Update: Might not actually be targeted. See Evil 32. Thanks to Ximin Luo for giving me more peace of mind!
Update: I’m not the only one hit by this. Here’s a conversation on GNU social with more people hit - though no one else reported yet having two keys faked and cross-signed.
Update: At the very least you should do this: echo keyid-format long >> ~/.gnupg/gpg.conf
On the 29th of August a colleague asked me “which key should I use to encrypt to you?” I was confused, because I only have one key for that email address. So he showed me the keys he saw:
$ gpg2 --list-keys --fingerprint arne.babenhauserheide ------------------------------- pub 2048R/A70DA09E 2011-10-07 [expires: 2016-10-05] uid Arne Babenhauserheide <arne.babenhauserheide@kit.edu> sub 2048R/39829E5F 2011-10-07 [expires: 2016-10-05] pub 2048R/A70DA09E 2014-06-16 [revoked: 2016-08-16] uid Arne Babenhauserheide <arne.babenhauserheide@kit.edu>
Summary: replace my old key:
6B05 41F0 94FF 2163 6FBA
2433 3307 469B FE96 C404
with my new key:
F34D 6A12 35D0 4903 CD22
D5C0 13EF 8D45 2403 C3EB — and use GnuPG.
I am transitioning my GnuPG1 key from an old 1024-bit key to a stronger 4096-bit key. The old key will continue to be valid for some time, but I prefer all new correspondance to be encrypted in the new key, and will be making all signatures going forward with the new key.
The old key, which I am transitioning away from, is:
sec 1024D/FE96C404 2002-02-04
Key fingerprint = 6B05 41F0 94FF 2163 6FBA
2433 3307 469B FE96 C404
The new key, to which I am transitioning, is:
sec 4096R/2403C3EB 2016-01-04
Key fingerprint = F34D 6A12 35D0 4903 CD22
D5C0 13EF 8D45 2403 C3EB
The transition document below is signed with both keys to validate the transition.
If you have signed my old key, I would appreciate signatures on my new key as well, provided that your signing policy permits that without reauthenticating me.
For additional information about GnuPG, see Email Self-Defense: A guide to fighting surveillance with GnuPG encryption. ↩
How E-Mail with GnuPG could hide when you talk, where you talk from and what you talk about.
or in technical terms:
E-Mail with perfect forward security, hidden subject and masked date using GnuPG and better frontends.
Update 2018: Some of these ideas are becoming real and widespread now with pΞp (pretty-easy-privacy) and the autocrypt-standard.
If you regularly read my articles, you’ll know that I’m a proponent of connecting over Freenet to regain confidential and pseudonymous communication.
Here I want to show how it would be possible to use E-Mail with GnuPG to get close to the confidentiality of Freenet friend-to-friend communication, because we have the tech (among the most heavily scrutinized and well-tested technology we use today) and we have the infrastructure. All it requires are more intelligent E-Mail clients. Better UI which makes the right thing easy.
»What is the .asc file?« This explanation is intended to be copied as-is into emails when someone asks about your signature.
The .asc file is a signature which can be used to verify that the email was really sent by me and wasn’t tampered with.[1] It can be verified with standard email security tools like Enigmail[2], Gpg4win[3] or MacGPG[4] - and others tools supporting OpenPGP[5].
→ Kommentar zum BeHaind Video Soziale Massenmanipulation - Politiker flippt aus - Sailor Moon
Ganz klar, es gibt Manipulation. Und die wird es immer geben, wenn die Kommunikation von anderen kontrolliert wird.
Ich verwende deswegen zusätzlich zu Twitter und G+ auch GNU social und Sone.
Eine verschlüsselte E-Mail zu schicken ist einfach. Hier will ich dir in 3 Schritten zeigen, wie du mich erreichen kannst. Ich zeige die Schritte für eine Reihe verschiedener Programme, sowohl für Windows als auch für OSX und GNU/Linux.
Das Programm dafür ist GnuPG: Frei lizensiert und der langjährige Standard für sichere Verschlüsselung von E-Mails.
When you enter the freenet Web of Trust, you first need to get some trust from people by solving captchas. And even when people trust you somehow, you have no way to prove your identity in an automatic way, so you can’t create identities which freenet can label as trusted without manual intervention from your side.
To change this, we can use the Web of Trust used in GnuPG to infer trust relationships between freenet WoT IDs.
Practically that means:
Sehr geehrte Taz-Redaktion,
Update: Ja, geht! Einfach den entsprechenden Redakteur direkt anschreiben. Sie haben individuelle GnuPG Schlüssel.
Nachdem nun herausgekommen ist, dass letztes Jahr über 30 Millionen E-Mails abgehört wurden und dafür vermutlich fast alle E-Mails nach Schlüsselwörtern durchsucht wurden, würde mich interessieren, ob es möglich ist, Ihnen E-Mails verschlüsselt zu schicken, so dass diese nicht von Fremden gelesen werden können.
Entwurf eines einfachen Systems um Identitätsdiebstahl durch Übernahme von Login-Accounts zu verhindern: Lade beim Anmelden deinen öffentlichen GnuPG Schlüssel hoch. Wird dein Acount übernommen, weist du deine Identität mit einer signierten E-Mail nach.