Archives par mot-clé : Encryption

Petite histoire d’OpenPGP, GnuPG et PGP jusqu’en 2002

Je fais un peu de ménage sur mon site et je suis tombé sur cette vieille page (2002!) que j’avais écrite résumant la petite histoire de GnuPG, OpenPGP et PGP jusqu’à ce moment.

En attendant de trouver une demeure plus définitive pour cette petit chronologie, la voici:

  • 1991 – Philip Zimmermann, a software engineer, creates PGP (« Pretty Good Privacy ») a strong cryptography software « originally designed for human rights applications, and to protect privacy and civil liberties in the information age ».
  • DEC 1996 – PGP Inc. is founded by Zimmermann, after a three-year criminal investigation is dropped by the US government. The investigation was supposed to prove that Zimmermann violated US export restrictions for cryptographic software when PGP spread all around the world following its publication as freeware.
  • DEC 1997 – Network Associates Inc. (NAI) acquires PGP Inc.
  • DEC 1997 – G10 first release announcement, which would later become GPG
  • NOV 1998 – RFC 2440 is published, with « all necessary information needed to develop interoperable applications based on the OpenPGP format », as the first step to establish OpenPGP as an IETF open (encryption) standard
  • Late 2000 – NAI makes PGP no longer open source (meaning their source code is no longer available)
  • FEB 2001 – Zimmermann quits NAI and starts the OpenPGP Alliance, « a growing group of companies and other organizations that are implementers of the OpenPGP standard ».
  • OCT 2001 – NAI announces a reorganization of the PGP Security Business including integration of PGP Security products into the McAfee and Sniffer business units.
  • APR 2002 – NAI drops support of PGP Mail, the commercial version of the original PGP from which others followed, including PGPfile, PGPicq, etc.
  • MAY 2002 – Version 1.0.7 of the GNU Privacy Guard is available for download. This is a major release of a complete and free replacement of PGP.
  • AUG 2002 – PGP Corporation Announces Purchase of PGP Desktop from Network Associates.
  • SEP 2002 – GnuPG 1.2 released
  • OCT 2002 – GnuPG 1.2.1 released
  • NOV 2002 – WinPT+GnuPG graphical installer released (no longer maintained)
  • DEC 2002 – PGP 8.0 released

OpenPGP key transition to 4096-bit RSA keys

For a number of reasons, I’ve recently set up new OpenPGP keys, and will be transitioning away from my old one. I use Thunderbird and the Enigmail OpenPGP extension to encrypt and sign my email communications. Check out the Security in a Box documentation if you wish to do the same.

You can read the full statement of transition from this archive which includes details about old/new keys, signatures etc. My personal OpenPGP key has been updated in the contact page. I’ve also advertised this change on social networks I use frequently.

If you haven’t done so, I recommended checking out the Riseup OpenPGP best practices documentation.

1 « en maintenance » suite à une brèche de sécurité

Si vous aviez un compte sur, cette annonce vous concerne:

(traduit de Ubuntu Forums is down for maintenance)

Ubuntu Forums est en maintenance

Il y a eu une violation de la sécurité sur les forums Ubuntu. L’équipe de services informatiques de Canonical travaille fort en ce moment pour rétablir un fonctionnement normal. Cette page sera mise à jour régulièrement des rapports d’étape.
Ce que nous savons:

  • Malheureusement, les attaquants ont obtenu l’identifiant de chaque utilisateur local, mot de passe et adresse email à partir de la base de données des forums Ubuntu.
  • Les mots de passe ne sont pas stockés en texte clair. Toutefois, si vous utilisiez le même mot de passe que sur Ubuntu Forums sur d’autres services (tels que le courriel), vous êtes fortement encouragé à changer le mot de passe sur l’autre service au plus vite.
  • Ubuntu One, Launchpad et d’autres services Ubuntu / Canonical ne sont pas affectées.

Rapport d’activité

  • 20/07/2013 2011UTC: Rapports de dégradation
  • 20/07/2013 2015UTC: Site mis hors-ligne, cette page d’accueil mise en place alors que l’enquête se poursuit.

Quelques pistes pour minimiser les risques à l’avenir:

* Si vous en faites la suggestion à un éditeur de site web, faites-le gentiment 🙂


Jaunty Candy

Here’s some candy I am enjoying in Jaunty:

Per-user language settings under System > Administration > Language support:

Cryptkeeper, (package: cryptkeeper) a tray applet to graphically manage EncFS encrypted directories:

ext4 filesystem support in the Gnome partition editor (package: gparted):

I’d love to hear about any of your favorite Jaunty candy too 🙂


Easy, free removable storage encryption that works with Ubuntu Hardy and Intrepid

I’ve been playing with encryption for some time now and I am always curious about removable storage encryption.

There are tons of guides to do this but it always seems to require either too many steps or some non-free software. I’ve been using this method succesfully adapted from this post for some time now so I wanted to share it here, if anyone has better ideas I’d love to hear it. Removable storage encrypted using this method can also be read directly from Intrepid Live CD sessions as Intrepid now includes cryptsetup by default.

You will need to install the cryptsetup package in Hardy, and also gparted as a helper graphical application to setup partitions and format your media. Gparted is already available on LiveCD sessions. Yes I know this can be done in command line, but I try to limit that as I show this to other CLI-agnostic friends.

Notice I’ve added a step (formatting with a regular partition first), and I used partitions instead of device names.

Find out which device your stick is by issuing from command line:
sudo lshw -C disk -short

This may also help detect other types of storage:
Find out which device your stick is by issuing from command line:
sudo lshw -C storage -short

Example output:
H/W path Device Class Description
/0/100/1f.1/0 /dev/sda disk 251GB Maxtor 6L250R0
/0/100/1f.1/1 /dev/sdb disk 251GB Maxtor 6L250R0
/0/100/1f.1/2 /dev/cdrom disk DVD-RW DVR-110D
/0/100/1f.1/3 /dev/cdrom1 disk RW/DVD GCC-4521B
/0/100/1f.1/3/0 /dev/cdrom1 disk
/0/1/0.0.0 /dev/sdc disk 256MB Cruzer Micro
/0/1/0.0.0/0 /dev/sdc disk 256MB

In this case the device is /dev/sdc.

Next make sure the device is unmounted:
sudo umount /dev/sdc1

Format your removable storage device using gparted, create one single ext3 partition on it. This will end up being partition /dev/sdc1 (assuming your device is /dev/sdc like in my example).

If you do not want to encrypt the whole removable storage, repartition it using gparted.

Overwrite the created partition with an encrypted partition on the target media:
sudo luksformat /dev/sdc1

This will ask you for a passphrase. The default file system is “vfat”, but you can specify a different one with the “-t” option. An example of the same, using an ext3 partition:
sudo luksformat -t ext3 /dev/sdc1

Make sure you type YES in all capitals when prompted, read the prompts carefully.

After this procedure, remove the stick and plug it in again. This should trigger a dialog which asks you for the passphrase and mounts the encrypted partition (along with any unencrypted one, of course).

I was able to read a stick encrypted this way in other computers, just by installing cryptsetup on them. You will need to install cryptsetup and reboot every computer where you want to access this.

Intrepid already comes with cryptsetup installed BTW.

I hear this kind of encrypted removable media can also be read from Windows using FreeOTFE but I haven’t tried it. If anyone can share how to do that, I’d also like to hear about it.

Just a little warning at the end: Please be aware that if you lose the passphrase, I CAN’T HELP RECOVERING THE DATA! This may sound obvious but in a previous posting about this I got private requests about such problems. No comments!