Topic: [Merit] Hey Bitcoiners! Can You Send Encrypted Messages? - page 25. (Read 11729 times)

You both seem to have made a mistake.  I'm getting an error that your messages are for an unknown recipient, which I think most likely means you used your own key to encrypt the message, not mine.

I created different site.
https://www.igolder.com/pgp/generate-key/
https://www.igolder.com/PGP/encryption/
https://www.igolder.com/PGP/decryption/

I’ve never used this before besides verifying Electrum, and kind of played around finding @Ognasty’s certificate on the server beforehand. There are three potential entries there (which does not mean they are really his), so I’m not sure if I’ve used the correct one, since I imported a couple of them.


I’d just like to know (no merits) if I used the correct one. It seems so, since all valid signed messages contain the same prefix (and using the other imported certificate renders a different prefix). Prefix (first few characters) are the header, and include:
(I’ve used https://www.lirnberger.com/tools/pgpdump/ to see the header info).

Finally done !

I was trying to encrypt message through electrum but eventually failed. So at last I had to download kelopatra for encrypting the message.

Here's my encrypted message @OgNasty


I would be happy if someone could provide a way to encrypt message through Electrum as well.

it is rare that it gave you an error, I like this PGP thread, I have been doing tests generate a private and public key for me, I did several tests with my public key and decrypt the PGP without problems
More threads like this are needed
Thanks for the PGP encryption lesson

Finally I did it I thought the process is very complicated but Im wrong its pretty easy its my first time to encrypt message thanks Og this is really useful I learn something new today btw I hope I did it right lol heres mine:

@Yogee, nope. I tried finding an alternative but it's kinda confusing for me since there are lots key server scattered on the internet and I don't know whether the key server is legitimate and supported by Kleopatra.

Besides, you can still make use of the encryption/decryption function inside the certificate manager (Kleopatra) without checking your public key on a key server.

Have you gone past the 502 error gateway Maus0728?

@OgNasty, here is my message! I think I've done it right.

I got an error message saying, "Dencryption failed: no integrity protection (MDC)" but was able to force decryption.  I could read it, so that's good enough for me.

Similar to BlackHatCoiner, I've never used PGP in the past, except for verifying Electrum.

This is my message

This is my first time setting up and working with PGP. I have definitely learnt something cool today, hopefully I've done it right. Thanks

When I uploaded my key to a key server, the servers from Ubuntu, MIT and others all failed with the same error, though I could search for other people's keys. I uploaded mine at https://pgp.net.nz/, this key server is ran by a New Zealand domain registrar called InternetNZ. After a few hours my key mirrored to the other servers too and I could search for it there too.

I wonder how much resources it takes to run a PGP key server though. If it's a low resource thing this could be a nice project for me.


Alas, the SKS server software being abandoned doesn't make me happy. Without maintainers a project can only run for so long

Although I have experience in verifying the signature of Electrum wallet I decided to create again new key pair and followed the tutorial made by @mdayonliner but this time I will be publishing it to the key server. However, I encountered some issues along the way when I was about to verify my public key on the key server even though I am sure that I clicked the "Upload Public Key To The Directory Service" and double checked it by right clicking on the PGP userID and selecting "Publish On Server"

I used the link on the tutorial and along with my fingerprint. Is there any alternative?



I've read an article where it says "The Death of SKS PGP Keyservers" due to people who are abusing the important public keys online.

Funny, I hope I did it right

I use other software to encrypt a message or code for a website or a system so that others can't see the codes or how is it build, but I wanna try that give me time,

PGP was originally designed so that people could send each other encrypted email without having to agree on passwords to use. Each person keeps a public key and a private key for themselves, and a short fingerprint can be derived from the public key to save space (like bitcoin addresses).

You can encrypt a message with your private key, and specify which fingerprints are allowed to decrypt your message. This data is encoded into the encrypted message which prevents people without the private key of the fingerprints from reading the contents (that is why OgNasty could not read my first message).

Think about it - if you just sent someone an encrypted text with just AES256 or something, how will you securely communicate the password that decrypts the text to the other party without compromising it? PGP solves this by not requiring you to send any secrets.


Key servers are convenient for importing someone's fingerprint from the internet instead of having to search for their public key (you need the public key to import a fingerprint). You could also just download the public key file yourself and import that.


Because a fingerprint is just a shorthand for of the public key, proving ownership of the public key also proves ownership of the fingerprint. If someone is able to sign a message from a particular PGP key, it only proves they have access to its private key. It does not prove that other people do not have access to it (sole ownership). You'd have to rely on their word for that.

I haven't done anything with pgp in the past, except from verifying electrum's signature, so I would like to do this exercise.

@OgNasty, here's your message:

Things I learnt today: what is a fingerprint, pgp stands for pretty good privacy, internet society could have less scam victims if they knew about this. Although, I have some questions to ask.

I knew how to encrypt or sign messages, but only from non-custodian wallets like electrum. How does this differ from that encryption? Why is PGP encryption needed? Also, I don't understand why we need a server that keeps the fingerprints (with our info, like name and email). Couldn't we just use the fingerprint of a person instead of searching the server for his name? Can someone proves me that he owns a fingerprint with digital signature? Because I see that you can only prove you own a public key that way.

That was fun, true.

we bitcoiners can encrypt messages with the tools we already have without installing additional software. it needs AES (which all wallets have) and HMAC-SHA function which all deterministic wallets have and a public key which we can fetch from our wallet or from the person we want to send the encrypted message to.
i used OP's public key found on their profile (04e31f13f55c8bd626a32bf9ad93744e1cb3a4ec4b5efe1cce89e06687aa7bec7476ca4a343bdaf 9b5db1042966c0a8284a2e293ea7901d5284f4bd29cc6d26a40)

the process is known as ECIES and Electrum already has an easy to use implementation of it to encrypt and decrypt messages.

---

i realized that the example above can only be decrypted by OP (it needs private key) so here is an example with its private key revealed (on testnet):

I laughed at your message.  I need the user's name to be included in the message to give out merit though, which I'm dying to do.