One step forward, two steps back

According to the powers that be end-to-end encryption as we know it might be one of those things like the prosperity of the 1990’s that we can only reminisce about in the near future. Now as, always the most secure way to transit messages over a secure channel (i.e. any sort of online service, even one which implements end-to-end encryption is to handle encryption yourself.) For those of you that use Mac OS X, there’s not a better, simpler way to do it than NouveauPG.

NouveauPG is a mature product that has been out for many years and is compatible with virtually all other PGP software on the market the one caveat (and I cannot stress this enough) you can not import private keys from another PGP program. There are really good reasons for doing so, not to get technical but PGP has been around since 1993. I’m not even young and I was in grade school back then. AES, the gold standard for symmetric encryption was not even invented back then! The patent for RSA didn’t expire until 1991. Most existing implementations are still under coded under the assumption that memory is far, far more expensive than it is now.

I’m planning a promotion in honor of this current attention given to crypto (I remember this came up in the Bill Clinton administration!) Stay tuned!

Finnaly A new Update

It’s been a few years and still I think my software is the best in class even in across all operating systems. I am have fell on rather hard times and with the movement to cloud computing I have found Kleopata to be the next best thing for Mac. My next project is to ElectronJS to produce a cross platform maybe generate same revenue across all platforms. I truly believe NouveauPG is the best PGP client for GUI (not going to get into that discussion.) I’ve fell on hard times combined with the cloud, uh, revolution. As an aside, back in 2011-2012 when I was indulging my entrepreneurial instincts I came up with the Agile Green Cloud who knows what would’ve become of that, but you know in 200 years we’re all go going to be dead and forgotten so I keep carrying on. I notice what appears to the second best PGP client for Windows is awkward, I plan (and shamelessly begs for donations) maybe I can learn a think or two form that published. In any case I make a decent living doing enterprise things I can’t complain and how many people watch Netflix when they come home, with their wife resentful that they aren’t make Zuckerburg. Maybe on day, but I’m pretty hapy with my life. Anyway this prodcut has been years in the making, early on I attempted to make it cross platform, if you really want the best PGP client in existence you can learn command line or I saw some good deal of Macs at Pawn Shops. Patient is a virtua.

Hello world!

Welcome to the new home of NouveauPG now with SSL, nouveaupg.com will continue to redirect here.

Screenshot

NouveauPG is the slickest, easiest to use communication utility for MacOS. It is compatible with all common OpenPGP clients. I cannot seem to emphasize this enough, you can’t import keys from another client into NouveauPG. The user this was intended for is new to PGP communication. This is a feature, not a bug, and part of the reason in my opinion that OpenPGP still has relatively adoption unlike, say, email. NouveauPG also allows you to ‘piggyback’ on other forms of communication like e-mail and forums using ‘ASCII Armor’. So unlike Signal, and other well funded services this doesn’t tie you to an ecosystem.

DSA keys deprecating/ELIMINATING DSA keys in in openssl 7.0

https://security.stackexchange.com/questions/112802/why-openssh-deprecated-dsa-keys

You don’t have to take my word for it, but when I was begin developing NouveauPG years ago I found that, 1.) DSA is just hours of testing debugging, etc. with little return on invest. Don’t get this twisted, this was never designed to make me a millionaire but I thought is was something that should exist. We’re only here for a short time and we really have to think beyond the fleeting riches which so many in the current tech industry base their self worth. Just sort of proud that I saw that coming years ago. šŸ™‚

pgp instractructure under attact

https://www.vice.com/en_us/article/8xzj45/someone-is-spamming-and-breaking-a-core-component-of-pgps-ecosystem

Apart from the due to the limited role of NouveauPG’s ‘eco-system’ it is safe for the secure transmission of text messages of any length across insecure medium. Social media etc. NouveauPG was written from the ground up and shares no code with the c. 1994 code-base. Apart from myself accessing this site via Tor which could be AWS nonsense, all is secure.

domain

For the time being, nouveaupg.info is the internet address. There are some very strange things happening with nouveaupg.com. I’m hoping to have everything back up ASAP, but for the meantime nouveaupg.info is the temporary address.

UPDATE: well this is weird, I can access nouveaupg.com via Tor, but not my home connection. I’m sure it’s nothing. I have more pressing matters, just thought this was interesting.

Well this is weird, I can access http://nouveaupg.com through Tor.

UPDATE (Nov 2, 2019): I have moved hosting from Amazon to Linode to be done with these shenanigans. My day job is similar.

E-Fail attack against GPGTools

https://it.slashdot.org/story/18/05/25/189253/in-apple-mail-theres-no-protecting-pgp-encrypted-messages Remember with NouveauPG, the entire app is sandboxed. The only way to get data in or out is by selecting a file using the system file dialog box, or using the clipboard. No internet access, third party plug-ins or anything. The only reason encryption is not ubiquitous by now is the trade-off between usability. More ‘convenient’ schemes always seem to backfire. NouveauPG is as simple as I know how to make it.  ]]>

Compiling and Installing GnuPG Classic v1.4.20 on Mac OS X

xcode-select For older versions of Mac OS X, the procedure outlined here may work. 2.) Download the source code archive for GnuPG v1.4.20 here and the signature here. The signature is a text file that we will use to verify the source code archive. 3.) Decompress and extract the source code archive.

bzip2 -d gnupg-1.4.20.tar.bz2 tar -xvf gnupg-1.4.20.tar
4.) From the source code directory, run the configure script to make sure your command line tools are installed.
cd gnupg-1.4.20 ./configure
5.) Assuming there are no errors, from the same directory run make to compile gnupg. At this point, if everything went correctly, you should find the gpg executable in the g10 subfolder. 6.) If you wish to install GnuPG 1.4.20 as your default gpg:
sudo make install
You must uninstall other versions of gpg (including those installed by other software packages) before installing.]]>