I'm also going to going plug for a minute.

I have email addresses at my domain now. I also use keys. I revoked ones associated with my other emails in favour of the new. I also use a password manager that encrypts my passwords with my key. The now-revoked key does nothing. So I don't have access to any of my passwords. Well OpenKeychain has a wonderful backup feature that lets you export a key and import it on your computer. I was literally sick until I found that feature 😌

@amolith you can still decrypt with revoked keys.
Also that backup feature is amazing.

@kensp @amolith OpenKeychain is awesome! Big fan and a daily user myself. It integrates directly with K9 Mail as well as the PasswordStore app and some others.

I'm guessing you use zx2c4's pass password manager. If so, here's how you can keep them with you on the go.


@gentoorebel @kensp I do use pass and I already have Password Store but thank you for the recommendation!

OpenKeychain also integrates with Conversations of you're an XMPP user. I keep finding more and more awesome apps that integrate with it.

@amolith @kensp yep, noticed that too. I just don't find XMPP gives me anything IRC doesn't, at least not in my use case.

@amolith @gentoorebel @kensp To be honest I find OMEMO better than OpenPGP for XMPP (it's built-in and doesn't require any config from other contacts).

That said OpenKeychain is very cool indeed, it even supports hardware tokens (like Yubikey) and (with Termbot) can be used to login to remote SSH servers! (I actually used that to fix one minor thing while on vacation :) )

@wiktor @amolith @gentoorebel
OMEMO works pretty well on direct chats, but OpenPGP is definitely superior when it comes to MUCs and group chats. Setting up OMEMO on MUCs with more than 3 people is a pain in the ass.

@kensp @amolith @gentoorebel I'm using a family chat with >5 people and haven't had any problems, it worked out of the box. Granted all members already knew each other. Setting up OpenKeychain and OpenPGP keys for all of them would take a lot of time...

Maybe your contacts used servers that did not whitelist OMEMO keys? (there is a plugin for that for Prosody, ejabberd has it built-in in newer versions).

@wiktor @amolith @gentoorebel
You need everyone to trust everyone's omemo key. It guess tedious. Honestly, we just ended up having an unencrypted chat.

Also the whole thing is a hassle. Riot worked out much better for my family. It's E2E encrypted without a hassle and it's self hosted anyway.

@kensp @amolith @gentoorebel Did you check it out recently? Since Nov 2016 Conversations uses Blind Trust Before Verification (gultsch.de/trust.html) that, as name implies, doesn't require verification but still uses E2E.

@wiktor @kensp @amolith sadly I wound up just reverting to Telegram for a family chat. Too many mixed platforms (Android, iOS, Windows, Linux) and non-technical users.

@gentoorebel @kensp @amolith Agreed. I'm lucky that my non-technical users basically only use Android. For PC Gajim is OK.

Telegram has a really nice UI.


@kensp @amolith

And desktop support, even if it is electron based. I don't like to be typing on a touch screen any more than necessary.

@amolith I've been digging into this whole GPG world recently also. I haven't put it to use yet though. I want to switch to pass, but I share my keepass file with my wife right now and its way easier for her to just know the passphrase than to deal with keys.

Really interesting stuff. I can see how this free encryption was so revolutionary years ago. Of course it's still more important than ever, but I don't think people realize that yet.

Sign in to participate in the conversation

Fosstodon is a Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.