This is a short writeup about a new feature in the rsop CLI tool:

Since version 0.8.0, rsop can decrypt a GnuPG-proprietary message encryption format.

GnuPG sometimes produces non-standard encrypted messages #

Unfortunately, under some circumstances, GnuPG may produce encrypted messages that are not compatible with the OpenPGP standard. This issue started in its 2.4.x series. GnuPG calls this format “OCB encrypted message”.

However, note that practically all big Linux distributions disable these GnuPG non-standard formats in their GnuPG packages by default. So on most Linux distributions, if you follow along with the CLI calls in this article, you will end up producing a regular, standard OpenPGP encrypted message (and not the problematic format I’m demonstrating here). Windows users of GnuPG on the other hand will usually use upstream GnuPG, without these safeguards!

This article outlines using the new rpgp CLI tool to inspect OpenPGP certificates (aka “public keys”)¹.

The rpgp tool is available as part of the rpgpie crate. This article describes the tool as of rpgpie version 0.6.6.

rpgp can be installed with the Rust cargo tool like this: cargo install rpgpie --features=cli).

Different views of OpenPGP certificate internals #

The rpgp tool can show information about OpenPGP certificates in two different modes:

Personal blog: One more OpenPGP card #

This is a writeup about my OpenPGP card setup.

It’s a mix of general observations about OpenPGP card devices and a report about setting up a secondary OpenPGP card for myself.

Disclaimer #

This article describes a relatively involved setup consisting of two OpenPGP card hardware security devices.

I’m describing this setup merely because it is what I currently use, not because I think anyone should mimic it. If you’d rather not use hardware cryptographic devices, then more power to you!¹

Post-quantum cryptography (PQC) #

Post-quantum cryptography (PQC) is a branch of cryptography that develops algorithms which are thought to be secure against attacks using hypothetical quantum computers (which don’t exist right now, but may be developed in the future).

Development and deployment of such algorithms defends against potential future attacks (in case relevant quantum computers materialize).

Defense against potential future attacks with quantum computers is of particular interest for encryption. In particular when it is relevant if an attacker might store encrypted communication and decrypt it in the future. Defending against such an attack requires deployment of countermeasures well before the attack becomes practical.