Retiring the RSA-version of my OpenPGP/GnuPG key, to be replaced by ECC. Just need to do some CLI trimming on my keyring. :)

@eibart Für solche Usecases nutze ich @nextcloud - beim Selfhosting weiß man auch, wo die Daten sind.

Bei Services wie eben z.B. WeTransfer die Daten *immer* verschlüsseln. #GnuPG ist dafür gut geeignet. Dann lernt deren KI eben PGP verschlüsselte Daten.

New blog article: "Using a second #OpenPGP card for my primary key"

https://openpgp.foo/posts/2025-07-a-second-card/

This is a rather niche article, but I hope it will still contain some bits of interest, for at least some readers .

In it, I import my primary OpenPGP key onto a second OpenPGP card hardware device, and use the device to issue a third-party certification with rsop-oct.

I also outline some background and tradeoffs around different OpenPGP card setup.

I just released version 0.1.3 of rsop-oct, a stateless #OpenPGP ("SOP") CLI tool for use with OpenPGP card hardware devices:

https://crates.io/crates/rsop-oct/

Like its sibling project #rsop, rsop-oct is based on @rpgp

This update adds support for the SOP command 'certify-userid'.

This allows issuing certifications (aka "third-party signatures") over identities in other people's OpenPGP certificates, directly with an OpenPGP card device.

For more on #SOP, see https://datatracker.ietf.org/doc/draft-dkg-openpgp-stateless-cli/

#GnuPG 2.5.9 has been released along with a new #Gpg4win beta. And - for the first time - we now publish packages for #Debian, #Devuan, and #Ubuntu .

See https://lists.gnupg.org/pipermail/gnupg-announce/2025q3/000495.html

Wollte grad (nach Jahren) mal wieder ne #PGP-Verschlüsselung für meine Mails einrichten. Nun hat #Thunderbird ja inzwischen #GNUPG und das sieht ja auch alles ganz toll aus, aber was mich als alter #Enigmail User irritiert, ist das Ding mit der (fehlenden) Passphrase. Also wie ich das verstehe wird die ja (für alle Mailaccounts!?) ersetzt durch das Thunderbird-Masterpasswort. So weit so naja... Aber würde die Mails auch weiterhin gern auffm Handy abrufen (#K9). Da gibts dann n Addon, soweit hab ich das schon gesehen, aber ist dann das Masterpasswort auch da meine Passphrase? Danke schonmal für Tipps...

Would anyone with ample #GnuPG or #OpenPGP knowledge know if changing the expiry date of an Authrntication subkey has any effect on the #SSH-pubkey gpg-agent published for that subkey?

I’m trying to decide if I want to have my subkeys - which are stored on a hardware key - expire or not…

The PGP Problem

https://www.latacora.com/blog/2019/07/16/the-pgp-problem/

I just learned that when encrypting email with PGP, the subject line of the email is NOT encrypted. Two things about this fascinate me:

- what a glaring oversight. How did anyone ever think that not encrypting the subject line was a good idea

- why is this not more commonly known? i feel like every guide how to use PGP for email should be screaming from the rooftops: "TAKE NOTE THAT THE SUBJECT LINE OF YOUR EMAILS IS NOT ENCRYPTED". Instead, I just found it deep in the details of one such guide. Many guides (yes I checked several) don't include this information at all.

I'm trying to use #GnuPG and it's so bad that I just have to rant about it. I usually try not to rant because it isn't constructive but I have to let it out.

First try, the default method to generate keys fails, because some mysterious gnupg agent isn't running. Googling. Okay gotta start this agent. Ah, agent starting fails because some config option in the .gnupg folder is wrong. Manually delete the .gnupg folder. Ok now the agent seems to start but creating keys still fails "no such file or directory". Manually creating the .gnupg folder. Now it fails again. Figure out that now the gnupg agent is unhappy. Restart agent. Finally manage to create keys. Try to import my key to thunderbird, but how many keys are there in my private key folder? 2! Why? Who the hell knows.

I just released version 0.7.1 of #rsop, a stateless #OpenPGP ("SOP") CLI tool based on @rpgp:

https://crates.io/crates/rsop/

This version adds support for the "merge-certs" SOP command, which consolidates multiple versions of a certificate into a unified aggregate view.

For more on #SOP, see https://datatracker.ietf.org/doc/draft-dkg-openpgp-stateless-cli/

#GnuPG v2.5.8 is for those that are using 2.5.7 - as it fixes a regression and improves on little things.

https://dev.gnupg.org/T7672

(2.5.x is a "public testing release series" and comes with a post-quantum cryptography encryption algorithm.)