Erik L. Arneson is a freelance writer and software developer with WordPress experience. He is located in Portland, Oregon. Jekyll 2026-06-18T15:03:10+00:00 https://arnesonium.com/feeds/openpgp.xml Erik L. Arneson Erik L. Arneson 2018-05-24T21:10:43+00:00 https://arnesonium.com/2018/05/new-pgp-key-for-2018 <p>I’ve upgraded to a 4096-bit RSA OpenPGP key. The new key fingerprint is <a href="https://arnesonium.com/wp-content/uploads/2018/05/16EC3D6E.asc">FB05 D043 5BA4 6C32 66AE 2F74 17D0 60A6 16EC 3D6E</a> and you can download it by clicking on that link.</p> <p>The key is also available on your favorite PGP keyserver, or through my <a href="https://keybase.io/earneson" rel="noopener" target="_blank">Keybase account</a>.</p> Erik L. Arneson 2016-01-20T16:54:43+00:00 https://arnesonium.com/2016/01/openpgp-for-wordpress-now-supports-contact-form-7 <p><a href="https://arnesonium.com/wordpress-openpgp/">OpenPGP Form Encryption for WordPress</a> now supports <a href="http://contactform7.com/" target="_blank">Contact Form 7</a>. You can download version 1.4.0 at the <a href="https://wordpress.org/plugins/openpgp-form-encryption/" target="_blank">WordPress plugin site</a> and start using a safer contact form on your website today!</p> Erik L. Arneson 2015-06-08T15:48:03+00:00 https://arnesonium.com/2015/06/send-secure-email-with-entrypt-to-service <p>While my <a href="/wordpress-openpgp/">OpenPGP plugin for WordPress</a> might be very helpful, the <a href="https://encrypt.to/" target="_blank">Encrypt.to service</a> allows you to quickly send encrypted email with just one click. It looks powerful. <!--more--></p> <p>You can <a href="https://encrypt.to/earneson@arnesonium.com" target="_blank">click here to send me encrypted email</a> or visit the <a href="https://github.com/encrypt-to/encrypt.to" target="_blank">source code</a>.</p> <p><a href="https://encrypt.to/earneson@arnesonium.com" target="_blank"><img src="https://arnesonium.com/wp-content/uploads/2015/05/Screenshot-from-2015-05-29-125540.png" alt="Screenshot from 2015-05-29 12:55:40" width="489" height="545" class="aligncenter size-full wp-image-441" /></a></p> Erik L. Arneson 2015-05-22T20:57:00+00:00 https://arnesonium.com/2015/05/security-link-rodeo <p>My four-week <a href="http://arnesonium.com/2015/04/the-history-of-cryptography-at-pugs/">History of Cryptography</a> class at <a href="http://www.pugspdx.com/" target="_blank">Portland Underground Grad School</a> is almost over. While I’ve had plenty of experience with speaking to audiences about difficult subjects, this has been my first time with an ongoing class. I think I’m learning as much as my students! Because this class has helped rekindle my passion for cryptography and computer security, this link rodeo is going to focus on those subjects. <!--more--></p> <p>Crypto superstar Bruce Schneier has written a good overview of the <a href="https://www.schneier.com/blog/archives/2015/05/the_logjam_and_.html" target="_blank">new Logjam attack</a> against the Diffie-Hellman key exchange protocol. If you want to test your browser and various websites against the bug, <a href="https://weakdh.org/" target="_blank">check this website</a>. The CloudFlare blog also has a <a href="https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/" target="_blank">good explanation of the Logjam attack</a>.</p> <p>https://twitter.com/NSA_PR/status/601163480499093505</p> <p>GNU Privacy Guard (GnuPG) version 2.1.4 was released earlier this month. Read the <a href="https://lists.gnupg.org/pipermail/gnupg-announce/2015q2/000366.html" target="_blank">announcement here</a>. The exciting thing about the 2.1 releases is that they support <a href="https://en.wikipedia.org/wiki/Elliptic_curve_cryptography" target="_blank">elliptic curve cryptography (ECC)</a>, and allow you to create ECC public keys. I still find ECC difficult to understand, but <a href="http://arstechnica.com/security/2013/10/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/" target="_blank">here’s a pretty good introduction</a> written by Nick Sullivan.</p> <p>Finally, back in February, Moxie Marlinspike wrote about how <a href="http://www.thoughtcrime.org/blog/gpg-and-me/" target="_blank">he hopes OpenPGP will die someday</a>. I, on the other hand, still use it regularly and enjoy it! In fact, I’m going to encourage you to check out the <a href="https://emailselfdefense.fsf.org/en/" target="_blank">FSF Email Self Defense website</a> so you can get started with encrypting your email today. When you’re ready, drop me a line using <a href="/wp-content/uploads/2014/10/E938F2EE.asc">my OpenPGP key</a>.</p> <p><small><i>The featured image for this post is courtesy of Flickr user <a href="https://www.flickr.com/photos/jaymis/2529144235" target="_blank">Jaymis Loveday</a>.</i></small></p> Erik L. Arneson 2015-05-13T18:16:07+00:00 https://arnesonium.com/2015/05/new-release-of-openpgp-for-wordpress <p><span data-icon="&#xe088;" style="float:left;font-size:xx-large;padding-right:0.1em"></span>Version 1.3.0 of the <a href="http://arnesonium.com/wordpress-openpgp/">OpenPGP Form Encryption for WordPress</a> plugin is now available. It’s important to upgrade. It includes the following changes.</p> <ul> <li>Updates OpenPGP.js to version 1.0.1</li> <li>Tests the plugin against WordPress 4.2.2</li> <li>Ensures that the browser can support OpenPGP.js</li> </ul> <p>There are a few new features planned for this plugin. Expect a major version release in the next few months.</p> <p>Check out the plugin page on the <a href="https://wordpress.org/plugins/openpgp-form-encryption/" target="_blank">WordPress Plugin Repository</a>.</p> Erik L. Arneson 2015-04-13T15:13:43+00:00 https://arnesonium.com/2015/04/should-wordpress-encrypt-all-email <p>WordPress sends out email sometimes, and it doesn’t encrypt any of them by default. <a href="http://buli.waw.pl/wordpress-openpgp-emails/" title="Integration of WordPress and OpenPGP for a better security" target="_blank"><em>Integration of WordPress and OpenPGP for a better security</em></a> is a case study by Paweł Bulwan that examines the security implications of all of these emails. Are they leaking important information? Should WordPress site owners worry about them? <!--more--></p> <h2>Only Limited Security Threats</h2> <p><img src="http://arnesonium.com/wp-content/uploads/2014/12/640px-Enigma-plugboard-300x204.jpg#right" alt="Enigma Plugboard" width="300" height="204" class="alignright size-medium wp-image-122" /></p> <p>Mr. Bulwan only found five potential security threats, which is pretty good news. None of them are show-stoppers. However, I believe he missed something important, which is that any information that is leaked about login credentials can cause issues. Leaked information can be used to limit an attacker’s problem space, reducing the complexity of an attack.</p> <p>Mr. Bulwan’s idea of providing OpenPGP encryption for any emails that WordPress sends is a great one. In fact, if WordPress provided an OpenPGP API, it would spell the obsolescence of my <a href="http://arnesonium.com/wordpress-openpgp/" title="OpenPGP Form Encryption for WordPress">OpenPGP Form Encryption for WordPress plugin</a>.</p> <p>That would be really cool.</p>