Pages:
Author

Topic: [Merit] Hey Bitcoiners! Can You Send Encrypted Messages? - page 25. (Read 11872 times)

donator
Activity: 4760
Merit: 4323
Leading Crypto Sports Betting & Casino Platform
Here is mine and I got it from a different site,
I created different site

You both seem to have made a mistake.  I'm getting an error that your messages are for an unknown recipient, which I think most likely means you used your own key to encrypt the message, not mine.
legendary
Activity: 2338
Merit: 10802
There are lies, damned lies and statistics. MTwain
I’ve never used this before besides verifying Electrum, and kind of played around finding @Ognasty’s certificate on the server beforehand. There are three potential entries there (which does not mean they are really his), so I’m not sure if I’ve used the correct one, since I imported a couple of them.

Code:
-----BEGIN PGP MESSAGE-----

hQEMA6M4xhfeZuZWAQf6AtH14WhLkQhzGQtBY05wlu4zcyJ3LCTtDzeJbXyxlnwv
UCsE0GOz9qZn17nM5EN91O3ZlcwerWQyMarguwIKL3/vD/5+sSORegHn328/rfvA
etTq/1bFGKokOxRoSE4uyA41DHqLjKMfU4rTmsHhWSca2BacPQE7w/1eqq9pPyC/
0M44QjlPIALlAA5QeybWXmuzrVluUpWvrAi9nrEO5F0uqg936TxvzMenNdyMKydP
2FeGwHxRYwuBsSyHFou3e1gUuhAJr7M89ib9ALTWJlQPAa9ubC+SHS2r+LJvVb+2
Y7SdBhIUWcvwY1GzBdaNf5dFw3H/co3lJyFnMBii7tJbAVnA/bCNUIMuRPXAheIl
06WEsb9wX6xiBCynUkrlZHeC85Lt0Tr60mFi2JXrQIlgXrRm69zy6xbQtrj0dAgd
eepfn2tW7fZQAmFIL2V0h3aANNBOg/+CTLyXhQ==
=QyuJ
-----END PGP MESSAGE-----

I’d just like to know (no merits) if I used the correct one. It seems so, since all valid signed messages contain the same prefix (and using the other imported certificate renders a different prefix). Prefix (first few characters) are the header, and include:
Code:
pgpdump

Old: Public-Key Encrypted Session Key Packet(tag 1)(268 bytes)
New version(3)
Key ID - 0xA338C617DE66E656
Pub alg - RSA Encrypt or Sign(pub 1)
RSA m^e mod n(2048 bits) - ...
-> m = sym alg(1 byte) + checksum(2 bytes) + PKCS-1 block type 02
New: Symmetrically Encrypted and MDC Packet(tag 18)(98 bytes)
Ver 1
Encrypted data [sym alg is specified in pub-key encrypted session key]
(plain text + MDC SHA1(20 bytes))
(I’ve used https://www.lirnberger.com/tools/pgpdump/ to see the header info).
hero member
Activity: 2702
Merit: 716
Nothing lasts forever
Finally done !

I was trying to encrypt message through electrum but eventually failed. So at last I had to download kelopatra for encrypting the message.

Here's my encrypted message @OgNasty

Code:
-----BEGIN PGP MESSAGE-----

hQEMA6M4xhfeZuZWAQf/TDBtiFiKRlDOyDVuLs5If01OLxLQdWN9UeNt44QcMmZm
HAoy7swpHVWdN7AJewlQN2BhFI8gU1pgCZaTkBh7gB3hZmqBiHWogULe3YfkN821
vraQn6ILmJSF6Sm3qmpQLs2Yl5Sw1x8lMxbc8U5zHAkpXqyKc9bwxSDuD3aoxjwr
YHlxP02v0wZ6/915eNFWHW5PrMJPPElhQd+SKIrDN7EIZC/TeZRdsVH9c7ibSGoW
tyrjl090ZTXQsgwzQw+Rrl15jdAbs6D4BWDZeypt1lIvUatpK788dYMOJzXPz91B
LvNGp8btGyyqZtJMbs7oauiBMKbdXCVbFpyqKnrFIdKOAQMbJpG719YxjQdhmpj2
QY4DZavMCfnXIB52483wyNjXiTE79fVBL3zj/uJPnOKgut0+GK29G5ZSNFvlibxm
yucCONiHQuRwXxeG9Plo3kqzOyo1v6F7Kdc2L0+d13xJjsn+iQgdCxmCWnVehbkW
XnOnlEGHVgIWwLeN6BnYIm2L9M7fE8zwvI2E2QAZQw==
=Yq8g
-----END PGP MESSAGE-----

I would be happy if someone could provide a way to encrypt message through Electrum as well.


sr. member
Activity: 505
Merit: 270
Don't Trust, Verify
Funny, I hope I did it right

I got an error message saying, "Dencryption failed: no integrity protection (MDC)" but was able to force decryption.  I could read it, so that's good enough for me. Smiley
it is rare that it gave you an error, I like this PGP thread, I have been doing tests generate a private and public key for me, I did several tests with my public key and decrypt the PGP without problems
More threads like this are needed Wink
Thanks for the PGP encryption lesson
hero member
Activity: 2492
Merit: 542
Finally I did it I thought the process is very complicated but Im wrong its pretty easy its my first time to encrypt message thanks Og this is really useful I learn something new today btw I hope I did it right lol heres mine:

Quote
-----BEGIN PGP MESSAGE-----

hQEMA6M4xhfeZuZWAQf9GlFHEbCurYjQoKLGW3QXXKHZjz5ErQpexSl9bECDEjQ8
Y/i/pAtzABJ4XOYmqUW6+U4WryT6TSIkbkjRaspymiCd9URPsPcBnfqsaohoeV2c
BpFmdrfyrvft0adDe3qXdrYElAYprlbyeuxQcE68IIC60owo9J2bEtO0n5n1ZrYa
jKgJ5UZJng/LEs7a+8TzUkQ599iFtjidW4M8pmD9xeJ8KajbA7i99tE+dZ6eKNl3
dIESjJc6D4pN6ibeXV7NULF0hxwx/uwrPvKEkYIITb2zzLKXptiB99+1Y0cfarZe
fNp8HQejnICh1qmizH53V8EDWDYSqEcyDVIOhjFb6dJzAcVSAmWp5xjq9un1+ksQ
Jncd1ul7ftZnDdKvf23LDyLkcG8nmL0aIUQDyrq2tFrsMrIm0UjcfqEAY2PFIULc
o+7kFtPeuZjiU9YQ8DhNVyhsBbC8lOpk6d3o+TGiW6mkUMmz98lr4i9Th1s222xy
kHUkoQ==
=h6Pb
-----END PGP MESSAGE-----


legendary
Activity: 1904
Merit: 1563
@Yogee, nope. I tried finding an alternative but it's kinda confusing for me since there are lots key server scattered on the internet and I don't know whether the key server is legitimate and supported by Kleopatra.

Besides, you can still make use of the encryption/decryption function inside the certificate manager (Kleopatra) without checking your public key on a key server.
sr. member
Activity: 1554
Merit: 413
Have you gone past the 502 error gateway Maus0728?
legendary
Activity: 1904
Merit: 1563
@OgNasty, here is my message! I think I've done it right.

Code:
-----BEGIN PGP MESSAGE-----

hQEMA6M4xhfeZuZWAQf9EDQ+il4XHsoCDJE8IK2ho9+Fr3WRKPMkZy99mjbX1zhn
Rpil1OLQKii7IMG3i1xFyu6HZkbc3SQKjKNKOQ/hOwgy1NUQAf2F6gm8L5YU6ckF
bCikJXnfDTFami06Zsl+5F4924D6L7yV22FVbkhZv5uwZKfHzCwCq9QKah9VWy4b
S9oZseOKLQyb5bn+XPjskyBfyjQok/Fp4PNZVF4Sjrmq4tD7DMkWqZryQqmXZWRo
9tIbzoK8UMygpqiJK1MWoOnmbftEEso9iYvrjWcgh8TAykE8l02f/SrIWA4M6G82
ij4eUJIVmReJCbMd/vFC+/uWathFfr4+zl3+V3stnNK2AbNOWt4dkBebjJgNSrTr
PQNu/TnarYCbOAoNJaFy4c+EaUog/XoTvL5pB7saZeu+Im3FDwtDpKGBhKndV9o+
PadaUdgTqZ/zNZySy+vh3cbQYn8sObwPMtIeZMl8A0EBG+RV+s15E+qMWNyF3/Kw
mKg/id2YccBGH0Vbho4aHyzS4mJm6GF/deQbp/QKaiNOnt9E/Py9f78EkLjw/kjU
le+iV5bwI6rqmP4N1qxLT/PaeY1UgfE=
=MXnw
-----END PGP MESSAGE-----

donator
Activity: 4760
Merit: 4323
Leading Crypto Sports Betting & Casino Platform
Funny, I hope I did it right

I got an error message saying, "Dencryption failed: no integrity protection (MDC)" but was able to force decryption.  I could read it, so that's good enough for me. Smiley
full member
Activity: 186
Merit: 253
Similar to BlackHatCoiner, I've never used PGP in the past, except for verifying Electrum.

This is my message Grin

Code:
-----BEGIN PGP MESSAGE-----

hQEMA6M4xhfeZuZWAQgArxLW0gxX/QRCxpR62ZocyZCWOvZ6VfU1QGUp/derd0Zb
X+q13XD7/I5lTRPxVhzFe4Lwp734phhp0ZjVCI04vhi7cMDPtsiFMk7YhkBFblvN
0NHmEz5w+qEdr79wXe7tKLxgkf8b9wKpzr4pRagd+8dk3xQRPz1TXV+4g5VCaMR2
p92O5GrFnhJE94NukURysC4KAkFd/15TC+hT7hlWRLeRWBJiAUzRX4pLZstbAesj
6ao/d01QXrDswcCCW156GpKh8rBmSPrNpfG25qRIV7Y1OIwJ9m5pggMUnGPG8tsj
ImpjqBSwkhBjHah2vbB8oxwrPO8dKqG5CQLId2nZs9LAWwFgVUswO6q8krBQHxGA
jSLX6vKFK8h6MbuB2s92jJp6yKdGEoTAM+Xv2eUCkSPcqcDnAPfJLIa5kvF62R/V
Vl9FFfLzfUsJMWi+1buu5FBdj22FRb6EoT1U4Nx+W9pM2WxnOA1msEqFcqs18E1E
PGwrR1+Gu7m2VbYPba4kz8DC87RF4jIyxieSD0uKYQRBI6TCCfWblWF1zJM/OGNd
wONsKKJB8sSkbN5XtS8wGO8GlLc5PGHKJ89Cmem5Mr0qYA88OvV7pX7V7n5VKr0D
XHxhgOUZOzBVEgdIkx4H22FTqsiJDC04c5JGj2ZVICsAd2XW2t0I42zXv4ESZ+p7
Vc+X2xu5FYQX2nCPS/C1etD/bKlUAkKAsHyBtfE=
=h2LT
-----END PGP MESSAGE-----
member
Activity: 91
Merit: 35
Code:
-----BEGIN PGP MESSAGE-----

hQEMA6M4xhfeZuZWAQgAy7GbVDluygfUWVMRyux4afb0G98odbu1J1HMjFOPqj7v
2ITbMurVE+WCZ0fxZ1B5ZLGJjsfGhhiuh2QiI/TBuYZO8FaPeOWv0DmVCrZbC/HZ
QT18YRZ4bnfFPwEk0YX03TUYREcVOY/wEjt9AVVEW/BjUyvYuquji+hSwZrMy2Qx
OkgtM6oxPVtl73zRtDqjbSFSSwV+zyJSRrxC94ZijEzXkQFTvnc2Q/8PfQ7k5z+D
PKm4pcQ3AU1w7XA2So1+Mp0+f+XTm4PSyXMhG0fU1fdbKl36p3FFHbdvc4utsCei
9w0VP+GXaY6xFSPhdZannDSY68d+YHnjRAr+fmKFuNKDAeW1Y7a5ayQKMEtX2cX3
1w7h3wd9SugAwJWR1s3bXasmJKujkBRjm9BaLX+Ym/vPurmRvgBJg8dUtGB8Pf64
vCmSumydfkKiFl50DZYs6iGeNbRZK+PrKneICEBk+7SaDJTQvNok11ijgPgly/kR
xR1FQZWFrJ9F41FrGalvUg/QJUY=
=7ASj
-----END PGP MESSAGE-----

This is my first time setting up and working with PGP. I have definitely learnt something cool today, hopefully I've done it right. Thanks
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Although I have experience in verifying the signature of Electrum wallet I decided to create again new key pair and followed the tutorial made by @mdayonliner but this time I will be publishing it to the key server. However, I encountered some issues along the way when I was about to verify my public key on the key server even though I am sure that I clicked the "Upload Public Key To The Directory Service" and double checked it by right clicking on the PGP userID and selecting "Publish On Server"

I used the link on the tutorial and along with my fingerprint. Is there any alternative?

When I uploaded my key to a key server, the servers from Ubuntu, MIT and others all failed with the same error, though I could search for other people's keys. I uploaded mine at https://pgp.net.nz/, this key server is ran by a New Zealand domain registrar called InternetNZ. After a few hours my key mirrored to the other servers too and I could search for it there too.

I wonder how much resources it takes to run a PGP key server though. If it's a low resource thing this could be a nice project for me.

Quote
I've read an article where it says "The Death of SKS PGP Keyservers" due to people who are abusing the important public keys online.

Alas, the SKS server software being abandoned doesn't make me happy. Without maintainers a project can only run for so long Sad
legendary
Activity: 1904
Merit: 1563
Although I have experience in verifying the signature of Electrum wallet I decided to create again new key pair and followed the tutorial made by @mdayonliner but this time I will be publishing it to the key server. However, I encountered some issues along the way when I was about to verify my public key on the key server even though I am sure that I clicked the "Upload Public Key To The Directory Service" and double checked it by right clicking on the PGP userID and selecting "Publish On Server"

I used the link on the tutorial and along with my fingerprint. Is there any alternative?



I've read an article where it says "The Death of SKS PGP Keyservers" due to people who are abusing the important public keys online.

The Death of SKS PGP Keyservers, and How First Look Media is Handling It
The SKS keyserver network is dying. This has been a long time coming. The nail in SKS’s coffin came in late June when someone abused important public keys that people rely on.

sr. member
Activity: 505
Merit: 270
Don't Trust, Verify
Funny, I hope I did it right

Quote
-----BEGIN PGP MESSAGE-----
Version: BCPG C# v1.6.1.0

hQEMA6M4xhfeZuZWAQgAmmsbrg6h+HE+RzJMvAL1N9S2qaNCtt/zNcRyLoT6vT1H
r87QeEr1M/1Zw3WmqqM24rVjS2KQxA652JobDZiANJuyzk12qQEIEfn+dX1OCkKW
pVTb2OkcbUDkbSSwJH75H/kbXoq07GxIZ4LjIQkelMzkEySNaKElhxc4n42+gQvP
nZPlL8o2rqntZhMYWlRz4z4mNgIXvvcnhHkrWHv9V7IwNSUY+GxRPe95aXkWtLwS
mViDRmfnON29U6GEauvMM0kFrYPuBVRlbrocY4yGRaHYN3+tIwfCnfne9y1hGgPH
x/rczCFGaaswJh+UNUu1kl8a/yf+oMfIleP3VhBBD8lIfFe2hp2qVOkAhXZzZYiD
JNPvIXkcZu11FcLIVcCEa1T3bbIMYazObB6j+eIaX/xOIGnP50cqIWd+D0BBZgWj
omNT9OKnJLbV
=VAUA
-----END PGP MESSAGE-----
Cool
sr. member
Activity: 1106
Merit: 310
I use other software to encrypt a message or code for a website or a system so that others can't see the codes or how is it build, but I wanna try that give me time,
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
I knew how to encrypt or sign messages, but only from non-custodian wallets like electrum. How does this differ from that encryption? Why is PGP encryption needed?

PGP was originally designed so that people could send each other encrypted email without having to agree on passwords to use. Each person keeps a public key and a private key for themselves, and a short fingerprint can be derived from the public key to save space (like bitcoin addresses).

You can encrypt a message with your private key, and specify which fingerprints are allowed to decrypt your message. This data is encoded into the encrypted message which prevents people without the private key of the fingerprints from reading the contents (that is why OgNasty could not read my first message).

Think about it - if you just sent someone an encrypted text with just AES256 or something, how will you securely communicate the password that decrypts the text to the other party without compromising it? PGP solves this by not requiring you to send any secrets.

Also, I don't understand why we need a server that keeps the fingerprints (with our info, like name and email). Couldn't we just use the fingerprint of a person instead of searching the server for his name?

Key servers are convenient for importing someone's fingerprint from the internet instead of having to search for their public key (you need the public key to import a fingerprint). You could also just download the public key file yourself and import that.

Can someone proves me that he owns a fingerprint with digital signature? Because I see that you can only prove you own a public key that way.

Because a fingerprint is just a shorthand for of the public key, proving ownership of the public key also proves ownership of the fingerprint. If someone is able to sign a message from a particular PGP key, it only proves they have access to its private key. It does not prove that other people do not have access to it (sole ownership). You'd have to rely on their word for that.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
I haven't done anything with pgp in the past, except from verifying electrum's signature, so I would like to do this exercise.

@OgNasty, here's your message:
Code:
-----BEGIN PGP MESSAGE-----

hQEMA6M4xhfeZuZWAQf/TMk7cet9MeGKXtlpUk+N0aFopVYUIWTQWb1swugFmZCx
4pbciXUteVXzlmL3lufd8outUwUpEKnrK5qaxGKsgUbIVx8w+P2T6YHz76wj23Ze
lgLsRB6Q/i/w1bp860cPTV/dT3LL9lezs0payfcrwjX1+gntdvg6ghRZpbEFvm23
4e4TymZrbXklELbqTegmeTg6kpGwUkRdJDvRnsr7qk+Te5XxQh5sqEeEbYMpxccS
5wRpwD3+KDort+LXgvwpJHJSs7FIX2cp9USHXvM+Go/+0mmxlTbb19i5DDJrINKn
uGkpsf7qlW2jRG/OWr+i5X40c2ckXHpDpEx8OKTXhNK1AUhNrq+BJYUO3p4gHABE
InWg9zMZdeaSgAbg2fTD97nOuZqgZi4r3PvM3US5Ay7tJmzMgGSRvKOIAA2hjJWA
H7HeRSaRE7n/P1edjaiSJUIfA/A5qUqatU878A7m5H45BpUn3YKSGWBmCwXF6hgp
YzUC1JWN+hoyCNr/AvQmsROYX57DbA8GArCVYlgKWPkP/8crwhCv9qEnAkdxqQkU
aeO5UHXx+sLqZc8dUSQEz2ow6dlh5w==
=gm4q
-----END PGP MESSAGE-----

Things I learnt today: what is a fingerprint, pgp stands for pretty good privacy, internet society could have less scam victims if they knew about this. Although, I have some questions to ask.

I knew how to encrypt or sign messages, but only from non-custodian wallets like electrum. How does this differ from that encryption? Why is PGP encryption needed? Also, I don't understand why we need a server that keeps the fingerprints (with our info, like name and email). Couldn't we just use the fingerprint of a person instead of searching the server for his name? Can someone proves me that he owns a fingerprint with digital signature? Because I see that you can only prove you own a public key that way.

That was fun, true.
legendary
Activity: 3472
Merit: 10611
we bitcoiners can encrypt messages with the tools we already have without installing additional software. it needs AES (which all wallets have) and HMAC-SHA function which all deterministic wallets have and a public key which we can fetch from our wallet or from the person we want to send the encrypted message to.
i used OP's public key found on their profile (04e31f13f55c8bd626a32bf9ad93744e1cb3a4ec4b5efe1cce89e06687aa7bec7476ca4a343bdaf 9b5db1042966c0a8284a2e293ea7901d5284f4bd29cc6d26a40)
Code:
QklFMQIHp6o9MrhtkodROnsmHgk2KljsilF+LZN8SWyCcvpwcBV5C0eGV4wY5hU8n8YT/aSIXRdw6XpLHKbSlF/eSo1d0jNi5b3RBU0eGHItHWyoL5frJ29ffkjvPZYvIUk7KI0=

the process is known as ECIES and Electrum already has an easy to use implementation of it to encrypt and decrypt messages.


i realized that the example above can only be decrypted by OP (it needs private key) so here is an example with its private key revealed (on testnet):
Code:
private key: cR4X2irxZwFrPBY8Jz8SfjGMyAdsnvCSPjWe3GQjubEKK21v44Ye
public key: 037287e275b9b40bf8d528e215ad53f09f14cd0363125bea276e020ec6f851c310
encrypted message: QklFMQNQd6jCL8MF8AIfJQ4Acn5yQ4UEFggIWQWhMP4r2eDbjY3jkfC5Oca6B1VYGb/qvJIWzxDLWyLKzgnAAx2CjEy+V9wvkC/yr8p6QKZ7OB+v+5QDyNKCPpU1dmJMqfQ3iPo=
donator
Activity: 4760
Merit: 4323
Leading Crypto Sports Betting & Casino Platform
This exercise is fun.

I laughed at your message.  I need the user's name to be included in the message to give out merit though, which I'm dying to do.

If you can encrypt a message containing your bitcointalk username using my PGP key
Pages:
Jump to: