OpenKeychain
age
Our great sponsors
| OpenKeychain | age | |
|---|---|---|
| 23 | 177 | |
| 1,850 | 12,770 | |
| 1.6% | - | |
| 0.0 | 8.4 | |
| 4 days ago | 25 days ago | |
| Java | Go | |
| GNU General Public License v3.0 only | BSD 3-clause "New" or "Revised" License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
OpenKeychain
-
YubiKey 5C NFC no PIN prompt on Android for OpenPGP decrypt
In addition to my PC set up I am also using the Android Password Store in combination with OpenKeyChain. Everything works fine except that decrypting any password simply works without requiring my PIN. I've tried both USB C connection and NFC and neither interface requires the PIN.
-
OsmAnd (OpenStreetMap) 4.3 for Android is fast with a new rendering engine
OpenKeychain is an Android app for doing some basic GPG related work. It can verify signatures (hidden in the "encrypt/decrypt" menu)
Also it integrates i.e. with K-9 mail to sign and verify.
-
Any foss encryption software for android?
I don't know what features you are looking for in encryption software but OpenKeychain is foss, audited and works just fine if you just want basic encryption/decryption/signing.
-
⟳ 0 apps added, 37 updated at f-droid.org
OpenKeychain: Easy PGP (version 5.8.0): Encrypt your Files and Communications. Compatible with the OpenPGP Standard.
-
Suggestion regarding the privacy email providers with better search and spam filtering capabilty
I use mailbox.org with the encrypted inbox, Mozilla Thunderbird on desktop, and FairEmail + OpenKeychain on Android. I think StartMail is the only other one of those four options that supports standard IMAP and SMTP.
-
Any cool uses for the Yubikey?
On Android OpenKeychain, TermBot, and K-9 Mail, are awesome.
-
Free, open-source encryption software for Windows and Android
I would try openpgp, you can use https://www.gpg4win.org/ on windows and https://github.com/open-keychain/open-keychain (not actively developed, if someone knows a good alternative please comment) for android.
- Any way to encrypt files?
-
Should i encrypt my file when using a "secure cloud"?
Openkeychain is a good gnupg encryption tool for Android. https://www.openkeychain.org/. It mostly is for using gnupg for email encryption, but you can also use it for file encryption too.
- Mercredi Tech - 2021-09-15
age
-
SSH Whoami.filippo.io
I think it's pretty clever, and demonstrates something very powerful about GitHub's position as de facto global code repository: you can get a strong cryptographic identity for (almost) anyone on the service, which you can then sign/encrypt to, verify for, etc.
age (another tool of Filippo's) leverages this to make encrypting to any GitHub user easy[1].
[1]: https://github.com/FiloSottile/age#encrypting-to-a-github-us...
-
Add the same key to a retired PIV slot of two different Yubikey's
`age` is a file encryption tool that is much more GPG. See https://github.com/FiloSottile/age
-
age.el: age encryption support for Emacs
Since I'm starting to purge gpg out of my life, but do depend on it heavily for keeping my org notes and authinfo encrypted, I needed an epa/epg-style transparent encryption support for age (https://github.com/FiloSottile/age). As such I ported the relevant epa/epg code and reworked it to work with age.
-
Pa – a simple password manager based on age
age in question, in case you were as confused as I was by what that means: https://github.com/FiloSottile/age
> I don't think age does any real password extension.
Did you even bother to check?
https://github.com/FiloSottile/age/blob/main/scrypt.go
This isn't exactly hidden.
-
I am Filippo Valsorda, Go cryptography maintainer, Ask Me Anything (2022 edition)
I left Google in May, where I was the lead of the Go Security Team. I am now a professional independent Open Source maintainer and amongst other things I work on the crypto in the Go standard library and in golang.org/x/crypto, including ciphers and "fun" elliptic curve implementations. I made tools like mkcert and age. I write a newsletter and I post on Mastodon. I have opinions on PGP and crypto APIs. I made the Heartbleed test once upon a time. I'm Italian and firmly anti-fascist.
-
Encrypted USB Drives in Fedora that are cross-compatible with Windows.
If you want to encrypt any file, I can highly recommend age tool,
-
Where do you store encryption keys?
GNU pass, encryption with age key stored on a yubikey, and stored on a private git repo (native feature of pass)
-
Encrypt/decrypt files with the OpenSSL CLI
I like the fact that your script is simple, and uses a ubiquitous library! But I do have a few suggestions:
1. You may be using an older version of openssl, but with modern versions, add the `-pbkdf2` option for much saner key derivation.
2. With modern versions of openssl, the `-salt` option is on by default, so you don't need to specify it explicitly (and you almost certainly want this option on, versus not using a salt or generating one yourself).
3. Since no AEAD modes are available with this tool, CTR mode (the `-aes-256-ctr` option) might be the best mode to use with AES (see https://security.stackexchange.com/questions/27776/block-cha...).
4. Alternatively, you might prefer to use ChaCha20 (the `-chacha20` option) over AES (see https://crypto.stackexchange.com/questions/34455/whats-the-a...).
So I would suggest this for the encryption command (instead of `openssl enc -aes-256-cbc -salt -a`):
> openssl enc -chacha20 -pbkdf2 -a
Also, instead of using openssl, you might prefer to use `age`, as it uses modern crypto best practices by default (see https://age-encryption.org/). With it, you could substitute this encryption command for the above:
> age -p -a
-
Alternatives to encrypting a message that only the recipient can decrypt
But if you need to send an encrypted message to someone who will not be able to reply (but whose public key you already have), you can't use Diffie-Hellman. PGP used to be the way to do this, but it's gotten quite old, Age encryption is a good modern program targeted to this sort of use-case. It's important to keep in mind here that without Diffie-Hellman, you have no forward secrecy, meaning all encrypted messages are sent to the same key which can all be decrypted if that key is later compromised.
What are some alternatives?
sops - Simple and flexible tool for managing secrets
Picocrypt - A very small, very simple, yet very secure encryption tool.
rage - A simple, secure and modern encryption tool (and Rust library) with small explicit keys, no config options, and UNIX-style composability.
Android-Password-Store - Android application compatible with ZX2C4's Pass command line application
age-plugin-yubikey - YubiKey plugin for age
minisign - A dead simple tool to sign files and verify digital signatures.
OkcAgent - A utility that makes OpenKeychain available in your Termux shell
redux - Predictable state container for JavaScript apps
poetry2nix - Convert poetry projects to nix automagically [[email protected]]
Android-Templates-And-Utilities - Collection of source codes, utilities, templates and snippets for Android development.
git-crypt - Transparent file encryption in git
secure-preferences - Android Shared preference wrapper than encrypts the values of Shared Preferences. It's not bullet proof security but rather a quick win for incrementally making your android app more secure.