Warmwasserwerfer Blog

Cosily defiant

Towards OpenPGP v6 in PGPainless

OpenPGP scrambles your messages in a more secure way than this very analog real world example.

I’m very excited to announce the results of what I have been working on for the past 1,5 years. *drumrolls* I added support for OpenPGP v6 (rfc9580) in both Bouncy Castle and PGPainless! In this blog post, I want to go over the work in more details.

August 28, 2025
An Antidote to Apathy

The tree house Villa Kanalblick.

Learning how to climb a tree as a form of protest feels massively self-effective. Suddenly, you are no longer simply part of a protest that comes and goes and is mostly ignored by those in power. Instead, you present an obstruction to them, a disruption which they actively need to deal with. To me, self-efficacy…

March 21, 2024
PGPainless meets the Web-of-Trust

Path finding in a “Web-of-Trust” – Photo by Mads Schmidt Rasmussen on Unsplash

We are very proud to announce the release of PGPainless-WOT, an implementation of the OpenPGP Web of Trust specification using PGPainless. Big thanks to Heiko for his valuable contributions and the great boost in motivation working together gave me 🙂 Also big thanks to NLnet for sponsoring this project in such a flexible way. Lastly,…

July 25, 2023
Creating an OpenPGP Web-of-Trust Implementation – Knitting a Net

A densely interconnected directed graph forming the Web-of-Trust. Photo by Ricardo Resende on Unsplash

I imagine the Web-of-Trust as an old, half-rotten fishing net (bear with me); There are knobbly knots, which may or may not be connected to neighboring knots through yarn of different thickness. Some knots are well-connected with others, as ye olde fisherman did some repair work on the net, while other knots or even whole…

July 6, 2023
Use Any SOP Binary With SOP-Java and External-SOP

I just released another library named external-sop, which implements sop-java and allows the user to use any SOP CLI application of their choice from within their Java / Kotlin application!

January 13, 2023
Implementing Packet Sequence Validation using Pushdown Automata

In the previous blog post I discussed how a formal grammar can be transformed into a pushdown automaton in order to check if a sequence of packets or tokens is part of the language described by the grammar. In this post I will discuss how I implemented said automaton in Java in order to validate…

October 26, 2022
Using Pushdown Automata to verify Packet Sequences

As a software developer, most of my work day is spent working practically by coding and hacking away. Recently though I stumbled across an interesting problem which required another, more theoretical approach…

September 14, 2022
Creating a Web-of-Trust Implementation: Accessing Certificate Stores

A different type of certificate store. Photo by K Fraser on Unsplash

I made progress towards a full WoT implementation. The current milestone entails integrating certificate stores more closely with the core API. More specifically, an implementation of the Shared PGP Certificate Directory.

September 1, 2022
Creating a Web-of-Trust Implementation: Certify Keys with PGPainless

Currently I am working on a Web-of-Trust implementation for the OpenPGP library PGPainless. Technically, the WoT consists of a graph where the nodes are OpenPGP keys (certificates) with User-IDs and the edges are signatures. In order to be able to create a WoT, users need to be able to sign other users certificates to create…

July 19, 2022
Reproducible Builds – Telling of a Debugging Story

I try to make PGPainless build reproducible. A few months ago I added some lines to the build script which were supposed to make the project reproducible by using static file modification dates, as well as a deterministic file order in the JAR archive. However, recently my JAR files started to contain mismatching bytes…

June 20, 2022