Collaborate Disseminate
I am a beginner in anything related to GPG and I have now read quite some stuff about it to get a better idea. I think i grasped most of the concepts by now.
I’ve worked out a GPG key strategy and i would like to hear your opinions and cri… Continue reading Approval of GPG key strategy
Imagine this scenario
A StackExchange user sends you a PGP-encrypted message
You decrypt the message and discover that you are being blackmailed
You report the message to the admins but they are unable to view the content
In this situati… Continue reading How can I prove the content of a PGP-encrypted message to a third party?
I consider WEB of trust as a failed initiative (search for SKS key poisoning mass occurred in 2019).
PGP is used to sign software in source (commits / tags in Git/Mercirual) & binary (compiled artifacts) forms.
Currently when I downloa… Continue reading Cross signing practice for PGP package signing keys?
I know there are some standards for transferring data securely such as HTTPS for web applications, or SPC & SFTP for secure file transfers.
Encrypting files using PGP is a way to encrypt files during emails transfers.
I want to add a l… Continue reading Standard for encrypt files before transfer them over internet
I’m attempting to establish a process for setting up a new GPG identity for myself and my threat model.
Much of it is following guides which I believe are still considered best practices:
https://github.com/drduh/YubiKey-Guide
https://bl… Continue reading Why does ECC not have an encrypt capability in GPG, but RSA does?
I guess I have halfway grasped the concepts of PGP, and I’ve halfway understood the concept of the Efail attack. However, I still don’t understand whether such attacks would be possible (and an MDC would be needed) even if all messages had… Continue reading Is there a use for an MDC even when all messages are signed?
With Thunderbird 78, a new PGP subsystem has been introduced which handles PGP keys internally. In previous versions, the add-on Enigmail has handled PGP-related stuff, by letting do GnuPG the work behind the scenes.
I currently know only … Continue reading How are the PGP keys that Thunderbird 78+ uses encrypted?
My PGP primary key is only used for certification—I use a separate subkey for signing. Like this:
sec rsa4096/0x891781D0EDC66456 … Continue reading Move signing subkey to authentication slot on YubiKey (OpenPGP card)?
Why isn’t there a defined protocol to retrieve PGP keys from a destination mail server? Or am I just not searching with the right parameters?
I imagine a quite simple process like other established processes (AutoDiscovery, etc.):
Sender … Continue reading Why isn’t there a protocol to exchange PGP keys?
I aim to backup my gnupg private key by writing it down on paper. The software paperkey seems to be promising, but one of its behaviors is unexpected.
I do the following
$ gpg –export-secret-keys –output secret.gpg "My Key Id"
… Continue reading paperkey generates different output every time [closed]