Made a few updates and released a new version of #calliope , a #bash script based utility to write a journal using #LaTeX. Since it's #LaTeX based, you can pretty much add whatever you wish to your journal---images, other PDFs, beautiful maths, and of course, you can customise it as you wish to suit your needs. It's all managed by #Git and if you'd like you can encrypt your journal entries using #gpg

Check it out on #GitHub : https://github.com/sanjayankur31/calliope

Non, #Google ne proposera pas un vrai #chiffrement de bout en bout sur #Gmail. Le mécanisme proposé n'est pas considéré comme un véritable chiffrement "E2EE" par certains experts. En effet, il implique un serveur de gestion de clés interne à l'entreprise.
https://www.clubic.com/actualite-560031-non-google-ne-proposera-pas-un-vrai-chiffrement-de-bout-en-bout-sur-gmail.html
Mieux vaut utiliser soit #protonmail soit #thunderbird avec #gpg et une adresse mail chez un hébergeur non #gafam respectant les #donneespersonnelles

For years now I’ve had a bit of a bee under my cap: would it be possible to unlock a Vault file with a GnuPG-compatible smart card? And what if the smart card were local and the unlocking had to be triggered remotely?

Forwarding GnuPG agent over SSH

https://jpmens.net/2025/04/04/forwarding-gnupg-agent-over-ssh/

#gpg #ansible

Edit: I have amended the sentence regarding distinct machines. Works fine on two different Linux boxes.

Overriding GnuPG's PIN entry

https://jpmens.net/2025/04/04/overriding-gnupg-s-pin-entry/

#GitHub "enterprise" has some very weird properties:
* commits made with my email address not from the organization are not counted in statistics (oh how I despise these stats...)
* my #gpg signed commits are shown as unverified even though gh has my public key on my personal profile
* I can not add my public key nor my well known email address to my enterprise profile

All of this "enterprise"-junk just puts me off. No, #GitHub is not #git.

#Gwit est un protocole de publication de contenus textuels (sites, documentation, etc) simplissime, pensé pour fonctionner essentiellement hors-ligne. Il est basé sur #Git et #PGP. Il permet de repartager des sites (même hors ligne) sans risque que le contenu ait été modifié

Pour le moment, seuls deux sites existent à ma connaissance ^^. Mais n'importe quel site statique léger peut facilement être "hébergé" sur Gwit.

gwit : https://sr.ht/~ivilata/gwit/

#gpg #offline

1/2

Has anyone here on #fedi figured out the correct recipe for dealing with #OpenPGP, #DMARC and #mailman ?

The problem, by default mailman will modify messages and this will break the dkim signature.
https://gitlab.com/mailman/mailman/-/issues/1079

Mailman provides two DMARC mitigation options (other option is reject or discard which is not useful in this case).

1. Replace the from address with list address
2. Wrap original message in an envelope

thunderbird flags 1 and fails 2.
#askfedi #gnupg #gpg #thunderbird

Everybody should learn how to use GPG.

https://gnupg.org/

Setup a bash script to #GPG encrypt and upload backup files to Google Drive via #gdrive. I considered rclone at first but couldn‘t set it up easily on the vps.

https://github.com/glotlabs/gdrive

How do folks deal with GitHub and GPG keys? #github #security #gpg #pgp

#FOSDEM 2025 - anyone interested into #GPG key signing?

If you're interested:
* Provide a printed snippet of your fingerprint (gpg-key2ps)
* I will send you the signing to your email (instead of uploading them to key servers [gpg-mailkeys])
* You can find my key at https://gpg.gyptazy.com and you're allowed to upload them to key servers.
* Have you passport / ID card with you to validate your identity
* I'll probably be mostly in the #BSDDevroom but you can also ping me on Matrix

Happy key signing!

My $.02 - any service that claims to make your E-mail secure or private is utterly, completely, irretrievably bogus.

E-mail is a store and forward protocol where any given hop on the E-mail's potentially multi-hop journey may well be and probably is "en claire" the cryptographers might say.

You want secure email? Treat it like something shouted into a crowded room and encrypt it at before it even gets into the pipeline.

Yes, #GPG is a pain but honestly? If you want fully private encrypted yada why not just use #Signal and call it a day? :)

Has anbody a clue why #pass tells me "gpg: decryption failed: No secret key" but when I use plain gpg --decrypt bla.gpg it shows me its contents without problems? I had an expired gpg key and created a new one, but meanwhile already imported my old one. My feeling is that pass is using the wrong GPG key, but I have no clue where to configure it which one to use. Any help appreciated #encryption #gpg #linux #terminal

14.01.2025: GnuPG announces release of 2.5.3 for public testing, finalized PQC algorithms are supported.
Source: https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000489.html

PQC: https://en.wikipedia.org/wiki/Post-quantum_cryptography
GnuPG: https://mastodon.online/@blueghost/111974048270035570
Harvest now, decrypt later: https://mastodon.online/@blueghost/111357939714657018

I haven't adopted #PassKeys for my accounts because, as far as I can tell, there aren't really any options that let me own my private key and store it myself; they all depend on trusting somebody like Google, Meta or Apple to handle it for you, which completely defeats the purpose in my opinion. Like #PGP / #GPG, I want to own the private key so I can manage it myself. Trusting your PassKey to a third party app that's only on your phone introduces a single point of failure.