Replacing my 2019 Yubico YubiKey 5 NFC and 5Ci with YubiKey 5C NFC variants. This time with a custom #YubiStyle

The Double Rainbow variant will be my daily driver. The Red key will serve as the backup key in case the rainbow variant breaks.

Now migrating all services from my old keys to the new keys. Lucky for me, I have documented all uses of my old keys.

#security #yubikey #otp #openpgp #fido

Thunderbird 146 è arrivato con un'importante novità: una nuova interfaccia grafica per configurare i keyserver OpenPGP. Trovare e gestire le chiavi pubbliche non sarà più un incubo. Metti al sicuro le tue comunicazioni con maggiore facilità!
#Thunderbird #OpenPGP #Crittografia #EmailSicura #Privacy

https://www.linuxeasy.org/thunderbird-146-rilasciato-con-interfaccia-grafica-semplificata-per-i-keyserver-openpgp/?utm_source=mastodon&utm_medium=jetpack_social

Thunderbird 146: OpenPGP Configuration and AES Migration

Starting with Thunderbird 146, the OpenPGP keyserver can be configured in the user interface. Additionally, the new version migrates logins to AES encryption.

https://www.heise.de/en/news/Thunderbird-146-OpenPGP-Configuration-and-AES-Migration-11110212.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#EMail #IT #MicrosoftExchange #MozillaThunderbird #OpenSource #OpenPGP #Verschlüsselung #news

Thunderbird 146: OpenPGP-Konfiguration und AES-Migration

Ab Thunderbird 146 lässt sich der OpenPGP-Keyserver in der Nutzeroberfläche konfigurieren. Außerdem migriert die neue Version Logins auf AES-Verschlüsselung.

https://www.heise.de/news/Thunderbird-146-OpenPGP-Konfiguration-und-AES-Migration-11110028.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#EMail #IT #MicrosoftExchange #MozillaThunderbird #OpenSource #OpenPGP #Verschlüsselung #news

Wenn nun evt. @thunderbird sicherer ist als andere #EMail Clients?! (rethorisch)

»#Thunderbird — OpenPGP-Konfiguration und diverse Fehlerbehebungen:
Wer den freien #Mail'er nutzt, findet nach dem #Update eine Neuerung in den Einstellungen vor, denn der bevorzugte #OpenPGP-Keyserver lässt sich nun direkt über die Benutzeroberfläche konfigurieren. Zudem haben die Macher an der Sicherheit geschraubt und migrieren bestehende #Login's auf eine modernere #AES-Kryptografie.«

📧 https://stadt-bremerhaven.de/thunderbird-146-0-openpgp-konfiguration-und-diverse-fehlerbehebungen/

Dự án email tự-host trung tâm mã hóa người dùng: Tải lên khóa OpenPGP công khai, mã hóa toàn bộ dữ liệu tại nơi lưu trữ (kể cả mail từ Gmail/Outlook), không truy cập riêng tư. Bảo mật đầu cuối với DNSSEC, DANE/TLSA, MTA-STS, TLS-RPT, AES-256. Tương thích IMAP/SMTP. "Zero-knowledge" tuyệt đối. Cần ý kiến: Liệu có thể xây dựng hệ thống bảo mật vượt Proton/Tuta? #security #email #OpenPGP #networking #tựmãhoá #tựchủ

https://www.reddit.com/r/selfhosted/comments/1pi54l7/can_an_email_service_be_more_t

Given the silent death of #openkeychain (https://github.com/open-keychain/open-keychain/discussions/2970): is Anyone aware of a healthy fork or alternative #openpgp #pgp manager for #android / #grapheneos ? I’d rather use a single application (with token support, e.g. #nitrokey @nitrokey ) to handle things than having each and every application do so seperately (as the openkeychain devs seem to prefer now)

#openpgp ＞Keyserver Updates and Roadmap, December 2025 | blog.pgpkeys.eu blog.pgpkeys.eu/keyserver-r...

#openpgp
＞Keyserver Updates and Roadmap, December 2025 | blog.pgpkeys.eu https://blog.pgpkeys.eu/keyserver-roadmap-2025-12.html

New Blog: #Keyserver Updates and Roadmap, December 2025

...

About half of the public #Hockeypuck keyservers have been upgraded to the 2.3 branch (as of 2025-12-08), including the pgpkeys.eu servers. A small number remain on 2.1 for compatibility reasons, but the remaining issues preventing upgrade of these 2.1 servers will be addressed in an upcoming 2.3.x release.

...

While HKPv2 and RFC9580 support are the current priorities, further improvements are planned for delivery in 2026 and 2027. These include:

* Allowing #OpenPGP key owners to explicitly restrict the distribution of third-party signatures over their User IDs, to prevent signature flooding.
* Out of band email proofs of User ID validity, to mitigate spam and impersonation.
* A fully-featured management API to better handle deletion and blocklisting of incorrect or spammy keys.
* Native rate limiting and tor exit node abuse detection.
* Detection (and potential removal) of keys with known vulnerabilities or weaknesses.
* Improvements to the dump and restore process to allow a running server to be backed up without a restart.

https://blog.pgpkeys.eu/keyserver-roadmap-2025-12.html

#infosec #cryptography #pgp

Im 2. Teil zeige ich wie man mit #GnuPG #OpenPGP Schlüssel offline erstellt und auf beliebig viele #Smartcard Token wie #Yubikey oder #Nitrokey verschiebt.
Damit ist auch ein #Backup der geheimen Schlüssel möglich

https://cryptomancer.de/posts/20251208-openpgp-mehrere-smartcards/

Ich habe eine kurze bebilderte Anleitung geschrieben wie man mit #Kleopatra und #GnuPG #OpenPGP Schlüssel direkt auf #Smartcards wie #Yubikey #Token2 oder #Nitrokey erstellt

https://cryptomancer.de/posts/20251207-openpgp-smartcards/

@atoponce Isn't inline #PGP signing discouraged these days[1]? Also, PGP hides signatures for encrypted emails. So I wonder if whatever was generating the statistic was counting MIME signatures and encrypted emails...

[1] https://dkg.fifthhorseman.net/notes/inline-pgp-harmful/

#openpgp

Es ist mal wieder Zeit für Schmerzen mit #Telekom:

Ein zugegeben sehr alter Forum Post im Forum der Deutschen Telekom. Aber da zeigt sich schon gut: Sicherheit wurde schon damals nicht zu Ende gedacht. #OpSecFailure

"Mein PGP-Schlüssel hat die Länge von 2048 bit. Es wird aber nur die Schlüssellänge von 1024 bit akzeptiert - damit funktioniert die Verschlüsselung."

Aber auch Ende 2025 scheint sich nicht viel verbessert zu haben: Für Privatkunden scheint es überhaupt keine Möglichkeit zu geben, den öffentlichen #OpenPGP key zu hinterlegen, um Rechnungen verschlüsselt per E-Mail zu erhalten. Ist vermutlich zu sicher?

😮‍💨 ich checks nicht 🤦

UPDATE: Gibbet nicht mehr ​:troll:​

We are pleased to announce the release of Hockeypuck 2.3.

Hockeypuck 2.3 is primarily a technical-debt release, but also adds features to ease the upgrade process in a production environment:

* Updates to the PostgreSQL table schemas
* Offline, in-place reload of all key material
* Online reindexing of table schemas
* PKS support

There are no breaking changes between the 2.2 and 2.3 branches, and SKS sync is supported between 2.2 and 2.3 peers.

Release notes can be found at https://github.com/hockeypuck/hockeypuck/releases/tag/2.3

Hockeypuck 2.3 development is kindly supported by @NGIZero Core

----

Hockeypuck is a modern synchronising #OpenPGP #keyserver that is optimised for ease of deployment, particularly in containerised environments via docker-compose.

https://hockeypuck.io
https://github.com/hockeypuck/hockeypuck

@DerEntspannende
#YubiKey is #unfree and restricts your #freedom . @nitrokey promotes and is #openSource / #openhardware and has #blackfriday & Saturday (November 28-29) a 10% discount on all products: https://www.nitrokey.com/news/2025/our-black-friday-special-%E2%80%93-10-discount-everything
#fido #openpgp #coreboot #grapheneos #nextcloud

Kennt jemand #kiteworks secure email?
https://www.kiteworks.com/platform/simple/secure-email/

#openPGP #sMIME #emailencryption

#OpenPGP-Tipp: Wenn man mit Organisationen/Behörden verschlüsselt kommunizieren will, kann das aktuelle #Thunderbird leider keine Empfänger mehr anschreiben, die nicht auf dem Key vermerkt sind.

Größere Organisationen nutzen aber üblicherweise einen Domänen-Key.

Wie man das in Thunderbird einrichtet, beschreibt dieser Blog-Eintrag sehr gut:

https://thomasheinz.net/openpgp-domainkeys-mit-thunderbird-nutzen/