Email security with Google Workspace

TL;DR; What records needs to be added to DNS? v=spf1 include:_spf.google.com -all v=DKIM1; k=rsa; p=MIIBI...6lwIDAQAB google._domainkey v=DMARC1; p=reject; rua=mailto:[email protected] default._bimi v=BIMI1; l=https://fizjoterapia.uk/bimi.svg SPF Sender Policy Framework (SPF) is an email authentication method which ensures the sending mail server is authorized to originate mail from the email sender’s domain. It is absolutely necessary to have SPF entry in DNS zone - otherwise your email will end-up in SPAM folder or even will be discarded....

July 23, 2023 · 5 min · Bart Prokop

Deterministic PGP key generation

Passphrase I wrote small utility to generate BIP-39 compatible passphrases. One needs Java runtime to run it. # Note - when downloading, check for latest version $ wget https://repo1.maven.org/maven2/dev/prokop/crypto/crypto-bips/1.0.2/crypto-bips-1.0.2-standalone.jar $ java -jar crypto-bips-1.0.2-standalone.jar bip39 -l 512 trim mango orphan craft together topic unique merry autumn little economy actress brief dog deny syrup turkey mother slab detail crucial doll water rug original trash course bid option assume pulse witness upon steak ranch whisper great beach enhance delay junior couple twelve bargain rib mass hazard panther The above uses 512 bits for seed and then convert it to a pass phrase....

August 13, 2022 · 2 min · Bart Prokop

Retrieving PGP key from protonmail using gpg

It seems that Proton Mail publishes its customers public keys using at leasts two methods: WKD (Web Key Distribution) Exposes hkps server (host name: api.protonmail.ch) Using WKD Just retrieve public key using by issues the following command: $ gpg --locate-keys [email protected] gpg: key 6C74835C42CEF599: public key "[email protected] <[email protected]>" imported gpg: Total number processed: 1 gpg: imported: 1 pub rsa2048 2018-05-26 [SC] 49148230F11C0458BD19F45C6C74835C42CEF599 uid [ unknown] [email protected] <[email protected]> sub rsa2048 2018-05-26 [E] Of course it would be good to sign the key and distribute signed one to some public key server....

June 15, 2022 · 1 min · Bart Prokop

WKD setup for your domain

I have recently tried and was keen to see that Proton Mail supports WKD. $ gpg --locate-key [email protected] gpg: key 4DE32C2A10A7EBC2: public key "[email protected] <[email protected]>" imported gpg: Total number processed: 1 gpg: imported: 1 pub ed25519 2021-10-13 [SC] 67731B189D0908618DF665144DE32C2A10A7EBC2 uid [ unknown] [email protected] <[email protected]> sub cv25519 2021-10-13 [E] So here is quick instruction how to setup WKD for any email (i.e. not hosted by Proton Mail). First you need to create empty file relative to your webserver ROOT....

June 13, 2022 · 2 min · Bart Prokop

Marginal Trust

Marginal Trust downloading required keys... :: Import PGP key 0F65C7D881506130, "Maxime Gauduin <[email protected]>"? [Y/n] (38/38) checking package integrity Import PGP key 0F65C7D881506130, "Maxime Gauduin <[email protected]>" 237 curl "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x0e8b644079f599dfc1ddc3973348882f6ac6a4c2" > 0x6AC6A4C2.gpg 241 curl "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xab19265e5d7d20687d303246ba1dfb64fff979e7" > 0xFFF979E7.gpg 246 curl "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x91ffe0700e80619ceb73235ca88e23e377514e00" > 0x77514E00.gpg 248 curl "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xd8afdda07a5b6edfa7d8ccdad6d055f927843f1c" > 0x27843F1C.gpg 250 curl "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x2ac0a42efb0b5cbc7a0402ed4dc95b6d7be9892e" > 0x7BE9892E.gpg 251 curl "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x159f3a43aeb246c5746c033814bc4f30b3b92eba" > 0xB3B92EBA.gpg prokop_bart@cloudshell:~/code/gpg-keys/trusted/arch-master$ gpg --import * gpg: key D6D055F927843F1C: 6 signatures not checked due to missing keys gpg: key D6D055F927843F1C: public key "Levente Polyak (Arch Linux Master Key) <anthraxx@master-key....

June 11, 2022 · 4 min · Bart Prokop