Author

Topic: A hands-on lesson on why you should check PGP fingerprints! (Read 295 times)

copper member
Activity: 630
Merit: 2614
If you don’t do PGP, you don’t do crypto!
reserved (replacing original reserved post, which got deleted)
copper member
Activity: 630
Merit: 2614
If you don’t do PGP, you don’t do crypto!
Why did I just write a long post in Meta advocating the import of PGP fingerprints?

Loading image of funny comic...
XKCD #1181

This was created today.  It could have said anything that I wanted it to:

Code:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Craig Wright is not Satoshi Nakamoto.

Signed,

Satoshi Nakamoto

-----BEGIN PGP SIGNATURE-----

iF0EARECAB0WIQS5YZTT/ZVbiFIrBW8228A4i3SciwUCXkcnOQAKCRA228A4i3Sc
ixUGAJwJP2WaRtRRQoH2oRuib6SxiitnpACfdpOP4PzmLqAOJgM5Ly9HYNzu8lI=
=HmWH
-----END PGP SIGNATURE-----

Verify it!

Code:
$ gpg --import faketoshi_key.asc
$ gpg --verify faketoshi_message.asc
gpg: Signature made Fri 14 Feb 2020 11:03:21 PM UTC
gpg:                using DSA key B96194D3FD955B88522B056F36DBC0388B749C8B
gpg: Good signature from "Satoshi Nakamoto " [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: B961 94D3 FD95 5B88 522B  056F 36DB C038 8B74 9C8B

Here is “Satoshi’s” key:

Code:
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQGiBEkJ+qcRBADC+PIFe02H2rnJ69n3nxbN/ANBdImKDckcXSGFSP8zdQa0V4kp
j0n6Diclaf53U8TtnfbmprLr9jtGdwd2ElvVAm7ykPEUCIgTUfBuqo4TNT+ojLHF
urcvJMWtoKaQRWWeMqAvkGApDr1cx/3OWthhqD3x9aTBMFoCjDe6TwpkhwCg2nrb
tYrAmCz9GQfzyxmkSwXqzfsD/j5MLYF29lMm1dA7IQSIsh8B1d3M6JM53s9TvQRz
5xrnNIt+AVpEK5dy3Av5Y72jtdjqwCitH5U6ciolKZtVQuZG06pPOja9jPcxB0vR
bYW2Iwj+k/+UAmKg/TYgmBmD2ywcwBrc0Xmd+Z+Drvrxbfo/3wwwHctLu+z8228Z
TlTUBACgDZj+pCes64E4SCOPYBXZD989TVeo5rPNTTso9p0wU7btMl+5f2yxTeLU
gaDBCTBNXZWSGMzZ2rV9keHaKxL+Fev5czlnbSWTLmzQzrm0nsESt8yoV1k8at4O
HGWJ5w1N955r7U3k1mIT6WRSdLBUIvcD2OJ0fRyp81MkGvl4UbQjU2F0b3NoaSBO
YWthbW90byA8c2F0b3NoaW5AZ214LmNvbT6IdwQTEQIANxYhBLlhlNP9lVuIUisF
bzbbwDiLdJyLBQJJCfqnAhsDBgsJCAcDAgQVAggDBBYCAwECHgECF4AACgkQNtvA
OIt0nIusSgCfYryezf/iWF4dDjdBGuudQ6bCGRkAnAhtPedNaR429TK6zkEDlbnp
rCPRuQINBEkJ+qcQCACdmQxjwIyjEtAMnq6hN81KzobNxJTBDWv1BbrVCfdJXqvo
9mh8agQV8I3pI+aNUhNZevgET71fQHz6+95yPMj7YE2SQFSfmmlmhthSAkLXfoJY
xDtTGVTJ5sKJujk7hOAxUdZe24+UsNQkvfU42vSvH54j32QUwDXRKcV9W1kK6bIZ
s+X22fbusVdC/EmBMEpdtHqSvvunP3pPthp4+Ew/G65Op4k8o9a6GDt7V2oJ7gce
OSvFQZkTD9VuBzlWbD7NuN5+BKciPPBWUtvfpAJPcb/3AjX/+OVqw2pu5I4IVmPR
RIANXSmbV4KgYsTJ3TQs2SHjYtcrMdQC0gGYMWY3AAMHCACXWZLjuqWqUKdDSY5g
CqQ9ySRDIvlY8Xbgt6X3D2El7Mtfox7Q4WApzqfnDVvd5Vd0xXIb1ZSTcwVciq4a
qjrbOVN2Eu9/BMAAdp9AABHGSJ0VsP8Hpx3r0HyHlEuqB9IS4+vbxIDpqONFWAxL
ifLxKY9Gi8sSWRLFQK0Fn1d/F979HhVGjagyktbg/rLQoGTBuRO/55crlQnXUf7S
d+ltO3prvPvzhZyTgrz2VOVfMLnmFd83vmGjKrNtQpVKxOLWIbYT+npADgwoPVtA
lcm4CMFiROv2+TdWI+uw/unkwqUnu7ooY3hX/WtldVCCVD+hhKwqs2gAbWhR9WZ1
zKHZiGAEGBECACAWIQS5YZTT/ZVbiFIrBW8228A4i3SciwUCSQn6pwIbDAAKCRA2
28A4i3Sci0IZAKC0XH7lRViSVwpzTUQCM1qMgSDJ+QCgs8Eh8w4rMA/lCsS50nZH
jqGT8es=
=QHXp
-----END PGP PUBLIC KEY BLOCK-----

And how?  Trivial.

Code:
$ cat faketoshi.conf
cert-digest-algo SHA1
default-preference-list AES256 AES192 AES128 CAST5 3DES SHA1 SHA256 RIPEMD160 ZLIB BZIP2 ZIP
$ gpg --faked-system-time "1225390759!" --options faketoshi.conf --expert --full-gen-key
[...]

gpg: WARNING: running with faked system time: 2008-10-30 18:19:19
Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
   (7) DSA (set your own capabilities)
   (8) RSA (set your own capabilities)
   (9) ECC and ECC
  (10) ECC (sign only)
  (11) ECC (set your own capabilities)
Your selection? 2
DSA keys may be between 768 and 3072 bits long.
What keysize do you want? (2048) 1024
Requested keysize is 1024 bits
ELG keys may be between 1024 and 4096 bits long.
What keysize do you want for the subkey? (3072) 2048
Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
        = key expires in n days
      w = key expires in n weeks
      m = key expires in n months
      y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: Satoshi Nakamoto
Email address: [email protected]
Comment:
You selected this USER-ID:
    "Satoshi Nakamoto "

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: key 36DBC0388B749C8B marked as ultimately trusted
gpg: revocation certificate stored as '/home/user/.gnupg/openpgp-revocs.d/B96194D3FD955B88522B056F36DBC0388B749C8B.rev'
public and secret key created and signed.

pub   dsa1024 2008-10-30 [SC]
      B96194D3FD955B88522B056F36DBC0388B749C8B
      B96194D3FD955B88522B056F36DBC0388B749C8B
uid                      Satoshi Nakamoto
sub   elg2048 2008-10-30 [E]

$ gpg -a -o faketoshi_key.asc --export 0x8B749C8B
$ nvi faketoshi_message.txt
$ gpg --options faketoshi.conf -u 0x8B749C8B --clearsign < faketoshi_message.txt > faketoshi_message.asc

Now, observe that most of my focus here is on authentication of an identity, and not simply on providing a means of contact.  A comparison of the communications security of PGP to that of ICQ, AIM, and MSN Messenger would be laughable.  Placing a PGP fingerprint in one’s profile is a statement of cryptographically strong identifying information, not merely a bit of contact info.  That, indeed, is why I have kludged my PGP key fingerprint into my profile and displayed it in my forum signature, ever since I started actively posting.  I am 0xC2E91CD74A4C57A105F6C21B5A00591B2F307E0C; 0xC2E91CD74A4C57A105F6C21B5A00591B2F307E0C is me; and if you want to authenticate my identity, I explicitly request that you verify digital signatures rooted in 0xC2E91CD74A4C57A105F6C21B5A00591B2F307E0C.

Merited by nullius (10)
Kek, only one interesting thing: i can't find any pgp signature or bitcoin signature from nullius after his return (since 2nd January).

His pgp keys is well known - https://bitcointalksearch.org/topic/pgp-256-airdrop-bounty-signature-spam-campaign-old-school-crypto-3107429

Are you sure this is real nullius?

Code:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

PSA: *Always* verify digital signatures.

If somebody claims to be me, and he refuses produce
a fresh signed statement signed with a key certified by
0xC2E91CD74A4C57A105F6C21B5A00591B2F307E0C (whether as a subkey,
or through proper rollover(s) to a new master key), then you must
conclusively presume that he is an imposter and an *identity thief*.

Signed,

nullius (2020-02-14)

In homage to Grand Duchess Anastasia and Satoshi Nakamoto:
https://bitcointalksearch.org/topic/project-anastasia-bitcoiners-against-identity-theft-re-craig-wright-scam-5215128

-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQSNOMR84IlYpr/EF5vEJ5MVn575SQUCXkbeaQAKCRDEJ5MVn575
SYTHAQD3Qu3qQSrTgO4PTuHtyUnevNEvy6EELXz6I+iGEV8sxAD/UG+ulc0Jrd7j
LjL18mAodvlGIaPppfCGldxHwseNJwg=
=4VkN
-----END PGP SIGNATURE-----

Control of a forum account is not cryptographic evidence of identity.  Control of an e-mail address is also not cryptographic evidence of identity.  With my large boldface supplied:

Topic: [email protected] is compromised
Today I received an email from [email protected] (Satoshi's old email address), the contents of which make me almost certain that the email account is compromised. The email was not spoofed in any way. It seems very likely that either Satoshi's email account in particular or gmx.com in general was compromised, and the email account is now under the control of someone else. Perhaps [email protected] expired and then someone else registered it.

Don't trust any email sent from [email protected] unless it is signed by Satoshi. (Everyone should have done this even without my warning, of course.)

I wonder when the email was compromised, and whether it could have been used to make the post on p2pfoundation.ning.com. (Edit: I was referring here to the Dorian Nakamoto post. After I posted this, there was another p2pfoundation.ning.com post.)

* nullius asks, “But what is Satoshi’s PGP key fingerprint?  If I download that key from your link, how do I know it is the same key that Satoshi used before?”

The email said:
Quote from: [email protected]
Michael, send me some coins before I hitman you.

Not exactly Satoshi's normal style. Wink

* nullius asks, “The key that I just downloaded from your link lacks any Web of Trust signatures.  Anyway, suppose that I don’t already have verified keys from anyone who knew Satoshi.  What then?  Does this look right to you?”

Code:
$ gpg Satoshi_Nakamoto.asc
gpg: WARNING: no command supplied.  Trying to guess what you mean ...
pub   dsa1024 2008-10-30 [SC]
      DE4EFCA3E1AB9E41CE96CECB18C09E865EC948A1
uid           Satoshi Nakamoto
sub   elg2048 2008-10-30 [E]

https://3g2upl4pq6kufc4m.onion/html?q=DE4EFCA3E1AB9E41CE96CECB18C09E865EC948A1

With a tiny programming effort, I could even more closely fake a “Satoshi” key.  With that plus a few CPU cycles, I could fake the 32-bit “short” keyid; with computational work on the order of what the Bitcoin mining network does in one-half second, I could even fake the 64-bit “long” keyid.  But I could not fake the full fingerprint!

Stop identity theft using the power of public-key cryptography!

Cut off imposters at the threshold.

Always make sure that you have the right key.  Check PGP fingerprints!



Local rules:  Trolling, Faketoshi shilling, and replies to such things will be deleted at my exclusive discretion.  DNFTT.  Bad technical advice may also be deleted, unless it makes for a good opportunity to correct common misconceptions.  Posts doing the latter are encouraged.

Posts which quote the whole OP will be deleted on sight.  Insubstantive posts, “me too” posts, etc. will also be deleted, even if well-meaning.  Please be considerate of readers.

Newbie-level smart questions are welcome.  Newbie-level discussion by technical experts is very welcome.

Please keep technical discussion at a level appropriate for the Beginners & Help forum.  Further explanations are welcome, e.g. as to why I used the options that I put into faketoshi.conf.  Most of all, I welcome good advice about how to verify PGP key fingerprints in a non-ideal world—where not every key is in the Web of Trust, and not every newbie has even a verified starting point in the Web of Trust.

I will reserve a post for downlinking the best posts on this thread, for linking to translations, and for other metadata.
Jump to: