gnupg
end-to-end
gnupg | end-to-end | |
---|---|---|
2 | 8 | |
663 | 4,133 | |
1.2% | 0.0% | |
9.4 | 0.0 | |
8 days ago | about 1 year ago | |
C | JavaScript | |
GNU General Public License v3.0 only | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
gnupg
- Expired SKS Keyserver Certificate on EVERY EOS install!
-
Olá a todos, recomendo o uso do PGP nas comunicações via email
Excelente sugestão, o projeto GPG é em código livre, é bem interessante também agregar no Thunderbird, vai ajudar bastante a comunidade...
end-to-end
-
age and authenticated encryption
[1] No warning on decrypting Tag 9 (no integrity protection) packets
-
A few questions for the dev…
In contrast, companies like Standard Notes actually uses their own home-built encryption library, which is why it's a bit more critical that they go through these audits more often and quickly than others. And despite the audits, this home-brewed encryption library puts them at a much bigger risk, due to the fact that it's never going to be as thoroughly battle tested as an open industry-standard encryption like OpenPGP, used by much larger companies like Google, Protonmail, etc.
- End-to-End Encryption Threat Model
-
End-to-end encryption messaging implementation
https://github.com/google/end-to-end ?
-
How to do E2EE in the Browser correctly if even possible?
When Google was looking at implementing E2E mail via a browser plugin, it gave up in part because of the difficulties of doing it right. They published the library and documentation, but the more valuable part was the threat model. In it they examine the assets to protect, threat sources both inside and outside the threat model, UI threats, message threats, key-related threats, cryptographic threats, and other threats. It's an excellent walk-through of just how difficult it is to do general encryption right, and why doing it in the browser is so hard.
-
Signal protocol security of messages
With that in mind, secure messaging in a browser is a nightmare. Google tried to figure out a way to do end-to-end in a browser, mostly in the context of e-mail but it could be extended to chat applications. They wrote up a threat model that you really should read. They identified five threat sources within the architecture and six more that they acknowledge but don't delve into. They also discuss four UI-based threats, four message-based, four key-based, and two cryptographic threats, and each of those threats has subthreats. Finally, they wrap with three "Other" threats. They dropped the project soon after.
-
Browser extension that makes any web app E2E encrypted?
Google E2E Library — Unsure how up-to-date this ... limited GitHub activity.
What are some alternatives?
OpenSSL - TLS/SSL and crypto library
openpgpjs - OpenPGP implementation for JavaScript
sshesame - An easy to set up and use SSH honeypot, a fake SSH server that lets anyone in and logs their activity
freedom-pgp-e2e - Wrapping up end-to-end code and provide in freedom custom API.
sryrms - SryRMS helps you in installing some popular proprietary as well as libre applications not available in the official repositories of Ubuntu.
otrv4 - Off-the-Record Messaging Protocol version 4. -This is a draft- This repository is a mirror of http://bugs.otr.im/otrv4/otrv4
odysee-api - API server for Odysee
PGP-Anywhere - Chrome browser extension to de- & encrypt PGP in your browser
endlessh - SSH tarpit that slowly sends an endless banner
2key-ratchet - 2key-ratchet is an implementation of a Double Ratchet protocol and X3DH in TypeScript utilizing WebCrypto.
libsodium - A modern, portable, easy to use crypto library.
2Password - 2Password: A cryptography experiment