Conversation

Notices

1. Embed this notice
   nadja (dequbed@mastodon.chaosfield.at)'s status on Monday, 05-Jan-2026 08:12:53 JST nadja

   in reply to

   If you're interested in such a tool or would like to get some experience writing cryptographic software where all the arduous work of designing the math and formats to be secure has been done by loads of smart people (and one stupid fox) already, go here: https://codeberg.org/dequbed/nbysign

   • Embed this notice
     nadja (dequbed@mastodon.chaosfield.at)'s status on Monday, 05-Jan-2026 08:12:54 JST nadja

     in reply to

     The result of those three days researching and hacking away?
     I've started work on a signing tool that allows its users to stop thinking about signing. It doesn't try to be a swiss army knife, and it has no knobs to fiddle with. It signs stuff, and it verifies stuff, but it does so with very secure defaults and according to open standards instead of being the tenth home-grown tool that does everything *slightly* different enough to the rest to be frustratingly incompatible.

     GreenSkyOverMe (Monika) repeated this.
   • Embed this notice
     nadja (dequbed@mastodon.chaosfield.at)'s status on Monday, 05-Jan-2026 08:12:55 JST nadja

     So, with stuff actually working now I think I can finally talk about what's been my hyperfocus for the last three days. To not put too fine a point to it, the tool ecosystem for cryptographic signatures is atrocious. Granted, the use-cases for those are also beyond niche, but when you need them you *really* need them.
     And especially the gpg.fail talk at 39C3 has reminded me just how bad the situation is, but it has also reminded me that I am in fact a cryptographer, and I can just *improve it*.

     GreenSkyOverMe (Monika) repeated this.