Topic: Recording my PGP key on the forum (Read 198 times)
Can anyone provide me a reliable article or video link to understand the working of PGP keys ? I want it to use for daily email communication
Alright, I'll try to address those issues:
Code:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
This key is owned by RGBKey, user 182468 on bitcointalk.org
-----BEGIN PGP SIGNATURE-----
iHUEARYIAB0WIQSr4tyZfCIzASqG2L5m8bbJVoipQwUCWufiJwAKCRBm8bbJVoip
Q8fHAP9l5o+eJtr4BI8eMMkmDotI8O1T2MJ2jVpfA7cRaC8QRAEAwmTzBCasKtOb
72/mJtL7DEX0eCAfRX/BqylPi2Y5Fgc=
=qNyB
-----END PGP SIGNATURE-----
Hash: SHA256
This key is owned by RGBKey, user 182468 on bitcointalk.org
-----BEGIN PGP SIGNATURE-----
iHUEARYIAB0WIQSr4tyZfCIzASqG2L5m8bbJVoipQwUCWufiJwAKCRBm8bbJVoip
Q8fHAP9l5o+eJtr4BI8eMMkmDotI8O1T2MJ2jVpfA7cRaC8QRAEAwmTzBCasKtOb
72/mJtL7DEX0eCAfRX/BqylPi2Y5Fgc=
=qNyB
-----END PGP SIGNATURE-----
Quoted and verified it for myself.
By the way, figure it out @RGBKey
Code:
-----BEGIN PGP MESSAGE-----
hF4D7N/vvhTnpXwSAQdANMRpBBeeYP+Duz/5oRcp9iLglN3JQrb8ep0pfAa7sB0w
eyhQb7+NSjVCwUWGbdDglV9+wfFE+hjLPwzxZFRO2IQRfME383viDryvXxpzYj6U
0sBOAUy6l1tkzrqNgkmVzgf8VxaI6hrmWTL09m8KP14ZcwSy+sythSuS8YXTGW4T
vLlKQR1li0/Uk2JZGsMdJjHe9wbIbWXrO5HLmpF5iCstcWTsXmO3mNRNlNEQvcWO
TEny7HTx5rV862iN79XdBKs7FoHEIIwj+yFU86KvUv7W2W9wTIbBcLp5EYU5ujVC
6WF4F0Vi9eUcR28T3WcnsEgpPAGgNILLv5soUZikeWY9ZXZym5XFbYaLrVurwqGC
XLlfGE09eLe1HUExteoERTdzCFTxVzyeudRWCq08Sh8JHYW9C5OrWqau2eSL8J0d
8qikLA3n0wxu8ck0CFW6Pg0r9BoJt4nPgHywTaKh7pZG
=/VE0
-----END PGP MESSAGE-----
hF4D7N/vvhTnpXwSAQdANMRpBBeeYP+Duz/5oRcp9iLglN3JQrb8ep0pfAa7sB0w
eyhQb7+NSjVCwUWGbdDglV9+wfFE+hjLPwzxZFRO2IQRfME383viDryvXxpzYj6U
0sBOAUy6l1tkzrqNgkmVzgf8VxaI6hrmWTL09m8KP14ZcwSy+sythSuS8YXTGW4T
vLlKQR1li0/Uk2JZGsMdJjHe9wbIbWXrO5HLmpF5iCstcWTsXmO3mNRNlNEQvcWO
TEny7HTx5rV862iN79XdBKs7FoHEIIwj+yFU86KvUv7W2W9wTIbBcLp5EYU5ujVC
6WF4F0Vi9eUcR28T3WcnsEgpPAGgNILLv5soUZikeWY9ZXZym5XFbYaLrVurwqGC
XLlfGE09eLe1HUExteoERTdzCFTxVzyeudRWCq08Sh8JHYW9C5OrWqau2eSL8J0d
8qikLA3n0wxu8ck0CFW6Pg0r9BoJt4nPgHywTaKh7pZG
=/VE0
-----END PGP MESSAGE-----
Alright, I'll try to address those issues:
There's a signed message proving that the owner of the key and the person controlling this forum account at least are the same person. To try to more widely establish my name, I've also hosted my public key at https://rgbkey.github.io/pgp.txt. That site has been used by me for years as a platform for my provable fairness verification tools and is under a github account separate from the forum. Additionally I've changed my personal text to reflect that full key instead of a short, insecure fingerprint (thanks nullius).
As I am just a nym as nullius also mentioned, if requested I could provide proof as the account RGBKey on the sites that I've been known to be on (just-dice, yolodice, primedice, etc.)
Code:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
This key is owned by RGBKey, user 182468 on bitcointalk.org
-----BEGIN PGP SIGNATURE-----
iHUEARYIAB0WIQSr4tyZfCIzASqG2L5m8bbJVoipQwUCWufiJwAKCRBm8bbJVoip
Q8fHAP9l5o+eJtr4BI8eMMkmDotI8O1T2MJ2jVpfA7cRaC8QRAEAwmTzBCasKtOb
72/mJtL7DEX0eCAfRX/BqylPi2Y5Fgc=
=qNyB
-----END PGP SIGNATURE-----
Hash: SHA256
This key is owned by RGBKey, user 182468 on bitcointalk.org
-----BEGIN PGP SIGNATURE-----
iHUEARYIAB0WIQSr4tyZfCIzASqG2L5m8bbJVoipQwUCWufiJwAKCRBm8bbJVoip
Q8fHAP9l5o+eJtr4BI8eMMkmDotI8O1T2MJ2jVpfA7cRaC8QRAEAwmTzBCasKtOb
72/mJtL7DEX0eCAfRX/BqylPi2Y5Fgc=
=qNyB
-----END PGP SIGNATURE-----
There's a signed message proving that the owner of the key and the person controlling this forum account at least are the same person. To try to more widely establish my name, I've also hosted my public key at https://rgbkey.github.io/pgp.txt. That site has been used by me for years as a platform for my provable fairness verification tools and is under a github account separate from the forum. Additionally I've changed my personal text to reflect that full key instead of a short, insecure fingerprint (thanks nullius).
As I am just a nym as nullius also mentioned, if requested I could provide proof as the account RGBKey on the sites that I've been known to be on (just-dice, yolodice, primedice, etc.)
Quoted below as requested. But the important part is to establish a fingerprint which people can check. The fingerprint I observe is: 0xABE2DC997C2233012A86D8BE66F1B6C95688A943
Archival link changed to https: https://archive.li/ZabYw ...and .onion, for Tor users: http://archivecaslytosk.onion/ZabYw
Edit: Archive of this post (and the rest of the thread): https://web.archive.org/web/20180424215333/https://bitcointalk.org/index.php?topic=3323999.msg35510465#msg35510465
I agree with that assessment. I see that you use Ed25519, which I also currently use for my identity key.
(Aside: I am disappointed that the current draft in the process to revise RFC 4880 does not specify anything stronger, such as Ed448-Goldilocks. I should probably do something about that. It does prospectively specify Ed25519/Curve25519 as OpenPGP standard.)
This is always problematic for someone who exists as a nym. How would you propose binding 0xABE2DC997C2233012A86D8BE66F1B6C95688A943 to “RGBKey” and the given e-mail address? It’s not as if you would be flashing state-issued ID documents at me. I think that some level of TOFU is necessary in these situations. For my part, I have simply tried to spread my PGP fingerprint anywhere I can (forum post sigs, sigs in mailing list archives, etc., etc.).
As it stands, all I know is that somebody with sufficient Bitcointalk.org access to create a forum post as #182468 claims that key unidirectionally. This could hypothetically include forum admins, blackhats, Cloudflare, the NSA... There is no cryptographic binding of identity, and there can’t be, insofar as you may have no other cryptographic anchor to which to bind. If you have a long-established, widely-published Bitcoin address, an X.509 certificate (LOL, CAs), or some other form of public-key crypto more or less strongly linked to “RGBKey”, that could be helpful.
The (weak) binding of forum uid #182468 → PGP key is unidirectional; I see no statement signed by the key, claiming uid #182468 “RGBKey”. This is typically resolved with a clearsigned statement acknowledging the identity. But if the Bitcoin Forum is especially important to your identity, you may want to instead add a PGP userid to your key specifying your forum identity. All userids must be certified by your (C) key to be valid. I added that to my key last month; please have a look:
Archival link changed to https: https://archive.li/ZabYw ...and .onion, for Tor users: http://archivecaslytosk.onion/ZabYw
Edit: Archive of this post (and the rest of the thread): https://web.archive.org/web/20180424215333/https://bitcointalk.org/index.php?topic=3323999.msg35510465#msg35510465
It is an ECC key, which I believe is currently the best (or at least better than standard) key type to use.
I agree with that assessment. I see that you use Ed25519, which I also currently use for my identity key.
(Aside: I am disappointed that the current draft in the process to revise RFC 4880 does not specify anything stronger, such as Ed448-Goldilocks. I should probably do something about that. It does prospectively specify Ed25519/Curve25519 as OpenPGP standard.)
If any established forum members would like to attempt to verify that I am who I say I am and sign my key, I would appreciate it.
This is always problematic for someone who exists as a nym. How would you propose binding 0xABE2DC997C2233012A86D8BE66F1B6C95688A943 to “RGBKey” and the given e-mail address? It’s not as if you would be flashing state-issued ID documents at me. I think that some level of TOFU is necessary in these situations. For my part, I have simply tried to spread my PGP fingerprint anywhere I can (forum post sigs, sigs in mailing list archives, etc., etc.).
As it stands, all I know is that somebody with sufficient Bitcointalk.org access to create a forum post as #182468 claims that key unidirectionally. This could hypothetically include forum admins, blackhats, Cloudflare, the NSA... There is no cryptographic binding of identity, and there can’t be, insofar as you may have no other cryptographic anchor to which to bind. If you have a long-established, widely-published Bitcoin address, an X.509 certificate (LOL, CAs), or some other form of public-key crypto more or less strongly linked to “RGBKey”, that could be helpful.
If I've missed anything here, please let me know.
The (weak) binding of forum uid #182468 → PGP key is unidirectional; I see no statement signed by the key, claiming uid #182468 “RGBKey”. This is typically resolved with a clearsigned statement acknowledging the identity. But if the Bitcoin Forum is especially important to your identity, you may want to instead add a PGP userid to your key specifying your forum identity. All userids must be certified by your (C) key to be valid. I added that to my key last month; please have a look:
Hey folks,
I've been a longstanding advocate of encryption, but I've come to realize that I don't really have an established PGP key to use for communications here. I've just created a new one (I created one ~4 years ago and have since lost it) and I'm going to publish it here and record it. I would greatly appreciate it if a few (please don't go too overboard) people would quote this post to establish it. I will also use archive.is to record this post and post it in a follow-up reply.
Here is my key:
It is an ECC key, which I believe is currently the best (or at least better than standard) key type to use.
I've also published it to MIT's keyserver.
If any established forum members would like to attempt to verify that I am who I say I am and sign my key, I would appreciate it.
If I've missed anything here, please let me know.
I've been a longstanding advocate of encryption, but I've come to realize that I don't really have an established PGP key to use for communications here. I've just created a new one (I created one ~4 years ago and have since lost it) and I'm going to publish it here and record it. I would greatly appreciate it if a few (please don't go too overboard) people would quote this post to establish it. I will also use archive.is to record this post and post it in a follow-up reply.
Here is my key:
Code:
-----BEGIN PGP PUBLIC KEY BLOCK-----
mDMEWtLazxYJKwYBBAHaRw8BAQdAgX5FwRIX6Vjq4cGZmrufz1/9PMBx40DcdTeD
Yw2P2Ry0GVJHQktleSA8cmdia2V5QGdtYWlsLmNvbT6IkAQTFggAOBYhBKvi3Jl8
IjMBKobYvmbxtslWiKlDBQJa0trPAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheA
AAoJEGbxtslWiKlDDF8BAOMjI3HkUOpMU1/qiFixKqB9DywR6WLtq/gO/1FuglFo
AQCK6+OKONT+dCxGRZShrolXpCd1hhGXWhkPU9yj5mvlCbg4BFrS2s8SCisGAQQB
l1UBBQEBB0A6iXCX3Rvd8SWXxDuqd8CFL1jtD7IeUaSlVEmx8OSAQgMBCAeIeAQY
FggAIBYhBKvi3Jl8IjMBKobYvmbxtslWiKlDBQJa0trPAhsMAAoJEGbxtslWiKlD
iGgBAILE2I8JZs2EVEtQiEVLi0/gZ7Mb5+/VIG7GAkmRsWV3AQD1pHktwUWF1i6G
Y4g5j275O69cp2muXydlsBr8fIXlBQ==
=CmTR
-----END PGP PUBLIC KEY BLOCK-----
mDMEWtLazxYJKwYBBAHaRw8BAQdAgX5FwRIX6Vjq4cGZmrufz1/9PMBx40DcdTeD
Yw2P2Ry0GVJHQktleSA8cmdia2V5QGdtYWlsLmNvbT6IkAQTFggAOBYhBKvi3Jl8
IjMBKobYvmbxtslWiKlDBQJa0trPAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheA
AAoJEGbxtslWiKlDDF8BAOMjI3HkUOpMU1/qiFixKqB9DywR6WLtq/gO/1FuglFo
AQCK6+OKONT+dCxGRZShrolXpCd1hhGXWhkPU9yj5mvlCbg4BFrS2s8SCisGAQQB
l1UBBQEBB0A6iXCX3Rvd8SWXxDuqd8CFL1jtD7IeUaSlVEmx8OSAQgMBCAeIeAQY
FggAIBYhBKvi3Jl8IjMBKobYvmbxtslWiKlDBQJa0trPAhsMAAoJEGbxtslWiKlD
iGgBAILE2I8JZs2EVEtQiEVLi0/gZ7Mb5+/VIG7GAkmRsWV3AQD1pHktwUWF1i6G
Y4g5j275O69cp2muXydlsBr8fIXlBQ==
=CmTR
-----END PGP PUBLIC KEY BLOCK-----
It is an ECC key, which I believe is currently the best (or at least better than standard) key type to use.
I've also published it to MIT's keyserver.
If any established forum members would like to attempt to verify that I am who I say I am and sign my key, I would appreciate it.
If I've missed anything here, please let me know.
-snip-
Who do you say you are?
Who do you say you are?
RGBKey
Edit: I've uploaded a text file to my github pages website which hosts all my verifiers. It can be found here https://rgbkey.github.io/pgp.txt
Hey folks,
I've been a longstanding advocate of encryption, but I've come to realize that I don't really have an established PGP key to use for communications here. I've just created a new one (I created one ~4 years ago and have since lost it) and I'm going to publish it here and record it. I would greatly appreciate it if a few (please don't go too overboard) people would quote this post to establish it. I will also use archive.is to record this post and post it in a follow-up reply.
Here is my key:
It is an ECC key, which I believe is currently the best (or at least better than standard) key type to use.
I've also published it to MIT's keyserver.
If any established forum members would like to attempt to verify that I am who I say I am and sign my key, I would appreciate it.
If I've missed anything here, please let me know.
I've been a longstanding advocate of encryption, but I've come to realize that I don't really have an established PGP key to use for communications here. I've just created a new one (I created one ~4 years ago and have since lost it) and I'm going to publish it here and record it. I would greatly appreciate it if a few (please don't go too overboard) people would quote this post to establish it. I will also use archive.is to record this post and post it in a follow-up reply.
Here is my key:
Code:
-----BEGIN PGP PUBLIC KEY BLOCK-----
mDMEWtLazxYJKwYBBAHaRw8BAQdAgX5FwRIX6Vjq4cGZmrufz1/9PMBx40DcdTeD
Yw2P2Ry0GVJHQktleSA8cmdia2V5QGdtYWlsLmNvbT6IkAQTFggAOBYhBKvi3Jl8
IjMBKobYvmbxtslWiKlDBQJa0trPAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheA
AAoJEGbxtslWiKlDDF8BAOMjI3HkUOpMU1/qiFixKqB9DywR6WLtq/gO/1FuglFo
AQCK6+OKONT+dCxGRZShrolXpCd1hhGXWhkPU9yj5mvlCbg4BFrS2s8SCisGAQQB
l1UBBQEBB0A6iXCX3Rvd8SWXxDuqd8CFL1jtD7IeUaSlVEmx8OSAQgMBCAeIeAQY
FggAIBYhBKvi3Jl8IjMBKobYvmbxtslWiKlDBQJa0trPAhsMAAoJEGbxtslWiKlD
iGgBAILE2I8JZs2EVEtQiEVLi0/gZ7Mb5+/VIG7GAkmRsWV3AQD1pHktwUWF1i6G
Y4g5j275O69cp2muXydlsBr8fIXlBQ==
=CmTR
-----END PGP PUBLIC KEY BLOCK-----
mDMEWtLazxYJKwYBBAHaRw8BAQdAgX5FwRIX6Vjq4cGZmrufz1/9PMBx40DcdTeD
Yw2P2Ry0GVJHQktleSA8cmdia2V5QGdtYWlsLmNvbT6IkAQTFggAOBYhBKvi3Jl8
IjMBKobYvmbxtslWiKlDBQJa0trPAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheA
AAoJEGbxtslWiKlDDF8BAOMjI3HkUOpMU1/qiFixKqB9DywR6WLtq/gO/1FuglFo
AQCK6+OKONT+dCxGRZShrolXpCd1hhGXWhkPU9yj5mvlCbg4BFrS2s8SCisGAQQB
l1UBBQEBB0A6iXCX3Rvd8SWXxDuqd8CFL1jtD7IeUaSlVEmx8OSAQgMBCAeIeAQY
FggAIBYhBKvi3Jl8IjMBKobYvmbxtslWiKlDBQJa0trPAhsMAAoJEGbxtslWiKlD
iGgBAILE2I8JZs2EVEtQiEVLi0/gZ7Mb5+/VIG7GAkmRsWV3AQD1pHktwUWF1i6G
Y4g5j275O69cp2muXydlsBr8fIXlBQ==
=CmTR
-----END PGP PUBLIC KEY BLOCK-----
It is an ECC key, which I believe is currently the best (or at least better than standard) key type to use.
I've also published it to MIT's keyserver.
If any established forum members would like to attempt to verify that I am who I say I am and sign my key, I would appreciate it.
If I've missed anything here, please let me know.
Who do you say you are?
Here is the archive link: http://archive.li/ZabYw
Hey folks,
I've been a longstanding advocate of encryption, but I've come to realize that I don't really have an established PGP key to use for communications here. I've just created a new one (I created one ~4 years ago and have since lost it) and I'm going to publish it here and record it. I would greatly appreciate it if a few (please don't go too overboard) people would quote this post to establish it. I will also use archive.is to record this post and post it in a follow-up reply.
Here is my key:
It is an ECC key, which I believe is currently the best (or at least better than standard) key type to use.
I've also published it to MIT's keyserver.
If any established forum members would like to attempt to verify that I am who I say I am and sign my key, I would appreciate it.
If I've missed anything here, please let me know.
I've been a longstanding advocate of encryption, but I've come to realize that I don't really have an established PGP key to use for communications here. I've just created a new one (I created one ~4 years ago and have since lost it) and I'm going to publish it here and record it. I would greatly appreciate it if a few (please don't go too overboard) people would quote this post to establish it. I will also use archive.is to record this post and post it in a follow-up reply.
Here is my key:
Code:
-----BEGIN PGP PUBLIC KEY BLOCK-----
mDMEWtLazxYJKwYBBAHaRw8BAQdAgX5FwRIX6Vjq4cGZmrufz1/9PMBx40DcdTeD
Yw2P2Ry0GVJHQktleSA8cmdia2V5QGdtYWlsLmNvbT6IkAQTFggAOBYhBKvi3Jl8
IjMBKobYvmbxtslWiKlDBQJa0trPAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheA
AAoJEGbxtslWiKlDDF8BAOMjI3HkUOpMU1/qiFixKqB9DywR6WLtq/gO/1FuglFo
AQCK6+OKONT+dCxGRZShrolXpCd1hhGXWhkPU9yj5mvlCbg4BFrS2s8SCisGAQQB
l1UBBQEBB0A6iXCX3Rvd8SWXxDuqd8CFL1jtD7IeUaSlVEmx8OSAQgMBCAeIeAQY
FggAIBYhBKvi3Jl8IjMBKobYvmbxtslWiKlDBQJa0trPAhsMAAoJEGbxtslWiKlD
iGgBAILE2I8JZs2EVEtQiEVLi0/gZ7Mb5+/VIG7GAkmRsWV3AQD1pHktwUWF1i6G
Y4g5j275O69cp2muXydlsBr8fIXlBQ==
=CmTR
-----END PGP PUBLIC KEY BLOCK-----
mDMEWtLazxYJKwYBBAHaRw8BAQdAgX5FwRIX6Vjq4cGZmrufz1/9PMBx40DcdTeD
Yw2P2Ry0GVJHQktleSA8cmdia2V5QGdtYWlsLmNvbT6IkAQTFggAOBYhBKvi3Jl8
IjMBKobYvmbxtslWiKlDBQJa0trPAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheA
AAoJEGbxtslWiKlDDF8BAOMjI3HkUOpMU1/qiFixKqB9DywR6WLtq/gO/1FuglFo
AQCK6+OKONT+dCxGRZShrolXpCd1hhGXWhkPU9yj5mvlCbg4BFrS2s8SCisGAQQB
l1UBBQEBB0A6iXCX3Rvd8SWXxDuqd8CFL1jtD7IeUaSlVEmx8OSAQgMBCAeIeAQY
FggAIBYhBKvi3Jl8IjMBKobYvmbxtslWiKlDBQJa0trPAhsMAAoJEGbxtslWiKlD
iGgBAILE2I8JZs2EVEtQiEVLi0/gZ7Mb5+/VIG7GAkmRsWV3AQD1pHktwUWF1i6G
Y4g5j275O69cp2muXydlsBr8fIXlBQ==
=CmTR
-----END PGP PUBLIC KEY BLOCK-----
It is an ECC key, which I believe is currently the best (or at least better than standard) key type to use.
I've also published it to MIT's keyserver.
If any established forum members would like to attempt to verify that I am who I say I am and sign my key, I would appreciate it.
If I've missed anything here, please let me know.
Jump to: