<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
  <channel>
    <title>Introduction on OpenPGP.foo</title>
    <link>https://openpgp.foo/</link>
    <description>Recent content in Introduction on OpenPGP.foo</description>
    <generator>Hugo</generator>
    <language>en-us</language>
    <lastBuildDate>Wed, 03 Jun 2026 00:00:00 +0000</lastBuildDate>
    <atom:link href="https://openpgp.foo/index.xml" rel="self" type="application/rss+xml" />
    <item>
      <title>Intro</title>
      <link>https://openpgp.foo/learn/intro/</link>
      <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
      <guid>https://openpgp.foo/learn/intro/</guid>
      <description>&lt;h1 id=&#34;intro-looking-at-the-basics-of-openpgp&#34;&gt;&#xA;  Intro: Looking at the basics of OpenPGP&#xA;  &lt;a class=&#34;anchor&#34; href=&#34;#intro-looking-at-the-basics-of-openpgp&#34;&gt;#&lt;/a&gt;&#xA;&lt;/h1&gt;&#xA;&lt;p&gt;This series of articles aims to teach the concepts of OpenPGP, mostly from the perspective of a user.&lt;/p&gt;&#xA;&lt;p&gt;The main goal of these texts is empowerment. My underlying belief is that OpenPGP is &lt;em&gt;much&lt;/em&gt; less complex and hard to learn than it might seem.&lt;/p&gt;&#xA;&lt;p&gt;Please &lt;a href=&#34;../../about/#who&#34;&gt;get in touch&lt;/a&gt;, if any of the content here is confusing, or if there&amp;rsquo;s material you wish existed, but is currently missing!&lt;/p&gt;</description>
    </item>
    <item>
      <title>rsop - Stateless OpenPGP (SOP)</title>
      <link>https://openpgp.foo/tools/rsop/</link>
      <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
      <guid>https://openpgp.foo/tools/rsop/</guid>
      <description>&lt;h1 id=&#34;rsop&#34;&gt;&#xA;  rsop&#xA;  &lt;a class=&#34;anchor&#34; href=&#34;#rsop&#34;&gt;#&lt;/a&gt;&#xA;&lt;/h1&gt;&#xA;&lt;p&gt;rsop is a &lt;a href=&#34;https://openpgp.foo/learn/sop&#34;&gt;Stateless OpenPGP (SOP)&lt;/a&gt; CLI tool:&#xA;&lt;a href=&#34;https://crates.io/crates/rsop/&#34;&gt;https://crates.io/crates/rsop/&lt;/a&gt;&lt;/p&gt;&#xA;&lt;p&gt;Like all SOP tools, &lt;code&gt;rsop&lt;/code&gt; enables users to perform common OpenPGP operations with a common simple CLI interface.&lt;/p&gt;&#xA;&lt;p&gt;For an introduction to SOP, see the &amp;ldquo;Learn&amp;rdquo; section of this site, which walks through a range of operations and how they can be performed with SOP tools.&lt;/p&gt;&#xA;&lt;h2 id=&#34;architectural-layering-of-rsop&#34;&gt;&#xA;  Architectural layering of rsop&#xA;  &lt;a class=&#34;anchor&#34; href=&#34;#architectural-layering-of-rsop&#34;&gt;#&lt;/a&gt;&#xA;&lt;/h2&gt;&#xA;&lt;p&gt;&lt;code&gt;rsop&lt;/code&gt; is a modular project. Its two main components are rPGP and rpgpie.&lt;/p&gt;</description>
    </item>
    <item>
      <title>Stateless OpenPGP (&#34;SOP&#34;)</title>
      <link>https://openpgp.foo/learn/sop/</link>
      <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
      <guid>https://openpgp.foo/learn/sop/</guid>
      <description>&lt;h1 id=&#34;stateless-openpgp-sop&#34;&gt;&#xA;  Stateless OpenPGP (SOP)&#xA;  &lt;a class=&#34;anchor&#34; href=&#34;#stateless-openpgp-sop&#34;&gt;#&lt;/a&gt;&#xA;&lt;/h1&gt;&#xA;&lt;p&gt;The &amp;ldquo;Stateless OpenPGP Command Line Interface&amp;rdquo; is an evolving &lt;a href=&#34;https://datatracker.ietf.org/doc/draft-dkg-openpgp-stateless-cli/&#34;&gt;specification&lt;/a&gt; of a vendor-agnostic way to use OpenPGP.&#xA;The SOP specification outlines a &amp;ldquo;generic stateless command-line interface for dealing with OpenPGP messages, certificates, and secret key material&amp;rdquo;.&lt;/p&gt;&#xA;&lt;p&gt;&lt;a href=&#34;https://www.ietf.org/archive/id/draft-dkg-openpgp-stateless-cli-13.html#name-known-implementations&#34;&gt;Many tools&lt;/a&gt;, based on a wide range of OpenPGP libraries, implement the SOP standard.&lt;/p&gt;&#xA;&lt;p&gt;In this text we will often use SOP tools to explore OpenPGP concepts, since they are (by design) both easy to use and easy to reason about.&lt;/p&gt;</description>
    </item>
    <item>
      <title>Hello World in OpenPGP - encrypting a message</title>
      <link>https://openpgp.foo/learn/hello_world/</link>
      <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
      <guid>https://openpgp.foo/learn/hello_world/</guid>
      <description>&lt;h1 id=&#34;hello-world-in-openpgp&#34;&gt;&#xA;  &amp;ldquo;Hello World&amp;rdquo; in OpenPGP&#xA;  &lt;a class=&#34;anchor&#34; href=&#34;#hello-world-in-openpgp&#34;&gt;#&lt;/a&gt;&#xA;&lt;/h1&gt;&#xA;&lt;p&gt;In programming language introductions, it&amp;rsquo;s customary to show a &lt;a href=&#34;https://en.wikipedia.org/wiki/%22Hello,_World!%22_program&#34;&gt;program that prints &amp;ldquo;Hello World&amp;rdquo;&lt;/a&gt;.&lt;/p&gt;&#xA;&lt;p&gt;For this series of articles, we&amp;rsquo;ll start with the equivalent for OpenPGP: We&amp;rsquo;ll create a new key, encrypt a message to it, and decrypt it again.&lt;/p&gt;&#xA;&lt;h2 id=&#34;making-a-new-private-key&#34;&gt;&#xA;  Making a new &amp;ldquo;private key&amp;rdquo;&#xA;  &lt;a class=&#34;anchor&#34; href=&#34;#making-a-new-private-key&#34;&gt;#&lt;/a&gt;&#xA;&lt;/h2&gt;&#xA;&lt;p&gt;To make a new key with SOP, we can run a SOP command like this:&lt;/p&gt;&#xA;&lt;div class=&#34;highlight&#34;&gt;&lt;pre tabindex=&#34;0&#34; style=&#34;color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;&#34;&gt;&lt;code class=&#34;language-shell&#34; data-lang=&#34;shell&#34;&gt;&lt;span style=&#34;display:flex;&#34;&gt;&lt;span&gt;rsop generate-key alice &amp;gt; alice.tsk&#xA;&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;This produces an output file named &lt;code&gt;alice.tsk&lt;/code&gt;, which contains a new OpenPGP private key. The parameter &lt;code&gt;alice&lt;/code&gt; is used as an identity that is associated with the key, and contained in it.&lt;/p&gt;</description>
    </item>
    <item>
      <title>oct - OpenPGP card tool</title>
      <link>https://openpgp.foo/tools/oct/</link>
      <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
      <guid>https://openpgp.foo/tools/oct/</guid>
      <description>&lt;h1 id=&#34;openpgp-card-tool-oct&#34;&gt;&#xA;  openpgp-card-tool &amp;ldquo;oct&amp;rdquo;&#xA;  &lt;a class=&#34;anchor&#34; href=&#34;#openpgp-card-tool-oct&#34;&gt;#&lt;/a&gt;&#xA;&lt;/h1&gt;&#xA;&lt;p&gt;The oct CLI tool for inspecting, configuring and using OpenPGP card devices.&lt;/p&gt;&#xA;&lt;p&gt;&lt;a href=&#34;https://crates.io/crates/openpgp-card-tools/&#34;&gt;https://crates.io/crates/openpgp-card-tools/&lt;/a&gt;&lt;/p&gt;&#xA;&lt;h2 id=&#34;openpgp-card-devices&#34;&gt;&#xA;  OpenPGP card devices&#xA;  &lt;a class=&#34;anchor&#34; href=&#34;#openpgp-card-devices&#34;&gt;#&lt;/a&gt;&#xA;&lt;/h2&gt;&#xA;&lt;p&gt;&lt;a href=&#34;https://en.wikipedia.org/wiki/OpenPGP_card&#34;&gt;OpenPGP card&lt;/a&gt; devices are a type of hardware security module, specifically aimed at use with OpenPGP.&lt;/p&gt;&#xA;&lt;p&gt;Commonly used OpenPGP card brands and devices include Nitrokey, YubiKey and the Free Software/Open Hardware Gnuk project.&lt;/p&gt;&#xA;&lt;p&gt;The point of OpenPGP card devices is to handle private key material outside the host computer. This ensures that the private key material as such can&amp;rsquo;t be exfiltrated even when the user&amp;rsquo;s host computer is fully compromised.&lt;/p&gt;</description>
    </item>
    <item>
      <title>rsop-oct - SOP for OpenPGP card</title>
      <link>https://openpgp.foo/tools/rsop-oct/</link>
      <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
      <guid>https://openpgp.foo/tools/rsop-oct/</guid>
      <description>&lt;h1 id=&#34;rsop-oct-rsoct&#34;&gt;&#xA;  rsop-oct (rsoct)&#xA;  &lt;a class=&#34;anchor&#34; href=&#34;#rsop-oct-rsoct&#34;&gt;#&lt;/a&gt;&#xA;&lt;/h1&gt;&#xA;&lt;p&gt;A &lt;a href=&#34;https://openpgp.foo/learn/sop&#34;&gt;Stateless OpenPGP (SOP)&lt;/a&gt; CLI tool based on rPGP, for use with OpenPGP card devices&lt;/p&gt;&#xA;&lt;p&gt;&lt;a href=&#34;https://crates.io/crates/rsop-oct/&#34;&gt;https://crates.io/crates/rsop-oct/&lt;/a&gt;&lt;/p&gt;&#xA;&lt;p&gt;&lt;code&gt;rsoct&lt;/code&gt; is a sibling project of &lt;a href=&#34;../rsop&#34;&gt;rsop&lt;/a&gt;. It supports private key operations backed by an OpenPGP card device.&lt;/p&gt;&#xA;&lt;p&gt;Specifically, &lt;code&gt;rsoct&lt;/code&gt; can currently be used for &lt;code&gt;decrypt&lt;/code&gt;, &lt;code&gt;sign&lt;/code&gt; and &lt;code&gt;inline-sign&lt;/code&gt; operations backed by private key material on an OpenPGP card device.&lt;/p&gt;&#xA;&lt;p&gt;When running &lt;code&gt;rsoct&lt;/code&gt;, users can provide their OpenPGP certificate (aka &amp;ldquo;public key&amp;rdquo;) instead of a transferable secret key (TSK). The tool then automatically finds and uses the matching OpenPGP card device with the suitable key material.&lt;/p&gt;</description>
    </item>
    <item>
      <title>Types of OpenPGP data</title>
      <link>https://openpgp.foo/learn/openpgp_stuff/</link>
      <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
      <guid>https://openpgp.foo/learn/openpgp_stuff/</guid>
      <description>&lt;h1 id=&#34;the-stuff-openpgp-is-made-of&#34;&gt;&#xA;  The stuff OpenPGP is made of&#xA;  &lt;a class=&#34;anchor&#34; href=&#34;#the-stuff-openpgp-is-made-of&#34;&gt;#&lt;/a&gt;&#xA;&lt;/h1&gt;&#xA;&lt;p&gt;In the previous chapter we made a new private key, extracted the public-facing certificate, and encrypted a message.&lt;/p&gt;&#xA;&lt;p&gt;This already covers most of the existing types of OpenPGP data. In this article we&amp;rsquo;ll take stock of all the types of artifacts that exist in the world of OpenPGP.&lt;/p&gt;&#xA;&lt;h2 id=&#34;key-material-certificates-and-private-keys&#34;&gt;&#xA;  Key material: Certificates and private keys&#xA;  &lt;a class=&#34;anchor&#34; href=&#34;#key-material-certificates-and-private-keys&#34;&gt;#&lt;/a&gt;&#xA;&lt;/h2&gt;&#xA;&lt;p&gt;The central element that all OpenPGP operations revolve around is the &lt;a href=&#34;https://openpgp.dev/book/cryptography.html#public-key-asymmetric-cryptography&#34;&gt;(asymmetric) cryptographic key material&lt;/a&gt; that OpenPGP public keys (certificates) and private/secret keys (often in the form of &amp;ldquo;transferable secret keys&amp;rdquo;) are made of.&lt;/p&gt;</description>
    </item>
    <item>
      <title>Exploring signatures</title>
      <link>https://openpgp.foo/learn/signatures/</link>
      <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
      <guid>https://openpgp.foo/learn/signatures/</guid>
      <description>&lt;h1 id=&#34;data-signatures&#34;&gt;&#xA;  Data Signatures&#xA;  &lt;a class=&#34;anchor&#34; href=&#34;#data-signatures&#34;&gt;#&lt;/a&gt;&#xA;&lt;/h1&gt;&#xA;&lt;p&gt;&lt;a href=&#34;https://openpgp.dev/book/signing_data.html&#34;&gt;(Data) signatures&lt;/a&gt; are a cryptographic tool to demonstrate the authenticity of some data.&lt;/p&gt;&#xA;&lt;p&gt;In the narrowest sense, a data signature shows that some &lt;em&gt;signer&lt;/em&gt; has used their key to issue a cryptographic statement about some data (such as an email message, or a source code archive).&lt;/p&gt;&#xA;&lt;p&gt;Typically, OpenPGP data signatures signal either authorship (such as &amp;ldquo;this email has been written by me&amp;rdquo;), or approval (such as &amp;ldquo;this project certifies that this source code archive contains an official release of ours&amp;rdquo;)&lt;/p&gt;</description>
    </item>
    <item>
      <title>ocsa - SSH Agent for OpenPGP cards</title>
      <link>https://openpgp.foo/tools/ocsa/</link>
      <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
      <guid>https://openpgp.foo/tools/ocsa/</guid>
      <description>&lt;h1 id=&#34;openpgp-card-ssh-agent&#34;&gt;&#xA;  openpgp-card-ssh-agent&#xA;  &lt;a class=&#34;anchor&#34; href=&#34;#openpgp-card-ssh-agent&#34;&gt;#&lt;/a&gt;&#xA;&lt;/h1&gt;&#xA;&lt;p&gt;A standalone SSH Agent for use with OpenPGP cards.&lt;/p&gt;&#xA;&lt;p&gt;&lt;a href=&#34;https://crates.io/crates/openpgp-card-ssh-agent&#34;&gt;https://crates.io/crates/openpgp-card-ssh-agent&lt;/a&gt;&lt;/p&gt;&#xA;&lt;p&gt;This SSH Agent tool aims for simple and enjoyable UX (including desktop notifications for touch confirmation).&#xA;It serves the same purpose as the ssh agent feature in the &lt;code&gt;gpg-agent&lt;/code&gt; tool. However, this tool always uses &lt;code&gt;pcscd&lt;/code&gt; to access cards (and never locks them for exclusive use).&lt;/p&gt;&#xA;&lt;p&gt;See the project documentation above to learn about setting up and using &lt;code&gt;openpgp-card-ssh-agent&lt;/code&gt;.&lt;/p&gt;</description>
    </item>
    <item>
      <title>ASCII Armor</title>
      <link>https://openpgp.foo/learn/armor/</link>
      <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
      <guid>https://openpgp.foo/learn/armor/</guid>
      <description>&lt;h1 id=&#34;ascii-armor&#34;&gt;&#xA;  &amp;ldquo;ASCII Armor&amp;rdquo;&#xA;  &lt;a class=&#34;anchor&#34; href=&#34;#ascii-armor&#34;&gt;#&lt;/a&gt;&#xA;&lt;/h1&gt;&#xA;&lt;p&gt;One of the properties of OpenPGP that is recognizable to many is its &amp;ldquo;armored&amp;rdquo; format.&lt;/p&gt;&#xA;&lt;p&gt;For example, certificates (aka public keys) are often seen in armored form like this:&lt;/p&gt;&#xA;&lt;pre tabindex=&#34;0&#34;&gt;&lt;code&gt;-----BEGIN PGP PUBLIC KEY BLOCK-----&#xA;&#xA;xjMEaApiDxYJKwYBBAHaRw8BAQdALKjyvqcoQ37MMHV5cIyEZjSK/XxnIAa/L/3c&#xA;ixX5hkvNBWFsaWNlwpgEEBYIAEAFAmgKYg8WIQTQbolGjae+MmwHtzdpyBjxHjuH&#xA;[..]&#xA;=4FiZ&#xA;-----END PGP PUBLIC KEY BLOCK-----&#xA;&lt;/code&gt;&lt;/pre&gt;&lt;h2 id=&#34;ascii-armored-vs-binary&#34;&gt;&#xA;  ASCII armored vs. binary&#xA;  &lt;a class=&#34;anchor&#34; href=&#34;#ascii-armored-vs-binary&#34;&gt;#&lt;/a&gt;&#xA;&lt;/h2&gt;&#xA;&lt;p&gt;Almost all OpenPGP data can be represented in two formats, which contain the exact same information, and are at least in theory totally interchangeable:&lt;/p&gt;</description>
    </item>
    <item>
      <title>oct-git - Git signing with OpenPGP cards</title>
      <link>https://openpgp.foo/tools/oct-git/</link>
      <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
      <guid>https://openpgp.foo/tools/oct-git/</guid>
      <description>&lt;h1 id=&#34;oct-git&#34;&gt;&#xA;  oct-git&#xA;  &lt;a class=&#34;anchor&#34; href=&#34;#oct-git&#34;&gt;#&lt;/a&gt;&#xA;&lt;/h1&gt;&#xA;&lt;p&gt;Git signing and verification with a focus on OpenPGP cards.&lt;/p&gt;&#xA;&lt;p&gt;&lt;a href=&#34;https://crates.io/crates/openpgp-card-tool-git&#34;&gt;https://crates.io/crates/openpgp-card-tool-git&lt;/a&gt;&lt;/p&gt;&#xA;&lt;p&gt;&lt;code&gt;oct-git&lt;/code&gt; can act as a replacement for one mode of operation of the &lt;code&gt;gpg&lt;/code&gt; tool, specifically as it is combined with the &lt;code&gt;git&lt;/code&gt; version control tool.&lt;/p&gt;&#xA;&lt;h2 id=&#34;signing&#34;&gt;&#xA;  Signing&#xA;  &lt;a class=&#34;anchor&#34; href=&#34;#signing&#34;&gt;#&lt;/a&gt;&#xA;&lt;/h2&gt;&#xA;&lt;p&gt;&lt;code&gt;git&lt;/code&gt; can optionally use an external tool (such as &lt;code&gt;oct-git&lt;/code&gt;, or historically &lt;code&gt;gpg&lt;/code&gt;) to produce cryptographic signatures for &amp;ldquo;commits&amp;rdquo; or &amp;ldquo;tags&amp;rdquo;.&lt;/p&gt;&#xA;&lt;p&gt;Issuing signatures is a private-key based operation, which &lt;code&gt;oct-git&lt;/code&gt; can perform on an OpenPGP card.&lt;/p&gt;</description>
    </item>
    <item>
      <title>OpenPGP mechanisms</title>
      <link>https://openpgp.foo/learn/mechanisms/</link>
      <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
      <guid>https://openpgp.foo/learn/mechanisms/</guid>
      <description>&lt;h1 id=&#34;openpgp-mechanisms&#34;&gt;&#xA;  OpenPGP mechanisms&#xA;  &lt;a class=&#34;anchor&#34; href=&#34;#openpgp-mechanisms&#34;&gt;#&lt;/a&gt;&#xA;&lt;/h1&gt;&#xA;&lt;p&gt;OpenPGP acts as a toolkit that offers a variety of operations, which may be combined to achieve a variety of goals.&lt;/p&gt;&#xA;&lt;h2 id=&#34;encryption&#34;&gt;&#xA;  Encryption&#xA;  &lt;a class=&#34;anchor&#34; href=&#34;#encryption&#34;&gt;#&lt;/a&gt;&#xA;&lt;/h2&gt;&#xA;&lt;p&gt;Encryption, which provides confidentiality, is one central facility of OpenPGP.&lt;/p&gt;&#xA;&lt;p&gt;In a way, encryption is the most non-negotiable element of OpenPGP: When a message is encrypted, only actors who have access to a suitable secret are able to access the contained data.&lt;/p&gt;</description>
    </item>
    <item>
      <title>File encryption with SOP/OpenPGP (and age)</title>
      <link>https://openpgp.foo/posts/2026-06-file-encryption/</link>
      <pubDate>Wed, 03 Jun 2026 00:00:00 +0000</pubDate>
      <guid>https://openpgp.foo/posts/2026-06-file-encryption/</guid>
      <description>&lt;p&gt;This article explores file encryption with &lt;a href=&#34;https://www.ietf.org/archive/id/draft-dkg-openpgp-stateless-cli-15.html&#34;&gt;Stateless OpenPGP (SOP)&lt;/a&gt; tools, and contrasts this use of SOP with the &lt;code&gt;age&lt;/code&gt; tool.&lt;/p&gt;&#xA;&lt;p&gt;SOP is a CLI standard for (vendor-agnostic) OpenPGP tools. There are &lt;a href=&#34;https://www.ietf.org/archive/id/draft-dkg-openpgp-stateless-cli-15.html#name-known-implementations&#34;&gt;numerous independent implementations&lt;/a&gt; of SOP, based on a variety of OpenPGP implementations in different languages.&lt;/p&gt;&#xA;&lt;h2 id=&#34;the-msop-implementation-of-sop&#34;&gt;&#xA;  The msop implementation of SOP&#xA;  &lt;a class=&#34;anchor&#34; href=&#34;#the-msop-implementation-of-sop&#34;&gt;#&lt;/a&gt;&#xA;&lt;/h2&gt;&#xA;&lt;p&gt;In this article, we&amp;rsquo;ll use the &lt;code&gt;msop&lt;/code&gt; implementation of SOP. It is based on the very small &lt;a href=&#34;https://minipgp6.org&#34;&gt;&lt;em&gt;minipgp6&lt;/em&gt;&lt;/a&gt; Rust library. minipgp6 supports only a narrow modern set of algorithms, with v6 keys as specified in &lt;a href=&#34;https://www.rfc-editor.org/rfc/rfc9580.html&#34;&gt;RFC 9580&lt;/a&gt; and comes with native support for &lt;a href=&#34;https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-pqc&#34;&gt;PQC&lt;/a&gt;.&lt;/p&gt;</description>
    </item>
    <item>
      <title>rsop now decrypts GnuPG-proprietary messages</title>
      <link>https://openpgp.foo/posts/2025-09-rsop-decrypt-gnupg-proprietary/</link>
      <pubDate>Thu, 25 Sep 2025 00:00:00 +0000</pubDate>
      <guid>https://openpgp.foo/posts/2025-09-rsop-decrypt-gnupg-proprietary/</guid>
      <description>&lt;p&gt;This is a short writeup about a new feature in the &lt;code&gt;rsop&lt;/code&gt; CLI tool:&lt;/p&gt;&#xA;&lt;p&gt;Since version 0.8.0, &lt;code&gt;rsop&lt;/code&gt; can decrypt a GnuPG-proprietary message encryption format.&lt;/p&gt;&#xA;&lt;h1 id=&#34;gnupg-sometimes-produces-non-standard-encrypted-messages&#34;&gt;&#xA;  GnuPG sometimes produces non-standard encrypted messages&#xA;  &lt;a class=&#34;anchor&#34; href=&#34;#gnupg-sometimes-produces-non-standard-encrypted-messages&#34;&gt;#&lt;/a&gt;&#xA;&lt;/h1&gt;&#xA;&lt;p&gt;Unfortunately, under some circumstances, GnuPG produces encrypted messages that are &lt;a href=&#34;https://wiki.archlinux.org/title/GnuPG#OpenPGP_compatibility&#34;&gt;not compatible with the OpenPGP standard&lt;/a&gt;. This issue started in its 2.4.x series. GnuPG calls its proprietary format &amp;ldquo;OCB encrypted data&amp;rdquo;.&lt;/p&gt;&#xA;&lt;p&gt;However, note that practically all big Linux distributions &lt;a href=&#34;https://freepg.org/&#34;&gt;disable these GnuPG non-standard formats&lt;/a&gt;&#xA;in their versions of the GnuPG package by default.&#xA;So on most Linux distributions, if you follow along with the CLI calls in this article, you will end up producing a standard OpenPGP encrypted message (and not the problematic format I&amp;rsquo;m demonstrating here).&#xA;Windows users of GnuPG on the other hand will usually use upstream GnuPG, without these safeguards!&lt;/p&gt;</description>
    </item>
    <item>
      <title>Inspecting OpenPGP certificates</title>
      <link>https://openpgp.foo/posts/2025-08-certificate-status/</link>
      <pubDate>Mon, 25 Aug 2025 00:00:00 +0000</pubDate>
      <guid>https://openpgp.foo/posts/2025-08-certificate-status/</guid>
      <description>&lt;p&gt;This article outlines using the new &lt;code&gt;rpgp&lt;/code&gt; CLI tool to inspect &lt;a href=&#34;https://openpgp.dev/book/certificates.html#certificates&#34;&gt;OpenPGP certificates&lt;/a&gt; (aka &amp;ldquo;public keys&amp;rdquo;)&lt;sup id=&#34;fnref:1&#34;&gt;&lt;a href=&#34;#fn:1&#34; class=&#34;footnote-ref&#34; role=&#34;doc-noteref&#34;&gt;1&lt;/a&gt;&lt;/sup&gt;.&lt;/p&gt;&#xA;&lt;p&gt;The &lt;code&gt;rpgp&lt;/code&gt; tool is available as part of the &lt;a href=&#34;https://crates.io/crates/rpgpie&#34;&gt;&lt;code&gt;rpgpie&lt;/code&gt;&lt;/a&gt; crate. This article describes the tool as of rpgpie version 0.6.6.&lt;/p&gt;&#xA;&lt;p&gt;&lt;code&gt;rpgp&lt;/code&gt; can be installed with the Rust &lt;a href=&#34;https://doc.rust-lang.org/cargo/&#34;&gt;&lt;code&gt;cargo&lt;/code&gt;&lt;/a&gt; tool like this: &lt;code&gt;cargo install rpgpie --features=cli&lt;/code&gt;).&lt;/p&gt;&#xA;&lt;h2 id=&#34;different-views-of-openpgp-certificate-internals&#34;&gt;&#xA;  Different views of OpenPGP certificate internals&#xA;  &lt;a class=&#34;anchor&#34; href=&#34;#different-views-of-openpgp-certificate-internals&#34;&gt;#&lt;/a&gt;&#xA;&lt;/h2&gt;&#xA;&lt;p&gt;The &lt;code&gt;rpgp&lt;/code&gt; tool can show information about OpenPGP certificates in two different modes:&lt;/p&gt;</description>
    </item>
    <item>
      <title>Using a second OpenPGP card for my primary key</title>
      <link>https://openpgp.foo/posts/2025-07-a-second-card/</link>
      <pubDate>Mon, 14 Jul 2025 00:00:00 +0000</pubDate>
      <guid>https://openpgp.foo/posts/2025-07-a-second-card/</guid>
      <description>&lt;h1 id=&#34;personal-blog-one-more-openpgp-card&#34;&gt;&#xA;  Personal blog: One more OpenPGP card&#xA;  &lt;a class=&#34;anchor&#34; href=&#34;#personal-blog-one-more-openpgp-card&#34;&gt;#&lt;/a&gt;&#xA;&lt;/h1&gt;&#xA;&lt;p&gt;This is a writeup about my &lt;a href=&#34;https://en.wikipedia.org/wiki/OpenPGP_card&#34;&gt;OpenPGP card&lt;/a&gt; setup.&lt;/p&gt;&#xA;&lt;p&gt;It&amp;rsquo;s a mix of general observations about OpenPGP card devices and a report about setting up a secondary OpenPGP&#xA;card for myself.&lt;/p&gt;&#xA;&lt;h2 id=&#34;disclaimer&#34;&gt;&#xA;  Disclaimer&#xA;  &lt;a class=&#34;anchor&#34; href=&#34;#disclaimer&#34;&gt;#&lt;/a&gt;&#xA;&lt;/h2&gt;&#xA;&lt;p&gt;This article describes a relatively involved setup consisting of two OpenPGP card hardware security devices.&lt;/p&gt;&#xA;&lt;p&gt;I&amp;rsquo;m describing this setup merely because it is what I currently use, not because I think anyone should mimic it.&#xA;If you&amp;rsquo;d rather not use hardware cryptographic devices, then more power to you!&lt;sup id=&#34;fnref:1&#34;&gt;&lt;a href=&#34;#fn:1&#34; class=&#34;footnote-ref&#34; role=&#34;doc-noteref&#34;&gt;1&lt;/a&gt;&lt;/sup&gt;&lt;/p&gt;</description>
    </item>
    <item>
      <title>Post-quantum cryptography</title>
      <link>https://openpgp.foo/posts/2025-05-pqc/</link>
      <pubDate>Mon, 12 May 2025 00:00:00 +0000</pubDate>
      <guid>https://openpgp.foo/posts/2025-05-pqc/</guid>
      <description>&lt;h1 id=&#34;post-quantum-cryptography-pqc&#34;&gt;&#xA;  Post-quantum cryptography (PQC)&#xA;  &lt;a class=&#34;anchor&#34; href=&#34;#post-quantum-cryptography-pqc&#34;&gt;#&lt;/a&gt;&#xA;&lt;/h1&gt;&#xA;&lt;p&gt;&lt;a href=&#34;https://en.wikipedia.org/wiki/Post-quantum_cryptography&#34;&gt;Post-quantum cryptography (PQC)&lt;/a&gt; is a branch of cryptography that develops algorithms which are thought to be secure against attacks using hypothetical &lt;a href=&#34;https://en.wikipedia.org/wiki/Quantum_computing&#34;&gt;quantum computers&lt;/a&gt; (which don&amp;rsquo;t exist right now, but may be developed in the future).&lt;/p&gt;&#xA;&lt;p&gt;Development and deployment of such algorithms defends against potential future attacks (in case relevant quantum computers materialize).&lt;/p&gt;&#xA;&lt;p&gt;Defense against potential future attacks with quantum computers is of particular interest for &lt;em&gt;encryption&lt;/em&gt;. In particular when it is relevant if an attacker might store encrypted communication and decrypt it in the future.&#xA;Defending against such an attack requires deployment of countermeasures well before the attack becomes practical.&lt;/p&gt;</description>
    </item>
  </channel>
</rss>
