Skip to main content


Showing posts from 2020

Getting Mailvelope on Chrome to use GnuPG on macOS

Mailvelope is a browser add-on that helps use GPG encryption and signing on webmail systems like Gmail. Here are the steps on macOS (tested with "Big Sur") to get Mailvelope to use the GnuPG backend. Install gpgme via Homebrew: brew install gpgme This will install gpgme-json in /usr/local/bin by default.  Create a file called gpgmejson.json in  "~/Library/Application Support/Google/Chrome/NativeMessagingHosts" with the following contents: {     "name": "gpgmejson",     "description": "Integration with GnuPG",     "path": "/usr/local/bin/gpgme-json",     "type": "stdio",     "allowed_origins": [         "chrome-extension://kajibbejlbohfaggdiogboambcijhkke/"     ] } Now in Mailvelope > Options > General , GnuPG will show up as the encryption backend.   

Getting an A+ Score on Qualys' SSL Server Test

On a lark, to get some experience with configuring HTTPS servers, I decided to host the Flightware frontends on my RaspberryPi on an HTTPS endpoint instead of the default HTTP. The broad steps to do this were: Getting a certificate for my site via LetsEncrypt's certbot Enabling the HTTPS endpoint on Lighttpd Testing the security of the setup via the Qualys SSL Server Test It took some trial and error to get an A+ rating for my server's SSL setup . The two key steps involved in improving the security of the setup were: Starting with a strong SSL configuration generated by Mozilla's SSL Configuration Generator . This means no SSL v2, SSL v3 or anything below TLS v1.2, and setting up HSTS Configuring DNS CAA records for the domain. Here's how my CAA record is configured on Google Domains: ➜ dig caa +short 0 issue "" 0 issue "" 0 iodef "" 0 issue "" I haven't