This repo includes extensions and workflow examples for being able to attach an arbitrary number of GPG signatures to a given commit or tag. Git already supports commit signing. These tools are intended to compliment that support by allowing a code reviewer and/or release engineer attach their signatures as well.
When it came time to implement 2FA in my open-source project Mentat, I wanted to try something a little different. As an end-to-end encrypted chat app, asymmetric encryption was already an important aspect of the platform, and was easy enough to implement using OpenPGP.js. When a user signs up for the platform, a keypair is generated and the public key is saved in the database as part of that user's identity. But an issue arises when the user wants to sign into a different device: how can the user's private key be transmitted in a way that doesn't reveal their credentials to the server? As it turns out, I was able to solve this issue and add a second authentication factor in the same step.
Web Key Directory - Web Key Directories provide an easy way to discover public keys through HTTPS. They provide an important piece to the infrastructure to improve the user experience for exchanging secure emails and files. In contrast to the public keyservers a Web Key Directory does not publish mail addresses. And it is an authoritative pubkey source for its domain.
We believe privacy is a human right.
Add the secure contact form to your website in minutes, no coding required.
It encrypts the message with PGP (client-side) and sends it on to the mail account. A user who does not use PGP can send fairly secure mails to PGP-users. A simple vanity-style URL can be given to such users for easy access to the secure contact form.
The topic of that paper is that HTML is used as a back channel to create
an oracle for modified encrypted mails. It is long known that HTML
mails and in particular external links like <img href="tla.org/TAG"/>
are evil if the MUA actually honors them (which many meanwhile seem to
do again; see all these newsletters). Due to broken MIME parsers a
bunch of MUAs seem to concatenate decrypted HTML mime parts which makes
it easy to plant such HTML snippets.
There are two ways to mitigate this attack
- Don't use HTML mails. Or if you really need to read them use a
proper MIME parser and disallow any access to external links.
- Use authenticated encryption.
Efail: Was Sie jetzt beachten müssen, um sicher E-Mails zu verschicken
2 WITH PRETTY EASY PRIVACY (P≡P) SUPPORT BY DEFAULT FOR NEW USERS
Per PGP lassen sich E-Mails zwischen zwei Personen verschlüsseln - und sind sowohl auf dem Server des Anbieters, als auch auf der Reise durchs Internet vor fremden Blicken sicher.