/tutorial/tutorial-how-to-verify-ubuntu#3 suggest that you can download an ISO for installing an OS, along with the checksums and a signature. You then attempt to verify the si… Continue reading How can I trust a GPG key when I download it based on the fingerprint contained in the file I want to verify?
I’m trying to change the passphrase of my GPG’s secret key.
I actually changed it using seahorse (Also tried gpg –edit-keys and passwd, but when I tried to export my private key it asks me for two passphrase now (Both new … Continue reading How to correctly change the passphrase of GPG’s secret key?
Is it possible to sort of verify a PGP message?
Alice sends a PGP Encrypted message to Bob.
I know Alice and Bob’s public key, and I have their encrypted and plaintext message.
Can I confirm that the PGP Encrypted message… Continue reading Verifying PGP Messages
I’m currently looking for guidelines on sharing API tokens or Access tokens securely, for integrating a third-party application with my own. The two methods I’m currently thinking of are:
PGP: I could share our public key w… Continue reading What are the industry guidelines on sharing secrets like API or access token?
Suppose I want to use GnuPG on a GNU/Linux laptop where I’ve encrypted all filesystems (except /boot) with LUKS/dm-crypt. Backups are encrypted client-side and stored on a physically secure server. Given that my files are a… Continue reading I use full-disk encryption. Should I passphrase-encrypt my private key(s) anyway?