Please help with testing a new #Thunderbird #Security feature: Unobtrusive Signatures, a novel mechanism for digitally signing email, currently implemented for #OpenPGP.

@kaiengert Amazing to see this feature moving forward, and landing in test releases!

@Larvitz exciting indeed! Would be great to see these projects in the FreeBSD ports collection ️

Cc @wiktor

The openpgp-card-state crate now has a new "ephemeral" backend:

state

state - Shared state for applications that use OpenPGP cards

Codeberg.org (codeberg.org)

This combines the defensiveness of unpersisted pinentry with the convenience of caching (in the Linux kernel credential store, for a configurable duration).

New releases of https://crates.io/crates/openpgp-card-tool-git, https://crates.io/crates/openpgp-card-ssh-agent, https://crates.io/crates/rsop-oct support this new #OpenPGP card PIN storage backend.

Many thanks to @classabbyamp who implemented this new PIN handling mechanism in openpgp-card-state.

@liw I do think there are some reasons to worry - but not about skilled programmers losing their privileged position in the job market.

My impression is that a lot of the frenzied discourse is caused by two facts: 1) a few corporations are spending ridiculous amounts of money, and some of it on propagandizing, and 2) these LLM techniques do have some kernel of utility for some software engineering-related tasks.

I enjoyed the perspectives in this recent conversation: https://dair-community.social/@timnitGebru/116237328338979566

The https://freepg.org/ project maintains patches against #GnuPG with the goal of closer adherence to the IETF #OpenPGP spec.

One currently open question is if/how draft-ietf-openpgp-pqc support could be realistically added to #FreePG

I've started https://codeberg.org/freepg/freepg-draft-ietf-openpgp-pqc first of all as a notes-to-self repo for a (presumably very slow and long-term) side quest to explore this problem.

Specifically, the goal would be adding support for v4 ML-KEM-768+X25519 subkeys.

Post-Quantum Cryptography in OpenPGP

This document defines a post-quantum public key algorithm extension for the OpenPGP protocol, extending RFC9580. Given the generally assumed threat of a cryptographically relevant quantum computer, this extension provides a basis for long-term secure OpenPGP signatures and ciphertexts. Specifically, it defines composite public key encryption based on ML-KEM (formerly CRYSTALS-Kyber), composite public key signatures based on ML-DSA (formerly CRYSTALS-Dilithium), both in combination with elliptic curve cryptography, and SLH-DSA (formerly SPHINCS+) as a standalone public key signature scheme.

(www.ietf.org)

@lrvick 🤪

I could not avoid having to buy one stick of 16GB a few days ago. I'm very annoyed at whatever this stage of capitalism is called.