Categories
Random Bits

kinspect – quickly look into PGP public key details

Sometimes I just need to look into the details of a PGP key that is provided in its “armored” form by some website (not everyone is publishing their keys to the keyservers).

Normally I would have to import that key to my keyring or save it into a file and use gnupg to visualize it (as it is described in this Stack Overflow answers).

To avoid this hassle I just created a simple page with a text area where you can paste the public key and it will display some basic information about it. Perhaps an extension would be a better approach, but for now this works for me.

You can use it on: https://kinspect.ovalerio.net

In case you would like to contribute in order to improve it or extend the information displayed about the keys, the source code is available on Github using a Free Software license: https://github.com/dethos/kinspect

Categories
Python Technology and Internet

Receive PGP encrypted emails, without the sender needing to know how to do it

One common trouble of people trying to secure their email communications with PGP, is that more often that not the other end doesn’t know how to use these kind of tools. I’ll be honest, at the current state the learning curve is too steep for the common user. This causes a huge deal of trouble when you desire to receive/sent sensitive information in a secure manner.

I will give you an example, a software development team helping a customer building his web business or application, may want to receive a wide variety of access keys to external services and APIs, that are in possession of the customer and are required (or useful) to be integrated in the project.

Lets assume that the customer is not familiarized with encryption tools, the probability of that sensitive material to be shared in an insecure way is too high, he might send it through a clear text email or post it on some shared document (or file). Both the previous situations are red flags, either by the communication channel not secure enough or the possibility of existing multiple copies of the information in different places with doubtful security, all of them in clear text.

In our recent “Whitesmith Hackathon”, one of the projects tried to address this issue. We though on a more direct approach to this situation based on the assumption that you will not be able to convince the customer into learning this kind of things. We called it Hawkpost, essentially it’s a website that makes use of OpenPGP.js, where you create unique links containing a form, that the user uses to submit any information, that will then be encrypted on his browser with your public key (without the need to install any extra software) and forwarded to your email address.

You can test and used it on https://hawkpost.co, but the project is open-source, so you can change it and deploy it on your own server if you prefer. It’s still in a green state at the moment, but we will continue improving the concept according with the received feedback. Check it out and tell us what you think.

Categories
Technology and Internet

Enigmail, passphrase issue

This is a short post where I try to explain the steps i followed to fix the behavior of Enigmail on my machine.

In the last few weeks i wasn’t able to use any signing and encryption capabilities on my emails due to a problem that showed an unclear error message.

I don’t remember the cause of the issue but it is somehow related to a fresh install of my current operating system (Ubuntu). So every time i tried to sign a message, the following error message showed up: “Error – Bad passphrase”, even without inserting any password. I searched on the web to see if it was a common problem and most of the answers were related with the cache of “gpg-agent” and how to clean it. I tried most of the solutions without success.

It took a while until i found an entry in the support forum that allowed me to fix the issue.

So what happened?

After a fresh system install I had the wrong “pinentry” application set up (i still don’t know why “pinentry-qt4” didn’t work) and it was making Enigmail show the error without asking for the passphrase. After going through the following steps i was able to put everything working again.

  1. Set the pinentry symlink to the “pinentry-gtk-2” application:
    sudo ln -s -f /usr/bin/pinentry-gtk-2 /usr/bin/pinentry
  2. Edit  “~/.gnupg/gpg-agent.conf” and change the following line (if it exists):
    pinentry-program /usr/bin/pinentry-qt4

    to

    pinentry-program /usr/bin/pinentry-gtk-2
  3. Log out of your system session and log in again.

In the end it is easy to solve but it took me while until i found an answer that lead me in the right direction. So if you run into the same issue in the future i hope this might be useful to you and prevent you to waste a lot of time to solve it.