Jan Mosig works for itemis in Leipzig. He is focussed on solving problems in his daily project routine and relies on technical software quality, Agile and the courage to change.
Usually automating things on GitHub means using GitHub Actions. This is GitHub's analogon to GitLab's CI-scripts and Jenkins' jobs. But how to combine these with Maven to release artifacts into Maven Central?
In the first part of our series, I showed you how to generate a hash code file for your Travis CI release, thus making it possible for clients to check release integrity. In this part we are going to take things one step further by securing release authenticity ...
When fiddling around with Travis CI a very popular CI tool for GitHub projects, I was wondering: How to secure my release artifacts against forgery, e.g., malware injection? I already knew the solution: SHA and OpenPGP. But how to include those into my Travis CI ...
Being an employee in the IT myself, I often need to access remote machines. Most of the time, SSH and public key cryptography is used here. But although I do use OpenPGP for mail and data encryption, I still need an extra SSH key pair for this kind of remote ...
Alright, you've got your PGP basic knowledge, your setup is all shiny and you sign and encrypt e-mails on a daily basis like a pro. However, the keys are neither mobile, nor stored in a secure place. In case you want to use them on other devices, you'll need to ...
You don't need to do without OpenPGP support on your tablet or mobile phone. There exists a great many Android apps that provide this. I have chosen K-9 Mail and OpenKeychain, because they have a good feature set and are widely spread. In this article I'm going to ...
Well, it's time to set up a useful mail client so that we may make the most use out of our new and shiny keys that we learned to generate in part 4 of this series. Of course, there exist quite a few clients for all those different platforms out there. Quality ...
Patience is key! Having survived theoretical basics, an excursus in verification and a secure setup guide, we now can finally dive into the real thing: Generating all new and shiny PGP keys! Unfortunately the devil is all in the details: Keys may be very ...
Install? Configure? Isn't that available as a web app? I am afraid, no! Privacy and security do not come for free. But don't panic: I'm going to show you how to easily setup OpenPGP on Windows. Work once, use indefinitely. Sounds nice? Let's go then.
Alright, the first part of the series was about some theoretical basics. But before we start, there are a couple of practical tools and phrases that I'd like you to know and understand, e. g. how to verify downloads? How to use the console? What does all of this ...
