erAck : GnuPG / PGP

I prefer all private mail being encrypted.
My GnuPG public key's fingerprint (and from the keyserver) should read
```
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

pub   4096R/0x6A6CD5B765632D3A 2013-01-10
      Key fingerprint = 2265 D7F3 A7B0 95CC 3918  630B 6A6C D5B7 6563 2D3A

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCAAGBQJUu/MgAAoJEGps1bdlYy06nAQP/1+FObMYbH74D8EjxYdcAHiL
xq51FyjYg7E07m0yAbyGHB8rlytMRHbaQBe3vSy6YmkD4Oo95Kuda4qH4Nsra7Nu
QoZfM0NwePk2wgUtPdJAyStUFoqBoEOAuokEsFWR8k2sdVLVygj8crD93nQ3uDDF
F6uPsb28Khrpnzc5iI+8XZn679mcY9uJGHv4hrAyRJcbkbFAkzOcO++XMhhvA9hi
ulQ9K/A75MxM5RogJ5lUdvuppcXZhMlqdovaVWl2gfsUEQ89WpJ/GAexBLOBuyVm
Zy2RuQx7VtBUW3OLERiFyyldFsXT+IVsp9oMxt4HGv9lsItRm3cA+fg9mkeHrihV
J1F9qoqf9in4Oe6Xak88hLmWn4f9SLtKfDORkbKqBjVWr2YLpEWOtqZpTdAH6tj0
W/7brR0rVYL5MXiQM2dodpKhKVBHdJN8oXJx54MpCC4NeouN3wdqT9IUggKtrbtk
GZEm7HMB0QXC55+QtaNiOrTt7lkvJhYl+wfsKdiH4YwxmX5WitzSLtd920Y5PQO8
TEejodZKVaYX202GZY+qjyssrydo1qjrKMMERf0JP50hMbYsRFjtjCyLe5ZH8SYS
hY5tkWJCWBP/ope2jz2cDncPuHA5USPfhZeaq4aBRTDc5FhIWnrU2sMt0fjsd/VD
DtHrC47VNr9/RvHN0fRI
=M08i
-----END PGP SIGNATURE-----
```
If you already obtained my key you may verify the signed section above by feeding it to the gpg --verify command, for example via clipboard/stdin.

Note that for the key ID the 64 bit long format 0x6A6CD5B765632D3A produced by the --keyid-format 0xlong option is used, in your environment you may see the 32 bit short format 0x65632D3A produced by the implied default --keyid-format 0xshort that should be avoided.

This key can also be retrieved automatically by Web Key Directory (WKD, see below) supporting email clients for the @erack.de email addresses, note however that due to size (as a user wants a fast download for writing a mail) those WKD keys are exported minimalized without all external signatures (gpg --export --export-options export-minimal ...).

The key is also available from the new (since 2019-06-12) keys.openpgp.org keyserver that verifies email addresses associated with uids before publishing them.

The key replaces my previous key 0x2F1AD073293C05FD (0x293C05FD)
If you are interested in details of the key transition please see the document key-transition-2013-01-10.txt.asc that is signed with both keys.
My Keyoxide profile and keyoxide-blue (fully client-side, experimental, may or may not work).
My Keybase.io account and index.
verbose index for my GnuPG key (and for my previous GnuPG key and my ancient PGP RSA key)
Warning: someone "funny" uploaded a key 0xEF283C2E0EC89145 (0x0EC89145)
```
fingerprint = 9499 D4CE BD6C FA60 46A0  4F4D EF28 3C2E 0EC8 9145
```
to the servers that is not my key. Encrypting to that key will enable someone else to read the message. I won't be able to decrypt anything encrypted to that key, nor is anything signed by that key written by me!
The same for key 0x4B4B8E1CDA620A55 (0xDA620A55)
```
fingerprint = 9B59 602A 758D F7E4 E5FF  B67C 4B4B 8E1C DA62 0A55
```
which is a fake of my ancient 0x79168F91DA620A55 key.
Lookup key at pgp.surfnet.nl: Index: Verbose Index:
Search String:
Show PGP "fingerprints" for keys
Only return exact matches
Lookup key at keyserver.ubuntu.com: Search String:
Show PGP "fingerprints" for keys
Show SKS full-key hashes

get regular index of matching keys
get verbose index of matching keys
retrieve ascii-armored keys
retrieve keys by full-key hash (e.g. 2B0F067E28F59127D44B557B5435485A )

If you don't have an OpenPGP capable mail user agent, you may encrypt a message to my key using tencrypt that runs in your browser, if you trust it enough. You'd have to copy the result and paste it into your mail's body (or wherever).

The Essential Collection

GnuPG (The GNU Privacy Guard)

GnuPG is a complete and free replacement for PGP. Because it does not use the patented IDEA algorithm, it can be used without any restrictions. GnuPG is a RFC2440 (OpenPGP) compliant application.

p≡p - pretty Easy privacy

p≡p Makes your e-mail secure and private by default.
OpenPGP with Adapters, currently (2017-03-09) on Android with K-9 mailer.
Also on F-Droid as security.pEp

OpenPGP Best Practices - help.riseup.net

OpenPGP: optimales Vorgehen - riseup.net

Email Self-Defense - a guide to fighting surveillance with GnuPG encryption

Evil 32: Check Your GPG Fingerprints

Stop using 32bit key ids. It takes 4 seconds to generate a colliding 32bit key id on a GPU (using scallion). Key servers do little verification of uploaded keys and allow keys with colliding 32bit ids. Further, GPG uses 32bit key ids throughout its interface and does not warn you when an operation might apply to multiple keys.

The GNU Privacy Handbook

Das GNU-Handbuch zum Schutze der Privatsphäre

Verschlüsselte E-Mails mit GnuPG als Supergrundrecht ⋆ Kuketz IT-Security Blog

Frontends - GnuPG.org

Lists of software with support for GnuPG. GUI frontends, MUA frontends, chat programs, network related, frontends for scripting, for *nix platform, for Windows platform, for Mac platform.

PGP jetzt! | -=daMax=-

Links fuer Thunderbird, Apple Mail, Android, iPhone

OpenPGP in Thunderbird - HOWTO and FAQ | Thunderbird Help

Crypto für alle – Förderung der Verbreitung von Kryptografie

GPG Suite

GPGTools, OpenPGP Tools for macOS 10.9 or newer
Everything you need to get started with secure communication and encrypting files in one simple package.

Gpg4win - EMail-Security using GnuPG for Windows

Gpg4win is an installer package for Windows with computer programs and handbooks for EMail and file encryption. GnuPG, Kleopatra, GpgOL, GpgEX, GPA, Gpg4win Compendium. Complete support for OpenPGP/MIME in MS Outlook 2010/2013/2016 (32 and 64bit).
Gpg4win - Sichere E-Mail- und Datei-Verschlüsselung mit GnuPG für Windows auch in Deutsch.
Free Software.

gpg4o® - E-Mailverschlüsselung in Outlook › Giegerich & Partner GmbH

GPG für Microsoft® Outlook 2010/2013/2016 auf Windows 7® bis Windows 10®, also in English.
Not free but said to be usable. Free as in beer for private use.

Free OpenPGP add-in for Microsoft Outlook e-mail encryption. (encryptomatic.com)

Free as in beer for Personal Use, Non-Profit Organizations, Activists and Journalists.

Blog · OpenKeychain

OpenKeychain for Android helps you communicate more privately and securely, compatible with the OpenPGP standard.

GitHub - firstlookmedia/gpgsync: GPG Sync is designed to let users always have up-to-date public keys for other members of their organization

Keylist RFC: Distributing OpenPGP Keys with Signed Keylist Subscriptions (archive.org)

GPG Sync. How they use PGP in an organization of 200 people, and are turning their lessons into an Internet standard.

GnuPG Anleitung - Raven Wiki

Die GnuPG Anleitung schlechthin. Geht auch ausfuehrlich auf grafische shells / GUIs ein. Kai Raven meinte in seinem Vorwort zur GnuPG Anleitung sehr richtig:
Mit der Version 3.2 der Deutschen GnuPG Anleitung, die nun schon seit vier Jahren erscheint und der Veröffentlichung von GnuPG 1.4.1 wird gleichzeitig die weitere Pflege der Deutschen PGP Anleitung eingestellt.
Ich denke, GnuPG hat mittlerweile einen ausreichenden Reifeprozess durchgemacht, so breite Verwendung gefunden und durch die Integration in zahlreiche E-Mail und Instant Messaging Programme, genauso wie durch die grafischen Benutzeroberflächen so viel an Benutzerfreundlichkeit gewonnen, dass es für keinen Nutzer des Internets mehr nötig ist, PGP einzusetzen.

GnuPG - ArchWiki

Quite good overview of GnuPG command line usage, configuration, key management and gpg-agent; archlinux wiki

Kernel Maintainer PGP guide — The Linux Kernel documentation

Loads of good procedures to handle PGP keys.

How To OpenPGP (apache.org)

How To Transition To A Longer Key (apache.org)

Weblog for dkg - HOWTO prep for migration off of SHA-1 in OpenPGP (archive.org)

Creating newer ECC keys for GnuPG

ed25519/cv25519 Curve25519.
Quite old (2015) description, ignore everything building and installing and /usr/local and the export LD_LIBRARY_PATH=/usr/local/lib and gpg-connect-agent KILLAGENT /bye part that is unnecessary with any recent enough installation (or even dangerous).
Details of the session log may differ of course.

elliptic curves - Why is Curve25519 in the GPG “expert” options? - Cryptography Stack Exchange

generate ed25519 ssh and gpg/pgp keys and set file permissions for ssh keys and config · GitHub

A collection of shell scripts.

Creating the perfect GPG keypair - Alex Cabal

For those concerned rightly about carrying around the master key on their laptop, this is the subkey solution.

Protecting your private master key in GnuPG 2.1 and later — Rudd-O.com in English

Subkeys - Debian Wiki

GPG subkeys - Elena ``of Valhalla'' Homepage

Connexer Ltd. | Improve the Security of Your OpenPGP Key by Using Subkeys

Verwendung von PGP Subkeys › .: blog cscholz.io :.

How to use Yubikey or any GPG smartcard in Thunderbird 78

Dokumente und Mails mit PGP schützen » ADMIN-Magazin

Master- und Sub-Keys in Deutsch.

GPG Signing: Traditional vs. PGP/Mime

Inline PGP signatures considered harmful

Replacing PGP 2.x with GnuPG

Describes how to communicate with people still using old versions of PGP 2.x, GnuPG can be used as a nearly complete replacement for PGP 2.x.

GnuPG (GPG) Micro Howto | netzaffe.de

g10 Code

The GnuPG Experts.

GnuPG.com

GnuPG Desktop Komplettpaket mit kommerziellem Support.

Outdated:

Das GNU Privacy Projekt (GnuPP): Als Partner der Aktion "Sicherheit im Internet" des Bundesministeriums für Wirtschaft und Arbeit (BMWA) und des Bundesministeriums des Innern (BMI) entwickel[te]n Spezialisten eine frei verfügbare Verschlüsselungssoftware für jedermann.
[ed: Leider ist die Foerderung eingestellt, die in dem Paket enthaltene GnuPG Version veraltet, und sollte mit einer neuen Version ersetzt werden, was der Anwender nach der Installation selber tun muss. Mit dem neuen GnuPG 1.4.1 fuehrt das allerdings dazu, dass auch ein neueres WinPT installiert werden muss, so dass der Nutzen dieses alten Pakets fraglich wird. Das Projekt macht einen verwaisten Eindruck.]
WinPT: Windows Privacy Tray and related projects on Sourceforge. Also winpt.org is dead.
Project Ägypten (Free Software Sphinx-Clients): The Sphinx project launched by German authorities aims to improve secure email exchange. The projects technological base is the protocol 'TeleTrust e.V. MailTrusT Version 2'. This includes the standards S/MIME, X.509v3 and others.
The Free Software companies Intevation, g10 Code and Klarälvdalens Datakonsult AB are contracted by the German 'Bundesamt für Sicherheit in der Informationstechnik (BSI)' to incorporate the Sphinx protocols into Free Software MUAs. Background is to ensure availability of alternatives to proprietary desktops.
Project Ägypten2: Improving Free Software Sphinx-Clients: Ägypten2 is a successor project of Ägypten1, but with its own technical aims, primarily addressing a better GUI and some more functionality such as OCSP. The Ägypten2 project has the same structural and organisational frame as Ägypten1, started December 1st 2003 and finished in November 2004.
OpenPGP - OpenPGP formerly known as The International PGP Home Page: The purpose of the International PGP Home Page is to promote the use of PGP worldwide, and to be a resource pool for information on the PGP program and the OpenPGP standard.
/pub/mitarb/lutz/crypt/software/pgp/pgp263in directory: A special PGP v2.6.3 international version from 1997 with features added for certification purposes (ENCRyption and SIGNature keys, expiry of keys, revocations of own certificates from other's public keys, etc.). It is fully compatible and interoperable with all prior versions of PGP 2.6.x. It is also the only reliable version available for plain old DOS, look out for pgp263in001007.dosprotectedmode.zip* files.
Lutz Donnerhacke's gesammelte Texte zu Pretty Good Privacy
FoeBuD e.V. - PGP-Handbuch: Aeltere Anleitung basierend auf PGP 2.6.x, 5.x und GnuPG.

Keyrings

keys.openpgp.org: Public service for the distribution and discovery of OpenPGP-compatible keys, commonly referred to as a "keyserver".
A keyserver service that verifies email addresses before publishing keys. It also does not publish 3rd-party signatures, which if abused can confuse your software, alas with the side effect that without those signatures there's also no web of trust. Trusting signature policies is up to you.
Also as .onion
keys.openpgp.org about/usage: Applications that use openpgp.org and some examples.
Mailvelope Key Server: Verifies email address ownership as well as private key ownership by sending an encrypted verification email.
So far (2019-10-27) this and the openpgp.org above are the only verifying keyserver services, all others below don't.
SKS Keyserver Network Under Attack · GitHub
Mitigating Poisoned PGP Certificates (CVE-2019-13050) - Michael Altfield's Tech Blog: If you had bad luck in a --refresh-keys from SKS servers run..
OpenPGP certificate flooding [LWN.net]: Quite good explanation of what happened with poisoned keys.
dkg's blog - OpenPGP Certificate Flooding
The Death of SKS PGP Keyservers, and How First Look Media is Handling It (archive.org): R.I.P. SKS, long live Hagrid.
Projects · hagrid-keyserver / hagrid · GitLab
Hockeypuck: GitHub - hockeypuck/hockeypuck: OpenPGP Key Server
OpenPGP Keyserver (pgpkeys.eu): A Hockeypuck OpenPGP Keyserver.
Distributing kernel developer PGP keys via pgpkeys.git - Konstantin Ryabitsev: As SKS servers are unreliable..
Diensten: SURFnet PKI: Searching, extracting or submitting keys (pgp.surfnet.nl)
Info on the Replicated WWW Based PGP 5.0 Key Server System: Search form at www.de.pgp.net/wwwkeys.html, others are at, ca, ch, cz, de, dk, es, nl, uk and us.
Top Level page for www.pgp.net
PGPnet choose: Let the server guess a mirror near to you.
Do NOT use the MIT PGP Key Server (pgp.mit.edu): This server uses old software and is a bit dumb, it doesn't understand multiple subkeys or subkeys with multiple signatures and treats them as errors, throwing away the elements and effectively crippling keys. I strongly recommend you use a different server.
David Ross -- PGP Public Key Servers: List of key servers with annotations.
RedIRIS - PGP Keyserver Synchronization Graph: outdated, from 2008-10-16 retrieved on 2009-12-30
GnuPG: Das Dilemma mit den Schlüsselservern • Kuketz IT-Security Blog
openpgp4fpr URI scheme: This document describes IANA registered URI scheme used to identify OpenPGP version 4 public keys.

Web Key Directory (WKD), DANE, DNS

WKD - GnuPG wiki: Web Key Directories provide an easy way to discover public keys through HTTPS.
Web Key Directory: Web Key Directory (WKD) checker and setup example for a single key.
Let's discover OpenPGP keys: Introduction to why and how WKD.
Setting up WKD for self-hosted automatic key discovery · GitHub
Keyoxide - Uploading keys using web key directory
Keyoxide - Web Key Directory generator
Setting up OpenPGP Web Key Directory (WKD)
gpg's new --import-filter and --export-filter options: This can be used to strip a key and leave only one uid or a set of uids.
WKDHosting - GnuPG wiki: Hosting a Web Key Directory (without dynamic WKS).
draft-koch-openpgp-webkey-service - OpenPGP Web Key Directory: OpenPGP Web Key Directory (WKD) IETF draft.
Attacks on GnuPG's Web Key Directory (WKD) | SektionEins GmbH
Advisory 01/2018: Multiple vulnerabilities in GnuPG/dirmngr regarding WKD | SektionEins GmbH: Do not use WKD with GnuPG until 2.2.10 or better 2.2.12
20160830-web-key-service
20161027-hosting-a-web-key-directory
RFC 7929 - DNS-Based Authentication of Named Entities (DANE) Bindings for OpenPGP: This document specifies a DANE method for publishing and locating OpenPGP public keys in DNS for a specific email address using a new OPENPGPKEY DNS resource record.; Note that the GnuPG commands in Appendix A. Generating OPENPGPKEY Records meanwhile (gpg 2.1.18) have been changed and simplified to gpg --export --export-options export-dane [email protected]
OpenPGP DNS Dane Cert Records How-to - OpenPGP Keyserver (archive.org)
Publishing Keys in DNS: Note this is of 2015 and some details have changed!
RFC 4398 - Storing Certificates in the Domain Name System (DNS)

Keysigning

GnuPrivacyGuardHowto - Community Help Wiki - Getting your key signed: How to become part of the web of trust and keysigning guidelines. Ubuntu help wiki.
The Keysigning Party HOWTO: Introduction to keysigning parties by V. Alex Brennen.
Efficient Group Key Signing Method (archive.org): Speedup of fingerprint verification step in large keysigning parties.
Keysigning Party Methods - The 'Ad Hoc' Method (archive.org): The 'Ad-Hoc' method (which is basically a fancy shmancy way of saying "the standard way keysignings have always been done!") is best suited to small groups since it can quickly become chaotic with large numbers of people and does not scale well. However, it requires little or no planning so is very easy with small groups.
Keysigning Party Methods - The 'Sassaman-Efficient' Method (archive.org): The 'Sassaman-Efficient' method is based on a proposal by Len Sassaman to efficiently manage large keysigning events. It is well suited to large groups. There is also a modified version known as the 'Sassaman-Projected' method.
Keysigning Party Methods - The 'Sassaman-Projected' Method (archive.org): The 'Sassaman-Projected' method is a modified version of the 'Sassaman-Efficient' method and is well suited to large groups.
The principle difference is that instead of having a folded back line of participants when it comes time to check IDs, a document projector is used to display the ID of each person in turn so that every other participant can clearly see it at the same time. Each participant's ID is therefore examined by everyone else present simultaneously, instead of by each in turn, and the event duration scales linearly with number of participants.
pgp Key Signing Observations: Overlooked Social and Technical Considerations - The Community's Center for Security
Social Implications of Keysigning (archive.org)
Debian -- Keysigning
PGP Tools (archive.org): PGP Tools is a collection for all kinds of pgp related things, including signing scripts, party preparation scripts etc. The caff (CA - Fire and Forget) script is a successor of CA-Bot, much easier in handling.
In Debian the tools are part of the signing-party package.
In Fedora it is the pgp-tools package
Pius: Pius (PGP Individual UID Signer) helps attendees of PGP keysigning parties. Similar but different to caff. Of course also available in Debian and Fedora.
PGP Key Signing Party Keyserver: pgp-kspkeyserver scripts, used at FOSDEM'09 keysigning
tmarble/kspsig - GitHub: Key Signing Party signature verification tool
Savannah: Project Info - keylookup
OpenPGP CA: OpenPGP CA is a tool for managing OpenPGP keys within organizations.
PGP: Graphing The Trust
sig2dot GPG/PGP Keyring Graph Generator (archive.org): sig2dot.pl can be used to generate a graph of all of the signature relationships in a GPG/PGP keyring, like those resulting from keysigning parties, or the Debian Keyring (of all Debian developers). It converts the output of "gpg --list-sigs" to a .dot file, which is a graph definition that can be rendered by springgraph or graphviz.
sims | freshmeat.net: sims (sims is more than sig2dot) parses the output of "gpg --list-sigs" and produces graphs of all the signature relationships in different output formats. It aims to be a replacement for sig2dot which provides many new features. Additionally, parsing of the input is much improved.
GPG/PGP Signature Path Tracing (archive.org): sigtrace.pl traces a signature path through a keyring.
Mutt GPG Signature Tracing (archive.org): mutt-sigtrace is a wrapper for sigtrace to display signature paths from you to the key which signed an email, automatically, in mutt.
Wotsap: Web of trust statistics and pathfinder, group matrix generator and key lister.
Did you know that the strong set of keys, those where all keys are connected by their signatures, forms a leaf in a graphical representation? The Leaf of Trust.
Wotsap: Search: Search forms to query Wotsap. Pathfinder, Key statistics, Group matrix, List keys.

The old Enigmail for Thunderbird

Enigmail: A simple interface for OpenPGP email security: Enigmail is an extension to the mail client of Mozilla / Netscape and Mozilla Thunderbird which allows users to access the authentication and encryption features provided by GnuPG.
my GnuPG and Enigmail Tips: Tips on installing GnuPG and Enigmail. My attempt to explain that to a Windows user, not running Windows myself..
Enigmail / Forum / Enigmail Support:Upgraded gpg and now gpg fails under enigmail but works at the command prompt: The cause why GnuPG 2.0.23 exits with return code 2 is gpg: Note: signatures using the MD5 algorithm are rejected because there are old keys with MD5 hashes that if --allow-weak-digest-algos is not given lead to a fingerprint of 0x00000000000000000000000000000000 (even if the short/long ID says different) and ultimately to gpg: Oops: keyid_from_fingerprint: no pubkey.
In short: for a workaround delete those old MD5 crap keys from your keyring unless you are forced to use them..
gpg2 --list-key 0x00000000000000000000000000000000
gpg2 --export 0x00000000000000000000000000000000 >md5_keys.gpg
gpg2 --delete-keys 0x00000000000000000000000000000000
(repeat until no such key left)
Note: This is supposed to be fixed in GnuPG 2.0.29, see ⚓ T2000 PGP-2 Keys are handled as if their Fingerprint is always zero
GnuPG und EnigMail mit Thunderbird (Praxis): Slides eines einfuehrenden Vortrags von Roland Schmalenberg, mit PgUp/PgDn blaettern oder rechts unten nach Maus-Over das ø Symbol fuer HTML-Komplettseite waehlen.

misc

PGP practice thread - Privacy - Privacy Guides Community
gnupg/DETAILS at master · gpg/gnupg · GitHub: For example the format of the colon listings.
Notes on OpenPGP: Friendly documentation. OpenPGP for application developers.
GitHub - rpgp/rpgp: OpenPGP implemented in pure Rust, permissively licensed
heiko/rsop: Stateless OpenPGP (SOP) based on rpgp - Codeberg.org
Weblog for dkg - HOWTO prep for migration off of SHA-1 in OpenPGP: Replace your 1024-bit DSA keys with 2048-bit RSA keys or larger. See also Creating a new GPG key description at keyring.debian.org
Long-term Memory » Blog Archive » The internals of a GPG/PGP key
Key management using a USB key: Mail thread on the Debian devel list.
manage-keys: udev keyloader: script for loading ssh/gpg keys off of usb media.
Gnu Privacy Guard Agent (GPG) (debian-administration.org archive.org): How to setup the passphrase agent for GnuPG that saves you from having to type in your passhphrase a gazillion times per day.
Pass: The Standard Unix Password Manager - gpg based
gopass - the team password manager - gpg based, rewrite of Pass in Go
Freies & sicheres IM mit Jabber & OpenPGP - Inhalt (archive.org)
PIDGIN-GPG | Download PIDGIN-GPG software for free at SourceForge.net
gnupg.vim - Plugin for transparent editing of gpg encrypted files. : vim online
The Strong Distribution HOWTO
Teams/GnuPG/UsingGnuPGv2 - Debian Wiki: This is a list of packages either supporting GnuPG v2.1 (gnupg2, gpgv2) natively, or describing how to make them use it.
g10 Code - Products - Card: The OpenPGP Card is a specification of an ISO 7816-4,-8 compatible smartcard and also an actually available implementation of this specification as a standard sized card.
Smartcards | Security / Privacy | FLOSS Shop DE: kernel concepts shop
GitHub - duxsco/gpg-smartcard: how i setup my gnupg smartcard: and its Create a GnuPG keypair section.
public:gnupg:gnupg-card-howto [datenkollektiv.net]: GnuPG-Card Anleitung.
GnuPG SmartcardHOWTO: GnuPG supports the use of smartcards. This HOWTO explains how to install and work with these cards.
A tad outdated though..
TechDocs/CardHowtos - FSFE Fellowship Wiki: Howtos for setting up your computer to use your Fellowship smart card, or any other OpenPGP card.
Historical.
Using the OpenPGP card with subkeys - debian grimoire - groups - Crabgrass
GnuPG-Schlüsselerstellung und Smartcard-Transfer – Nitrokey Teil2 ⋆ Kuketz IT-Security Blog
OpenPGP/CleanRoomLiveEnvironment - Debian Wiki: Creating a PGP Master key management workstation that boots from Live CD with networking disabled (Clean room)
Nitrokey | Secure your digital life: The Crypto Stick is an USB key to enable highly secure encryption and signing of emails and data, as well as login to the Web, networks and computers.
Formerly named Crypto Stick and originally a project of the German Privacy Foundation.
How to use GPG with YubiKey (bonus: WSL 1 and WSL 2) — The Coding Nest
GitHub - drduh/YubiKey-Guide: Guide to using YubiKey for GPG and SSH
REINER SCT - Chipkartenleser
Scute: Scute is a PKCS #11 module that adds support for the OpenPGP smartcard card to the Mozilla Network Security Services (NSS).
Sign In with a PGP Key (indieauth.com)
gpgusb-project: gpg4usb is a very easy to use and small portable editor to encrypt and decrypt any text-message or -file you want.
Biglumber Links: Some useful encryption links.
OpenPGP.js | OpenPGP JavaScript Implementation
Mailvelope: OpenPGP encryption for webmail, using OpenPGP.js
OpenPGP Verschlüsselung für Gmail und andere Webmailer | Gmail-Blog: Mailvelope am Beispiel von Gmail und Chrome, Kurzbeschreibung mit screenshots.
google/end-to-end · GitHub: End-To-End is a Chrome extension that helps you encrypt, decrypt, digital sign, and verify signed messages within the browser using OpenPGP.
Early alpha release.
See also Google looks to make OpenPGP easier for Gmail users | Naked Security
Mailing List Archive: more files in private-keys-v1.d than shown with 'gpg --with-keygrip -K'
Keybase: Sign your incarnations on the Net verifiable.
How to Verify Your Mastodon Account with Keybase – Ryan Maynard – Thoughts, Anecdotes, and Miscellany
Decentralized proofs: A method of adding social proofs to OpenPGP keys in a way that can be independently verified by clients. This is similar to Keybase but decentralized.
GitHub - wiktor-k/openpgp-proofs: Like Keybase but distributed
OpenPGP Key lookup and proof verification: With the example of Wiktor's key.
totemo › Securing Data in Motion.: OpenPGP and X.509 transparent email gateway. Proprietary.
pgpverify: Cryptographically verify Usenet control messages.
Beglaubigung OpenPGP-Schlüssel: Mittels eID-Funktion des DE-Personalausweises.
The Monkeysphere Project: The Monkeysphere project's goal is to extend OpenPGP's web of trust to new areas of the Internet to help us securely identify servers we connect to, as well as each other while we work online. The suite of Monkeysphere utilities provides a framework to transparently leverage the web of trust for authentication of TLS/SSL communications through the normal use of tools you are familiar with, such as your web browser or secure shell.
Split GPG | Qubes OS
Using GPG Sync in Qubes with Split GPG · firstlookmedia/gpgsync Wiki · GitHub
Paperkey - an OpenPGP key archiver: If everything else fails ... a key printed on paper may survive much longer than any of your disks or CDs.
Fluidkeys: Simple PGP for engineering teams
The Case for Short OpenPGP Key Validity Periods – Simon Josefsson's blog
How Joe Biden Accidentally Helped Us All E-Mail in Private | WIRED: In the early '90s, Phil Zimmermann was a peacenik with a half-written program that he swore would let people exchange messages privately. But Zimmermann could never find the time to finish the code -- until Joe Biden came along.
What’s the matter with PGP? – A Few Thoughts on Cryptographic Engineering
I'm giving up on PGP
Op-ed: I’m throwing in the towel on PGP, and I work in security | Ars Technica
I'm giving up on PGP
The PGP Problem | Latacora
Stop Using Encrypted Email | Latacora
Bitte hört auf, für PGP zu werben
It's Now Possible To Sign Arbitrary Data With Your SSH Key
GitHub - FiloSottile/age: A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.
Key Overwriting (KO) Attacks against OpenPGP
Autocrypt documentation: Autocrypt is a set of guidelines for developers to achieve convenient end-to-end-encryption of e-mails. It specifies how e-mail programs negotiate encryption capabilities using regular e-mails.
Detecting and preventing active attacks against Autocrypt — Counter Mitm documentation
| p≡p foundation
| p≡p Software
| p≡p Security
Sequoia-PGP: OpenPGP in Rust (code on GitLab)
The new engine in p≡p / pEp.
RNP | C library approach to OpenPGP; GnuPG alternative.
GitHub - openSUSE/obs-sign: sign daemon and client for remote gpg signing.
regpg - safely store server secrets: The regpg program is a thin wrapper around gpg for looking after secrets that need to be stored encrypted in a version control system (so you don't have to trust the VCS server) and decrypted when your configuration management system deploys them to servers.
Keyoxide: Keyoxide allows you to prove “ownership” of accounts on websites, domain names, IM, etc., regardless of your username.
Launching Keyoxide.org — yarmo
keyoxide-blue: Experimental fully local client-side.
Blog — How to create an online identity, part 1: using OpenPGP
shom/keyoxidizer: Keyoxidizer - Interactive Keyoxide helper - keyoxidizer - Codeberg.org
kxid.me: kxid.me is a URL shortener created specifically for Keyoxide profiles.
doip.js: doip.js allows websites and Node.js projects to verify decentralized online identities based on OpenPGP.
tyy/xapu-rs: A command line program to help with storing and fetching ariadne proofs on an XMPP account - xapu-rs - Codeberg.org
tencrypt: A terse (read: simple, basic) message encryption tool for the web.
Fun things you can do with a PGP/GnuPG key

Home ../../bookmarks