Delta Chat<p><span class="h-card" translate="no"><a href="https://fosstodon.org/@triskelion" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>triskelion</span></a></span> <br>Proton Mail uses <a href="https://chaos.social/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenPGP</span></a> standard and it is possible to send and receive encrypted messages between Delta Chat and Proton Mail. It is not straightforward currently but we work on making it easier by allowing to share the keys in vCards. Delta Chat cannot be used as a client for Proton Mail because Proton Mail does not allow the clients to use SMTP and IMAP to directly access mailboxes.</p><p>Tuta cannot be used to send and receive encrypted e-mail because it does not support OpenPGP.</p>
Recent searches
No recent searches
Search options
Only available when logged in.
helvede.net is one of the many independent Mastodon servers you can use to participate in the fediverse.
Velkommen til Helvede, fediversets hotteste instance! Vi er en queerfeministisk server, der shitposter i den 9. cirkel.
Welcome to Hell, We’re a DK-based queerfeminist server.
Read our server rules!
Administered by:
Server stats:
159active users
helvede.net: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#openpgp
0 posts · 0 participants · 0 posts today
Delta Chat<p>Some of you may have heard of <a href="https://chaos.social/tags/simplex" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>simplex</span></a> which likes to elevate itself as "the first messenger without user-ids" ... a goal, similar to ours, of not letting the transport layer know about who talks. Only we are doing it in the email system, fully interoperable with tens of thousands of existing email servers and other <a href="https://chaos.social/tags/openpgp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>openpgp</span></a> endpoints. The email system is much more than SMTP/IMAP or even openpgp btw ... there is plenty of room for radical shifts and new takes. We are just starting :)</p>
Delta Chat<p><a href="https://chaos.social/tags/openpgp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>openpgp</span></a> traditions and <a href="https://chaos.social/tags/signal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>signal</span></a> both bind a cleartext identifier, phone number or email address, to a cryptographic key. It opens up attack vectors as the servers/orgs controlling this binding can interfere.</p><p><a href="https://chaos.social/tags/deltachat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>deltachat</span></a> avoids such cleartext identity bindings by creating random <a href="https://chaos.social/tags/chatmail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>chatmail</span></a> addresses, as transport only. The cryptographic key becomes the identifier and we want it hidden from the transport layer. Only people being in end-to-end encrypted chat need to identify each other, after all.</p>
Karl Voit :emacs: :orgmode:<p>If you need <a href="https://graz.social/tags/E2EE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>E2EE</span></a> via <a href="https://graz.social/tags/email" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>email</span></a>, the only 2 valid standards are <a href="https://graz.social/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenPGP</span></a> and <a href="https://graz.social/tags/SMIME" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SMIME</span></a>. </p><p>It's not that those are without issues but everything else is mediocre.</p><p>Yes, you can switch to non-email-services as well such as <a href="https://graz.social/tags/Signal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Signal</span></a>. But that's a different island.</p><p><a href="https://graz.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://graz.social/tags/encryption" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>encryption</span></a> <a href="https://graz.social/tags/mail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mail</span></a> <a href="https://graz.social/tags/GMail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GMail</span></a></p>
Ivan GJ<p><strong>Delta Chat es demasiado buena 🔥</strong></p>
<p><a href="https://fediverse.tv/videos/watch/21b54e75-f8ae-4a61-919c-a7d264f67b57" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">fediverse.tv/videos/watch/21b5</span><span class="invisible">4e75-f8ae-4a61-919c-a7d264f67b57</span></a></p>
Preston Maness ☭<p><span class="h-card" translate="no"><a href="https://mastodon.ml/@Xeniax" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Xeniax</span></a></span> Totally nerdsniped :D I'd love to be a part of the study.</p><p>I don't think that <a href="https://tenforward.social/tags/KeyServers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>KeyServers</span></a> are dead. I think they evolved into Verifying Key Servers (VKS), like the one run by a few folks from the OpenPGP ecosystem at <a href="https://keys.openpgp.org/about" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">keys.openpgp.org/about</span><span class="invisible"></span></a> . More generally, I believe that <a href="https://tenforward.social/tags/PGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PGP</span></a> / <a href="https://tenforward.social/tags/GPG" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GPG</span></a> / <a href="https://tenforward.social/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenPGP</span></a> retains important use-cases where accountability is prioritized, as contrasted with ecosystems (like <a href="https://tenforward.social/tags/Matrix" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Matrix</span></a>, <a href="https://tenforward.social/tags/SignalMessenger" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SignalMessenger</span></a>) where deniability (and Perfect Forward Secrecy generally) is prioritized. Further, PGP can still serve to bootstrap those other ecosystems by way of signature notations (see the <a href="https://tenforward.social/tags/KeyOxide" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>KeyOxide</span></a> project).</p><p>Ultimately, the needs of asynchronous and synchronous cryptographic systems are, at certain design points, mutually exclusive (in my amateur estimation, anyway). I don't think that implies that email encryption is somehow a dead-end or pointless. Email merely, by virtue of being an asynchronous protocol, cannot meaningfully offer PFS (or can it? Some smart people over at crypto.stackexchange.com seem to think there might be papers floating around that can get at it: <a href="https://crypto.stackexchange.com/questions/9268/is-asynchronous-perfect-forward-secrecy-possible" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">crypto.stackexchange.com/quest</span><span class="invisible">ions/9268/is-asynchronous-perfect-forward-secrecy-possible</span></a>).</p><p>To me, the killer feature of PGP is actually not encryption per se. It's certification, signatures, and authentication/authorization. I'm more concerned with "so-and-so definitely said/attested to this" than "i need to keep what so-and-so said strictly private/confidential forever and ever." What smaller countries like Croatia have done with <a href="https://tenforward.social/tags/PKI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PKI</span></a> leaves me green with envy.</p>
l<p><span class="h-card" translate="no"><a href="https://mastodon.social/@eff" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>eff</span></a></span> <span class="h-card" translate="no"><a href="https://hachyderm.io/@evacide" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>evacide</span></a></span> <br>GnuPG is not the only way to encrypt email, I use <a href="https://fosstodon.org/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenPGP</span></a> with Thunderbird and <span class="h-card" translate="no"><a href="https://chaos.social/@delta" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>delta</span></a></span>, both don't use GPG.</p><p>Also pages<br><a href="https://ssd.eff.org/module/how-use-pgp-linux" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ssd.eff.org/module/how-use-pgp</span><span class="invisible">-linux</span></a><br>and<br><a href="https://ssd.eff.org/module/how-use-pgp-windows" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ssd.eff.org/module/how-use-pgp</span><span class="invisible">-windows</span></a><br>are outdated, Thunderbird now has built-in OpenPGP implementation and Enigmail does not work with the latest versions.</p>
Delta Chat<p>We are not aware of other FOSS development teams that have as extensive knowledge, both theoretical and practical, about <a href="https://chaos.social/tags/email" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>email</span></a> and <a href="https://chaos.social/tags/openpgp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>openpgp</span></a> and regularly release across all platforms for users world wide ... except for <a href="https://chaos.social/tags/protonmail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>protonmail</span></a> with whose technical and security experts we discuss regularly. They are the other major game in town doing pervasive email encryption after all. Did you know that Proton's and delta's VCards are compatible across ecosystems and establish immediate encryption?</p>
Delta Chat<p><span class="h-card" translate="no"><a href="https://jura.social/@mathilde" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>mathilde</span></a></span> <a href="https://chaos.social/tags/chatmail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>chatmail</span></a> server users don't have these problems because they don't even need to know their password or email address. Messages in delta chat are stored locally and the server only stores them for a limited time, up to 20 days by default, so all devices have a chance to download the message. Blocklists are also not used, the only requirements are <a href="https://chaos.social/tags/DKIM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DKIM</span></a> signature and <a href="https://chaos.social/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenPGP</span></a> encryption.</p>
Delta Chat<p>The downside of our project approach was that we often got experts being very dismissive on re-using email and <a href="https://chaos.social/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenPGP</span></a> ... and there still is some opposition which often subsides when actually trying <a href="https://chaos.social/tags/deltachat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>deltachat</span></a> and <a href="https://chaos.social/tags/chatmail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>chatmail</span></a>, looking at security audits and our strong usable security focus. </p><p>There may also be surprising upsides. The UK "Online Safety Bill" which attacks end-to-end encryption integrity seems to not apply for ... e-mail. Because everyone knows, e-mail is unencrypted, right? :)</p>
Em :official_verified:<p>New Privacy Guides article 🔑✨<br>by me: </p><p>If you are using a YubiKey, </p><p>you might get in some situations where you need to reset your key to factory default, and/or set up a backup of it on a spare key.</p><p>This tutorial will guide you <br>through each step to reset and back up your YubiKey successfully, with clear instructions and plenty of visual support.</p><p>I hope you find it helpful!</p><p><a href="https://www.privacyguides.org/articles/2025/03/06/yubikey-reset-and-backup/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">privacyguides.org/articles/202</span><span class="invisible">5/03/06/yubikey-reset-and-backup/</span></a></p><p><a href="https://infosec.exchange/tags/PrivacyGuides" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PrivacyGuides</span></a> <a href="https://infosec.exchange/tags/Privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Privacy</span></a> <a href="https://infosec.exchange/tags/Yubico" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Yubico</span></a> <a href="https://infosec.exchange/tags/YubiKey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>YubiKey</span></a> <a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a> <a href="https://infosec.exchange/tags/OTP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTP</span></a> <a href="https://infosec.exchange/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenPGP</span></a> <a href="https://infosec.exchange/tags/Encryption" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Encryption</span></a> <a href="https://infosec.exchange/tags/MFA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MFA</span></a></p>
Lars Wirzenius<p>I've made release 0.3.0 of sopass, my command line password manager that uses a Stateless OpenPGP implementation for cryptography.</p><p>* configuration file<br>* add value from named file or stdin<br>* default to rsop<br>* manual page, built-in help</p><p><a href="https://sopass.liw.fi/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">sopass.liw.fi/</span><span class="invisible"></span></a></p><p><a href="https://toot.liw.fi/tags/sopass" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sopass</span></a> <a href="https://toot.liw.fi/tags/pass" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pass</span></a> <a href="https://toot.liw.fi/tags/passwordManager" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passwordManager</span></a> <a href="https://toot.liw.fi/tags/commandLine" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>commandLine</span></a> <a href="https://toot.liw.fi/tags/cli" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cli</span></a> <a href="https://toot.liw.fi/tags/openpgp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>openpgp</span></a> <a href="https://toot.liw.fi/tags/statelessOpenPGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>statelessOpenPGP</span></a> <a href="https://toot.liw.fi/tags/sop" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sop</span></a></p>
Lars Wirzenius<p>I made a couple of changes to sopass, my command line password manager that uses a Stateless OpenPGP implementation for cryptography.</p><p>* It no longer creates the configuration file.<br>* It has built-in help for all sub-commands, options, and other command line arguments.</p><p>There is also a rudimentary manual page.</p><p><a href="https://sopass.liw.fi/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">sopass.liw.fi/</span><span class="invisible"></span></a></p><p><a href="https://toot.liw.fi/tags/paswordManager" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>paswordManager</span></a> <a href="https://toot.liw.fi/tags/sopass" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sopass</span></a> <a href="https://toot.liw.fi/tags/pass" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pass</span></a> <a href="https://toot.liw.fi/tags/commandLine" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>commandLine</span></a> <a href="https://toot.liw.fi/tags/cli" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cli</span></a> <a href="https://toot.liw.fi/tags/openpgp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>openpgp</span></a> <a href="https://toot.liw.fi/tags/cryptography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cryptography</span></a></p>
Rivane Rasetiansyah<p>Initializing a new project - Interplanetary Markdown. Might explore a <a href="https://fosstodon.org/tags/Web3" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Web3</span></a> (off-chain) approach later for a better experience, but for now, keeping it simple with good old <a href="https://fosstodon.org/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenPGP</span></a>.</p><p>A censorship-resistant <a href="https://fosstodon.org/tags/Markdown" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Markdown</span></a> publishing platform, enabling seamless content distribution. Powered by the Interplanetary File System (<a href="https://fosstodon.org/tags/IPFS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IPFS</span></a>), ensuring <a href="https://fosstodon.org/tags/blogs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>blogs</span></a>, <a href="https://fosstodon.org/tags/articles" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>articles</span></a>, and other written content remain accessible and verifiable across the distributed web.</p><p><a href="https://github.com/rvnrstnsyh/cupoftea" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/rvnrstnsyh/cupoftea</span><span class="invisible"></span></a></p>
Delta Chat<p>Isn't it poetic and ironic that out of all possible time lines we are in one where <a href="https://chaos.social/tags/securejoin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>securejoin</span></a> <a href="https://chaos.social/tags/openpgp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>openpgp</span></a> protocols on top of the existing <a href="https://chaos.social/tags/email" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>email</span></a> protocols offer the arguably most solidly scaling, useable, world-wide federated end-to-end encrypted messaging reality, safe against compromised <a href="https://chaos.social/tags/mitm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mitm</span></a> servers? Hundreds of billions spend to create "the email successor" and here we are in 2025 .... <a href="https://chaos.social/tags/interoperable" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>interoperable</span></a> <a href="https://chaos.social/tags/email" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>email</span></a> and <a href="https://chaos.social/tags/cryptography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cryptography</span></a> as the tortoise looking at Achilles through the back mirror :)</p>
Kushal Das :python: :tor:<p>Using openpgp-card-tool-git for <a href="https://toots.dgplug.org/tags/git" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>git</span></a> operations <a href="https://kushaldas.in/posts/using-openpgp-card-tool-git-with-git.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">kushaldas.in/posts/using-openp</span><span class="invisible">gp-card-tool-git-with-git.html</span></a> The tools is from <span class="h-card" translate="no"><a href="https://fosstodon.org/@hko" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>hko</span></a></span> <a href="https://toots.dgplug.org/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenPGP</span></a> <a href="https://toots.dgplug.org/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a></p>
Heiko<p>I just released versions 0.6.2 of rsop, a stateless <a href="https://fosstodon.org/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenPGP</span></a> ("SOP") CLI tool based on <span class="h-card" translate="no"><a href="https://mastodon.social/@rpgp" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>rpgp</span></a></span>:</p><p><a href="https://crates.io/crates/rsop/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">crates.io/crates/rsop/</span><span class="invisible"></span></a></p><p>Changes since rsop 0.6.0:</p><p>- decryption based on session keys is now supported,<br>- generation of man pages and shell tab completion has been added, <br>- some subtle semantics fixes for component key validity were implemented.</p><p>For more on <a href="https://fosstodon.org/tags/SOP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SOP</span></a>, see <a href="https://datatracker.ietf.org/doc/draft-dkg-openpgp-stateless-cli/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">datatracker.ietf.org/doc/draft</span><span class="invisible">-dkg-openpgp-stateless-cli/</span></a></p><p><a href="https://fosstodon.org/tags/PGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PGP</span></a> <a href="https://fosstodon.org/tags/GnuPG" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GnuPG</span></a></p>
rPGP<p>rPGP has recently received an audit by <span class="h-card" translate="no"><a href="https://infosec.exchange/@ros" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>ros</span></a></span></p><p>The audit uncovered a number of issues, in particular: Multiple cases in which malformed input data can lead to Rust "panic"s. Triggering these typically leads to termination of applications that use <a href="https://mastodon.social/tags/rPGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>rPGP</span></a>. This can act as a vector for denial of service attacks, but does not impact confidentiality or integrity security properties.</p><p>These issues were resolved in <a href="https://mastodon.social/tags/rPGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>rPGP</span></a> release 0.14.2. Updating is recommended for all users.</p><p><a href="https://mastodon.social/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenPGP</span></a> <a href="https://mastodon.social/tags/PGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PGP</span></a> <a href="https://mastodon.social/tags/GnuPG" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GnuPG</span></a></p>
Delta Chat<p>Six times so far ... is how often important parts of <a href="https://chaos.social/tags/deltachat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>deltachat</span></a> were independently <a href="https://chaos.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> audited and analyzed. Thanks to IncludeSecurity, Cure53, Applied Crypto Team at ETH Zuerich and Radical Open Security.</p><p>Last audit is from December 2024 covering <span class="h-card" translate="no"><a href="https://mastodon.social/@rpgp" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>rpgp</span></a></span> , the minimal <a href="https://chaos.social/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenPGP</span></a> Rust library that is gaining traction with others projects as well. <br>Shout-out to dignifiedquire and <span class="h-card" translate="no"><a href="https://fosstodon.org/@hko" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>hko</span></a></span> for their excellent maintenance! For more info on Delta Chat related security audits: <a href="https://delta.chat/en/help#security-audits" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">delta.chat/en/help#security-au</span><span class="invisible">dits</span></a></p>
Heiko<p>There's a lot of interest in <a href="https://fosstodon.org/tags/pass" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pass</span></a> -like tools, but without being bound to <a href="https://fosstodon.org/tags/gnupg" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>gnupg</span></a> </p><p>One exciting early stage exploration by <span class="h-card" translate="no"><a href="https://toots.dgplug.org/@kushal" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>kushal</span></a></span> uses the standard <a href="https://fosstodon.org/tags/SOP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SOP</span></a> mechanism (<a href="https://datatracker.ietf.org/doc/draft-dkg-openpgp-stateless-cli/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">datatracker.ietf.org/doc/draft</span><span class="invisible">-dkg-openpgp-stateless-cli/</span></a>).</p><p>Kushal's experimental fork of pass can already directly use <a href="https://fosstodon.org/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenPGP</span></a> card devices via the rsop-oct implementation:</p><p><a href="https://github.com/kushaldas/password-store/tree/card" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/kushaldas/password-</span><span class="invisible">store/tree/card</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload