Bitcoin Forum>Other>Off-topic
Author

Topic: Testing PGP signatures (Read 643 times)

OpenYourEyes
full member
Activity: 238
Merit: 100
Testing PGP signatures
May 17, 2013, 07:35:20 PM
#8
Quote from: Sword Smith on May 17, 2013, 03:31:52 PM
Quote from: OpenYourEyes on May 17, 2013, 01:26:28 PM
Quote from: Sword Smith on May 17, 2013, 12:38:04 PM
Quote from: OpenYourEyes on May 17, 2013, 12:29:21 PM
Smiley They most definitely will.
What does the signature (FBF52716) mean? Is it some kind of hash of your public key and what is the best place to upload your public PGP key?
It's just the unique key ID. It allows people to search for my keys, and import them quickly.

Yours for that key is: 8FC8E099 (sometimes you may need to add 0x to the beginning of it)

In Linux you can get it by entering: gpg -k to view all your keys.
If you wanted to import mine, you could either do it manually (like you did before), or just enter gpg --recv-keys FBF52716

You can upload them to:
http://pgp.mit.edu/
https://keyserver.pgp.com/vkd/GetWelcomeScreen.event

They will eventually propagate to all PGP servers.

You can also use my key id to search for my keys on the above sites, or search by my name, username, etc.
Thanks for your help! A couple of more questions: How do I ensure that my private key stays private? Should I create it on an offline computer or are there other ways? Also, what is the best way to back it up? Should I perhaps encrypt it and then upload it to Google or Dropbox?
PGP keys that belong to average Joe, such as me and you, aren't really that interesting for attackers to get hold of, still you should keep it secure as can be though, and make sure it is protected with a secure, never, ever used before password (as all passwords should be).
That way, if someone gets hold of your keys, they'd have to know the pass phrase associated with it to do any thing with.

Using an offline computer is one way to go, but every time you want to sign/encrypt/decrypt a message, you'll have to put the file on a USB, boot up the offline computer, run PGP, put the encrypted/sign file back on the USB, and back onto you're online computer.
Worth doing for a Bitcoin wallet, but is overkill for something like this IMO, unless you are dealing with sensitive data or you are of importance.

If you want to back it up, which I suggest, you could create a QR barcode of it (best to do it offline, but can be done online like here), you could then print that and store it somewhere safe. Quite easy to import then.

I use OpenSSL on Linux to encrypt all my files, so my knowledge of Windows tools is not that great, but TrueCrypt is an option, you could then email yourself the encrypted file.

If you key ever does get compromised, you can revoke it and attach your new key to it. To do this you need to create a key revocation certificate.
This is just basically a certificate you create, store some where safe and never have to touch again, until you need to revoke it, which you do by uploading it to a PGP key server. When it sees this special certificate, it basically broadcasts a message to all key servers saying "my key is compromised, do not use or trust it, here is my new one".
Have a read of this: http://www.pgp.net/pgpnet/pgp-faq/pgp-faq-key-revocation.html


This is a great very short guide to PGP in general that helped me a lot:
http://aplawrence.com/Basics/gpg.html
Sword Smith
sr. member
Activity: 406
Merit: 286
Neptune, Scalable Privacy
Re: Testing PGP signatures
May 17, 2013, 03:31:52 PM
#7
Quote from: OpenYourEyes on May 17, 2013, 01:26:28 PM
Quote from: Sword Smith on May 17, 2013, 12:38:04 PM
Quote from: OpenYourEyes on May 17, 2013, 12:29:21 PM
Smiley They most definitely will.
What does the signature (FBF52716) mean? Is it some kind of hash of your public key and what is the best place to upload your public PGP key?
It's just the unique key ID. It allows people to search for my keys, and import them quickly.

Yours for that key is: 8FC8E099 (sometimes you may need to add 0x to the beginning of it)

In Linux you can get it by entering: gpg -k to view all your keys.
If you wanted to import mine, you could either do it manually (like you did before), or just enter gpg --recv-keys FBF52716

You can upload them to:
http://pgp.mit.edu/
https://keyserver.pgp.com/vkd/GetWelcomeScreen.event

They will eventually propagate to all PGP servers.

You can also use my key id to search for my keys on the above sites, or search by my name, username, etc.
Thanks for your help! A couple of more questions: How do I ensure that my private key stays private? Should I create it on an offline computer or are there other ways? Also, what is the best way to back it up? Should I perhaps encrypt it and then upload it to Google or Dropbox?
OpenYourEyes
full member
Activity: 238
Merit: 100
Re: Testing PGP signatures
May 17, 2013, 01:26:28 PM
#6
Quote from: Sword Smith on May 17, 2013, 12:38:04 PM
Quote from: OpenYourEyes on May 17, 2013, 12:29:21 PM
Smiley They most definitely will.
What does the signature (FBF52716) mean? Is it some kind of hash of your public key and what is the best place to upload your public PGP key?
It's just the unique key ID. It allows people to search for my keys, and import them quickly.

Yours for that key is: 8FC8E099 (sometimes you may need to add 0x to the beginning of it)

In Linux you can get it by entering: gpg -k to view all your keys.
If you wanted to import mine, you could either do it manually (like you did before), or just enter gpg --recv-keys FBF52716

You can upload them to:
http://pgp.mit.edu/
https://keyserver.pgp.com/vkd/GetWelcomeScreen.event

They will eventually propagate to all PGP servers.

You can also use my key id to search for my keys on the above sites, or search by my name, username, etc.
Sword Smith
sr. member
Activity: 406
Merit: 286
Neptune, Scalable Privacy
Re: Testing PGP signatures
May 17, 2013, 12:38:04 PM
#5
Quote from: OpenYourEyes on May 17, 2013, 12:29:21 PM
Smiley They most definitely will.
What does the signature (FBF52716) mean? Is it some kind of hash of your public key and what is the best place to upload your public PGP key?
OpenYourEyes
full member
Activity: 238
Merit: 100
Re: Testing PGP signatures
May 17, 2013, 12:29:21 PM
#4
Smiley They most definitely will.
Sword Smith
sr. member
Activity: 406
Merit: 286
Neptune, Scalable Privacy
Re: Testing PGP signatures
May 17, 2013, 12:28:25 PM
#3
-----BEGIN PGP MESSAGE-----
Version: GnuPG v2.0.20 (MingW32)

hQEMA86s4958VTYdAQf/YVJ7VOTt60X8kLku17OKBs1xSZi7OWXtVa+edllNxwps
R7rxr6zjH9dqo1mStelgpCjDSWYe0jECcDdonBHs4H7igCcbHhTqE+HuSm9WKk1t
ba/IzbDX1kcgTlW63ckK49XB9nKvhQbzWL4K/PXtetK6sN1WohlZA9bDA8+ojSzO
+bP2DjZ1nMV0cglCTQT/n3/7fq2USI8l10NVr/kq/+vt5behf7HD3edzQBobcXoa
+kvIy4Wn4787Y9wRMOxesrRb/sg73CNCBJgmHlUty974uG5jVn/iwFnHjpqG2ySG
1uj8N3oO+OlJY6yJc7JyhKzIIfwtLuFh6ab7uSHZEdKhASAzRvDCkL1ol45tszYU
0uJIArD/kNPxaxiVir7s82NKm54OnZ9Ukul8GgiDZljkiDu8rT6ZJb01H7RQtASZ
kRuN7GtfI3Zl2l3m377W6YATVW1u6kKO5bBXnOezhh9X0eybrTJ7AzbU9YUpZpju
FbN2Lb9g7ng0/1UMiKMNXSYsJ0QaTAqwm9fsakcXYePyqzkKvA0JV+j13n/GdR++
NXg=
=mm8z
-----END PGP MESSAGE-----
OpenYourEyes
full member
Activity: 238
Merit: 100
Re: Testing PGP signatures
May 17, 2013, 12:16:40 PM
#2
-----BEGIN PGP MESSAGE-----
Version: GnuPG v2.0.20 (GNU/Linux)

hQEMA7Chpuqzw9ueAQf/akQJ8wk0Xo+ZiyOgjtFFadJuT2PDluB2qd8/vuz2E+Fb
1ymlzu/nHHrGx2R4Y8DA+EuhCgqCLniGnj0sFLQdToYeF1G/HyC0C/FUWIpmilyg
SodJToogOaCtLY2M0Ea20utOntx4QpzcTLzHyUgEmye915p6ey+3HYthXMiQ/2nQ
0asrS0PngECGhJY8fAoqMq5rHV64M19PTuEbIVl7+VA5seyVGvE2vrr+5n0vqHDa
q0zt+6LfHKwfH5ecvqF0QcEH8qx4qkZ6Zva5l1E55QdkUi5Yvf0LV4Ss6PHvwHPW
q9CQlWlf/fC0AWww2+fXy0kL49vJZfDcNfYZFmpJINJTAVOquuOSOAs8jnTEo/Ug
lNE1IqJoaePAEs7voP7DX3rEXKpVqb/6j4JE4rIAyeF09M8Hpyzbh0Xq534sWi8U
SCd399ULF0XDjSDW+t1kTChNTMQ=
=gNFM
-----END PGP MESSAGE-----


If you want to try an encrypted one back see sig.
Sword Smith
sr. member
Activity: 406
Merit: 286
Neptune, Scalable Privacy
Re: Testing PGP signatures
May 17, 2013, 09:31:47 AM
#1
Hi! I am new to the PGP encryption and I would like to check it out. Could you please post a reply encrypted with my public PGP key which I link to in my signature?
Bitcoin Forum>Other>Off-topic
Jump to: