Bitcoin Forum>Economy>Trading Discussion>Reputation
Pages:
Author

Topic: The BCT PGP/GPG Public Key Database: Stake Your PGP Key Here - page 4. (Read 66293 times)

nullius
copper member
Activity: 630
Merit: 2610
If you don’t do PGP, you don’t do crypto!
Re: The BCT PGP/GPG Public Key Database: Stake Your PGP Key Here
March 15, 2020, 04:53:18 PM
#446
Everybody who is debating over Ploni’s key is missing the point.

An OpenPGP userid is itself a digitally signed statement.  Ploni’s key (and indeed, every valid OpenPGP key) also contains within itself several other important digital signatures, which prevent attacks that the people arguing with me are too ignorant to even think of.

nutildah and dragonvslinux are stating misinformation that effectually FUDs the security of OpenPGP standard.  DireWolfM14 seemed to get it, but then just had to get in a dig at me—oops, wrong, too.  Everything that PrimeNumber7 said was technically correct; but he seemed to only be replying to the last post (please check the prior context).




Quote from: nutildah on March 15, 2020, 12:14:17 AM
Quote from: nullius on March 12, 2020, 07:21:15 PM
His key is a work of art.

 Roll Eyes Roll Eyes Roll Eyes Roll Eyes Roll Eyes

If that is a fancy means of saying, “TL;DR”, here is the TL;DR:

Quote from: nutildah on March 15, 2020, 12:14:17 AM
I did import the key and noticed that, but its still not the same thing as providing a signature along with the key. It is extremely compelling rationale that the public key belongs to this user but there is no substitution for producing a signature from the corresponding private key.

Wrong.  The PGP certificate contains a digital signature from the corresponding private key.  I explained this at length; and as I noted:

Quote from: nullius on March 12, 2020, 07:21:15 PM
The signature is required.

I am all for the proper use of digital signatures.  That cause is not helped by misinformation which, on your part, seems to be motivated by a desire to personally oppose me.

The statement claiming a forum uid is digitally signed.  What other digital signatures do you want?  Perhaps a demonstration that Ploni can actually sign with his signing subkey—with any and all signing subkey(s)?  That would prevent Ploni from adding e.g. Satoshi’s public key to his public PGP certificate as a signing subkey, even though he couldn’t sign with it.  Such mischief may be of very limited use to fool people who don’t understand any more about PGP than you evidently do, or for some oddball attacks in scenarios not relevant here; it seems that should be trivial to do that with some custom programming to wrangle PGP packets, yes?

I doubt that you even thought that far:  Indeed, if somebody were to make multiple different signing subkeys and present a signed statement from only one of them, I doubt that you would even notice.  But even if you thought of this, the architects of the OpenPGP standard are still way ahead of you:  The primary (certification) key and each signing subkey MUST digitally sign each other.  And in Ploni’s case, they indeed did so:

Code:
$ gpg -v -v < ploni.asc 2>&1 | less
[...]
# off=937 ctb=b8 tag=14 hlen=2 plen=51
:public sub key packet:
        version 4, algo 22, created 1583879873, expires 0
        pkey[0]: [80 bits] ed25519 (1.3.6.1.4.1.11591.15.1)
        pkey[1]: [263 bits]
        keyid: B037730ED31FF9EB
# off=990 ctb=88 tag=2 hlen=2 plen=239
:signature packet: algo 22, keyid D50ED7B480AC5F96
        version 4, created 1583879873, md5len 0, sigclass 0x18
        digest algo 10, begin of digest 46 d6
        hashed subpkt 33 len 21 (issuer fpr v4 C79DD6973572969A0C2CFC9BD50ED7B480AC5F96)
        hashed subpkt 2 len 4 (sig created 2020-03-10)
        hashed subpkt 27 len 1 (key flags: 02)
        subpkt 16 len 8 (issuer key ID D50ED7B480AC5F96)
        subpkt 32 len 117 (signature: v4, class 0x19, algo 22, digest algo 10)
        data: [256 bits]
        data: [253 bits]
[...]

N.b. these two lines, particularly the magic numbers 0x18 and 0x19:

Code:
        version 4, created 1583879873, md5len 0, sigclass 0x18

        subpkt 32 len 117 (signature: v4, class 0x19, algo 22, digest algo 10)

What does that mean?

https://tools.ietf.org/html/rfc4880#section-5.2.1
Quote from: nullius on March 12, 2020, 07:21:15 PM
Quote from: nutildah on March 15, 2020, 12:14:17 AM
I did import the key and noticed that, but its still not the same thing as providing a signature along with the key. It is extremely compelling rationale that the public key belongs to this user but there is no substitution for producing a signature from the corresponding private key.

In technical terms, nullius is right, but I agree with you.  The point nullius is missing is that here, on this site on of the practical purposes of staking a GPG key is not only to claim ownership of the key, but to couple the key with your forum account.  It's a security measure that could come in very handy if the account was ever hacked.

And what, praytell, is the practical difference between a digitally signed OpenPGP userid claiming a forum uid, and a `gpg --clearsign` statement claiming a forum uid?

In my prior post, I pointed out that it is impossible to cryptographically bind a non-cryptographic identity, such as a forum account.  Whereas posting a key with an embedded signed statement claiming the forum account is not functionally different than posting the key, plus a `gpg --clearsign` statement created almost simultaneously, with substantively the same content.




Quote from: PrimeNumber7 on March 15, 2020, 02:45:44 PM
The timestamp of the generation date is only the timestamp reflected on the computer when it was generated, and this is something that can be trivially changed.

It’s even easier than that:  gpg’s `--faked-system-time` option with an exclamation mark.

I showed how to do this in my recent demonstration wherein I created my own Faketoshi key.  I thereby perfectly duplicated almost all metadata in Satoshi’s real key, including (but not nearly limited to) the timestamps—using only bog-standard gpg, with no custom programming.  (The only tiny bit of mismatched metadata would have required some trivial programming to fix; it would have been easy, but not worthwhile since my point had been made.)  I showed my work.  Anybody who follows my posts would have seen that.  Not that I am claiming credit for what Ploni did; I suspect that he has a very deep knowledge of the OpenPGP standard.

Quote from: nullius on February 14, 2020, 07:58:09 PM
And how?  Trivial.

Code:
$ cat faketoshi.conf 
cert-digest-algo SHA1
default-preference-list AES256 AES192 AES128 CAST5 3DES SHA1 SHA256 RIPEMD160 ZLIB BZIP2 ZIP
$ gpg --faked-system-time "1225390759!" --options faketoshi.conf --expert --full-gen-key
[...]


Quote from: PrimeNumber7 on March 15, 2020, 02:45:44 PM
When you sign a message, the signed message will contain a small amount of metadata. I assume this is why Ploni doesn't want to provide a signed message.

Good thought; this is an important point completely missed by most people.  But controlling the metadata is only a matter of some practical know-how.  Check my own PGP output.  Anything you find, I wanted there.  For example, you will not find any original filename unless I wanted to show one.  If Ploni knew well enough to construct his key as he did, then he must know well enough to avoid leaking metadata which he does not wish to disclose.


I have a little surprise in store.  It is pending blockchain confirmation.  It is significant, so I will post when that’s done.
PrimeNumber7
copper member
Activity: 1610
Merit: 1899
Amazon Prime Member #7
Re: The BCT PGP/GPG Public Key Database: Stake Your PGP Key Here
March 15, 2020, 02:45:44 PM
#445
Quote from: DireWolfM14 on March 15, 2020, 12:25:31 PM

At this point there is no proof that Ploni has access to the secret key, or the ability to sign a message with it.  Anyone can create a GPG key and embed any user name they want into it, but the fact that Spartacus Ploni posted the key and it has his forum ID in it, we can assume that he created the key, and that he has access to the secret key which will allow him to sign messages.  But that's it, all we have is enough to assume, not enough to prove.
By that logic, anyone who has posted a signed message has not proven they control the private key. Anyone can sign a message, and give that message to a third party to pass off as their own.

Based on the fact that the timestamp on the key generation matches the timestamp the account was created, and the UID being part of the userid shows that whoever created the private key intended to show association with the account. The account posting that he controls the GPG private key shows whoever is behind the account is intending to show he controls the private key. This is just as strong of evidence as a signed message.

The timestamp of the generation date is only the timestamp reflected on the computer when it was generated, and this is something that can be trivially changed. When you sign a message, the signed message will contain a small amount of metadata. I assume this is why Ploni doesn't want to provide a signed message.
DireWolfM14
copper member
Activity: 2170
Merit: 4238
Join the world-leading crypto sportsbook NOW!
Re: The BCT PGP/GPG Public Key Database: Stake Your PGP Key Here
March 15, 2020, 02:16:44 PM
#444
Quote from: nutildah on March 15, 2020, 01:07:44 PM
Quote from: DireWolfM14 on March 15, 2020, 12:25:31 PM
At this point there is no proof that Ploni has access to the secret key, or the ability to sign a message with it.  Anyone can create a GPG key and embed any user name they want into it, but the fact that Spartacus Ploni posted the key and it has his forum ID in it, we can assume that he created the key, and that he has access to the secret key which will allow him to sign messages.  But that's it, all we have is enough to assume, not enough to prove.

I was thinking about it and yes I suppose its more just a matter of common courtesy and/or protocol to sign a message from the key as proof of ownership. Theoretically, somebody could have created the key pair and the account and then handed off only the account to nullius er ploni baloney (though however unlikely), but much like Craig Wright's interpretation of private key ownership, signing a message with the key only proves that you own(ed) the key at that particular moment, so ultimately either way, well I guess, who really cares.

Sorry, I made a mistake in my post; I left out a small, yet very important word.

I do want to add that by creating the key and the forum account on the same day provides very compelling (if only circumstantial) evidence that indeed plonius created both the account and the key.  Like you said, it's highly unlikely that two separate individuals would be clamoring to claim a newbie account, and concoct a sinister plan that entails a PGP "work of art."
nutildah
legendary
Activity: 2940
Merit: 7892
Re: The BCT PGP/GPG Public Key Database: Stake Your PGP Key Here
March 15, 2020, 01:07:44 PM
#443
Quote from: DireWolfM14 on March 15, 2020, 12:25:31 PM
At this point there is proof that Ploni has access to the secret key, or the ability to sign a message with it.  Anyone can create a GPG key and embed any user name they want into it, but the fact that Spartacus Ploni posted the key and it has his forum ID in it, we can assume that he created the key, and that he has access to the secret key which will allow him to sign messages.  But that's it, all we have is enough to assume, not enough to prove.

I was thinking about it and yes I suppose its more just a matter of common courtesy and/or protocol to sign a message from the key as proof of ownership. Theoretically, somebody could have created the key pair and the account and then handed off only the account to nullius er ploni baloney (though however unlikely), but much like Craig Wright's interpretation of private key ownership, signing a message with the key only proves that you own(ed) the key at that particular moment, so ultimately either way, well I guess, who really cares.
DireWolfM14
copper member
Activity: 2170
Merit: 4238
Join the world-leading crypto sportsbook NOW!
Re: The BCT PGP/GPG Public Key Database: Stake Your PGP Key Here
March 15, 2020, 12:25:31 PM
#442
Quote from: nutildah on March 15, 2020, 12:14:17 AM
Quote from: nullius on March 12, 2020, 07:21:15 PM
His key is a work of art.  

 Roll Eyes Roll Eyes Roll Eyes Roll Eyes Roll Eyes

I know, right?  Was this just an excuse for nullius to gush over his own genius?  He sure does seem proud of himself, lol!


Quote from: nutildah on March 15, 2020, 12:14:17 AM
I did import the key and noticed that, but its still not the same thing as providing a signature along with the key. It is extremely compelling rationale that the public key belongs to this user but there is no substitution for producing a signature from the corresponding private key.

In technical terms, nullius is right, but I agree with you.  The point nullius is missing is that here, on this site on of the practical purposes of staking a GPG key is not only to claim ownership of the key, but to couple the key with your forum account.  It's a security measure that could come in very handy if the account was ever hacked.  

At this point there is no proof that Ploni has access to the secret key, or the ability to sign a message with it.  Anyone can create a GPG key and embed any user name they want into it, but the fact that Spartacus Ploni posted the key and it has his forum ID in it, we can assume that he created the key, and that he has access to the secret key which will allow him to sign messages.  But that's it, all we have is enough to assume, not enough to prove.

nutildah
legendary
Activity: 2940
Merit: 7892
Re: The BCT PGP/GPG Public Key Database: Stake Your PGP Key Here
March 15, 2020, 12:14:17 AM
#441
Quote from: nullius on March 12, 2020, 07:21:15 PM
His key is a work of art. 

 Roll Eyes Roll Eyes Roll Eyes Roll Eyes Roll Eyes

Quote from: DireWolfM14 on March 12, 2020, 08:43:40 PM
Ploni embedded the text string "bitcointalk.org u=2778290" as one of the user IDs of the public key.  If you use Windows and Kleopatra to import the public key you'll see this list of user IDs:



I did import the key and noticed that, but its still not the same thing as providing a signature along with the key. It is extremely compelling rationale that the public key belongs to this user but there is no substitution for producing a signature from the corresponding private key.
Timelord2067
legendary
Activity: 3626
Merit: 2209
💲🏎️💨🚓
Re: The BCT PGP/GPG Public Key Database: Stake Your PGP Key Here
March 14, 2020, 06:41:18 PM
#440
DireWolfM14
copper member
Activity: 2170
Merit: 4238
Join the world-leading crypto sportsbook NOW!
Re: The BCT PGP/GPG Public Key Database: Stake Your PGP Key Here
March 14, 2020, 04:22:57 PM
#439
I've been inspired to update my GPG key, and include some of my various user accounts as UIDs attached to the key itself.  Some of the upgrades I wanted to make required that I create a new key.

Please note, I still have full control of my old GPG key.  It will be stored off-line, and no longer used to sign messages.  Any messages signed with the old key will remain valid unless otherwise informed.

Fingerprint:
Code:
7EA88068A66DFBCC7CACBBEBE2E0A3A7EAB3CEA5

Public Key
Code:
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBF5s/aMBEADj1EYTzibO3455iGNMpEBBxAJ37EBwCLmbJocxxZGBg7z9kovr
t4Z+m8BFP2eDjxyScDqaomFMTOK24MdYVGy/a54iRXQ+07pD8yvk4rUTq1+hzUxV
KB5/d6iKeRxKuGJow64yqLossb9Kkaj6W9sMWmEAKkBHzNTN8UoNBPiVyP/575kw
ja99MWTk3PbSd8fk/im4DJAaDWhZ4TRqHlrqDl1/MIz2rtwH7IZec79IWu4HNzdO
o8KLeFoDLahbr4KsO7onB2J7tiPNwAH72aai+Nz/HQ5Zz/4rWKSl1l21JWYmRSZD
rJzgnhM2Q4NV1T+oG3mOL8rpeC04AnWdNUa+S5mtw1hTR/hIk2U14xy0UDBob/Fd
osHc06tCv9hP4dmwk3koKszP0NbWvCCKEU2HaU6H6TE9wggMve4UWC/Sj6q/uJW6
CNG+pm0DeDeju+wPwE7e19LzEZrRj48/QzvkZgreFn7Rm41vhCANeq6B05y86IB6
4RBifiytm/FtMdvrt7Rsepo8AIqNhm5uPBK6HDuDDMBi3VNzoVY4skjF5PHnkLCl
s1QSXIQE+5gA4Kz6LZmJ2GfKSG9wPmXaxR1mrzOwkxaSN8O1afO7c/t4CRN98pum
sRCUKvKEZcj2JdJ9vIwLONXlCJPDYECtOMYHlr9y8dGMc8+VA+1sTcLMAwARAQAB
tAlEaXJlIFdvbGaJAlEEEwEIADsCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AW
IQR+qIBopm37zHysu+vi4KOn6rPOpQUCXm0AmwIZAQAKCRDi4KOn6rPOpVNqEAC1
uJzQxHMJoth/m6Kdsl+pbM1MZEdIRPKImDu8+oP0IVt3Fu9GiwdvRSYyIy3lraSs
YOvW9MV7Il8+6czcx0F4HU2dNbm7sLP0JF+ySbDXKgnfFEqfxPXXhCtMjNX4dNQE
BIVeIBRhwWOgPc/xBrp2yc4iKIsmFNNdFq+CnZkiCyuYvgUVHfb/az//LTaS+ZQ+
yJx2lE5GMsdHlDKFQz7pmzYYf/BbP5WmcW2TxmVvTp62ICqzKcU1w+RVY4KvcHq5
HB8UuKIxnf2IAKJHty7jlDnjzIel466WhyEY0eOuTZTDgG7OenSIeVye+Erc5VEB
yKUDuDIeV3k0Vs912GSGQtcsTnaef11BGOy4IwmOeFiMkhuyoXUjuM2AooccXqAG
QcAdobcNcNmbOfr0eSaV8jy4w58lYjHaijHqECQKNIKqm6Gej0caGHGgipdB+KPj
EC3/LYJI+AdmfNOwUJ+T075rfg2akvp9DzfZwzNpgKtBWnP8+BXpLZf7CR+RQmeZ
LR47v9H5aIYnPRfZrYXhFg5zmmpgFpxZjCw9Ab2GeyLbrCaAGDdrhVbZxBPtq8bp
uKWykv24zM8yXuUrVD9xsObMKS86kl8cLg4YmSC6eAAu+vVyypjjAaE6pPcy+DpI
bUOg4YMPGH27fpYM1nWebkkTJi5nXqx4SfZCyXnkSLQhRGlyZSBXb2xmIDxkaXJl
d29sZm0xNEBnbWFpbC5jb20+iQJOBBMBCAA4FiEEfqiAaKZt+8x8rLvr4uCjp+qz
zqUFAl5tAIoCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQ4uCjp+qzzqVU
jBAAkhLxNFcq/FgBy+WuVmmuvLoQxC2bZwmisNzoUEBmN7W1XaNrDe47btuCC+AA
eE0fdxIgScvgHy6Erz04LdOxUkaRffkUy4OlNgNFN5b1zhbTs2F/GsaYynTX+rtn
RImDe3bFYnK+qYa3/La4L1UKjMVH2QVt60IPTNIqPQcZhPG0RfPyggDNDTrINpJS
lUW9/gkePoBYcD8CJQxNkoaq0ZauE2CrDwMS1fmdgWHQ6bbRDYI6yrzhXquazkWO
o0KlpiX4qPGN24hCh/r6MJzuFTcsfvrg/TDsaUa477qdxJVhS/IeQwAbKupc7TL3
t+1q+ZDmipHn8FTS/37MQnyMTZ8Ib4hOx1sE6N+5rS6mRjvAnxpL2QM+cOZ1foRs
vTqohbjBR0+21KON/4uajSGJ3UnJG2XPU7Mhnki3FZQh+1MuN08qW1/LAVjLnDyf
5TWVfwMOmTluBk+cObvacZzWUFukTrNBl20+44w2tAdbKSB3Ft2pWRQW9OSmKWO1
fkvV4jnFfe4n2bXHp2SQe0R5DiyYbfaKzJqNHE3jGX0aWHb3AzVZpdATZHK20vqg
D7ai/FLkYEOBbyyL4hsrexqgok6tWSNWth9WviWFfouLqj/KC8mDNKsC9umACybl
nkWZSJoRW+BCNqE2Q8+4Nv3FA7yyv5H2vdVrFaWay7R0awS0JkRpcmUgV29sZiA8
ZGlyZXdvbGZtMTRAcHJvdG9ubWFpbC5jb20+iQJOBBMBCAA4FiEEfqiAaKZt+8x8
rLvr4uCjp+qzzqUFAl5tAOACGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQ
4uCjp+qzzqW1zA/+NoHe7NgAxdAnkDl0AkepZ1uN5TKlBS+FIE+aIjIdh1Z+6fpv
9KBgDy076nO1Z1TjCDUtx1/jA/JXcdIQzCvNSjV2yiR09rheP3AwWIoG0WsfPyeu
0B+rx0NuXgjIniGAx/UOTB7GrkD8h4K2k4tQkt6eG/56zaym8xOnRzXzu0bcDJur
hEjqPy6r5PErsPEt9cSvX+zVTj0TLQQJX9FkCxHHQ9KIPPW0ytD4rcPko3w/nfpf
d34GkcnA2XI3qRWvFXkbWQk0GjNKxm5hRuLNn4E4+t9HC8JQwchnqmXUNzOaTD9U
2sxhMe3Xp3ult+5LJ5E1VFaEjf1tZA5r50fR+Q37BeefwS5eCtBqnyw8eEDlSXRh
piuk0o4LYrVc/zdrqhxwY5jUl1Evg3Oc4KHIMhijJ2SvJ0B3C9NXRVUIQgOnGQkO
7k5iImOQTyaz8I84vxlgajimAR9vG1sZrX8WNuUbW19TrE2HkL9GNRyUpNBu0FkZ
+MFOL405WW5F0Dw9Q+YsWe2JKYqJ92dCg8b5aiwBwUauLf3Akyf0ssCNjFU+U9Bb
kBIUmmKMafJehyI14QVFFmRoz5yDIcMwArPQHhCGE3Jp92WouSavbIwQJ567lnct
iCSV8dog0N7l82GJu0WyGYJY8n/9dlIiYtXrMv8r6YfyWRtJROy20hJ4WZ60J0Rp
cmVXb2xmTTE0IChiaXRjb2ludGFsay5vcmcgdT0yMDAzODU5KYkCTgQTAQgAOBYh
BH6ogGimbfvMfKy76+Lgo6fqs86lBQJebQGCAhsDBQsJCAcCBhUKCQgLAgQWAgMB
Ah4BAheAAAoJEOLgo6fqs86lsOcQAIRQE62NloKu93CQ8sQzA3vQa5AlyKbXLXnJ
tJl12XclzfQ5PGaQhPAJ5iOIgyzj3GO9Z2jFPUn23kv4+QEuDIQi69dhNZS3vrYF
fVj8gnyxMnF2BEaevumWi+I942znJazKtL1nEUWB9fUHEbJSj5Z2MNEK99GifYyw
1PXB3yDP5V+fbCjF6ybf/iqkUvo7eHT8G/1gnglTW2Oh1arQ/aR/AAPCTZsDD9Hr
P2w+WoWzQsoi6lLs1uTXFJkDXnd/PUzkDEnyrUFrEENDX6P+fpxLT6/bKYOB8A9V
eQQN2jM11utonsp0ZgrV6wo/TZ05hJQj4ePiDy4C9Mr58bXk5L8RdIY9DV7VpjjG
r7+5q4G9fE3EI4+NTjFXcRM7uMCUhp6cbLSsPGdVOi9BPNeMgli1FTeMJ0VTGIGi
GyHXOc4TVTzDiw6NflIzX4R5LiyME4y21o+YQTIZuqvWGmUR7iDWvCOXM1bpCid6
43eLt4yRjCRluas43fTlb62dshR13WEpacwrnpGhAw3XbBA1XzyC7GXokiqgYvcg
Ta14IlIsxEUsOGhwhBMeyoY8YizDxk90tvmNAqpco0sSyKWa8edx+lFb5BvuvtAc
65iLA6mRwcFd91bd/fEJK+h9EwbpGGVKkx86v18k6LRrHJh1QcJj9YOgdsGqUyu4
4PM5h4zitBVkaXJld29sZiAoS2V5YmFzZS5pbymJAk4EEwEIADgWIQR+qIBopm37
zHysu+vi4KOn6rPOpQUCXm0CQQIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAK
CRDi4KOn6rPOpXcKEADWQub79bXUXGepSLP53iYsWMlA8RsouW+KsdeanTNN2rjS
Q7Z2S9JzQ41Q6nAkZcluNdBaWrBebriJJnjfE+n+82XmuMbV7BSw6hMyube9jlb6
YExjdDvO4VOLEKxOu9klycP4/9DOI0Hx3KFY+GXVa1Jrr2yR4YN0AlpfaH8NU9zP
hdOL8mBDrxwYEXjsvdjj2IdKv+yF6yccGzrU8DGJM7xw3ORsaDLVwQqx4Uw3B5i+
Xa1PqqkdaD8sVuMKl4g/8zkcXmY9TwgsiXxtfqX2wQzsl2SF4BMkeaWDETy8IWyj
33E2XWlIDyCxif2zGtmR20ypSKTtUViRSAjSsJFM5d808BYaD3Ewu+snUwGYiGFn
NsFBkMa5g/dEr1NtmTx3thwHrsWArsX3mxAqH/4fzNXQgzcZoA2YG/EUaWRfzXRV
BqWcGjXMRJcKt6lbUfJMczvc5XWCTxwh+1L4FQ0LOScuuJWZ7Bn3AhPap1tHxJFa
K73JYSDX5VWopNzrP6M6ldAk76GzR7gesktaFXJTc41FHrHvj4k2nUnEOZVHgINA
XOIyukgeyCX/GZQbptHwGwdYB79TcD+VIJ1y09FtNhbJlwgvDPiuZJQb3rsUdoxK
SulpMgTzzAg6glte3yjwvMxlK/iwglsjEtGbT2C8XaocQoJTuOGgtZ/YH/U3aLQj
RGlyZVdvbGZNMTQgKFRlbGVncmFtIElEOjYxMzY5OTI5MSmJAk4EEwEIADgWIQR+
qIBopm37zHysu+vi4KOn6rPOpQUCXm0DRQIbAwULCQgHAgYVCgkICwIEFgIDAQIe
AQIXgAAKCRDi4KOn6rPOpXZFEACP51pVptbcBFSDhxDndtEVJU+G27wyx+iGhVXq
B3OnzkdQfR+4ngYceNmSNOw9pk0fGBtW0vtZ+7re/HU0ykvgaD+vJ0UxGgi5ItwU
3Ih3Zsss9f4mAOEDEyPqpvxW3ofwQwvhInK3Nn0emwr/NrTBuDWjv/cKlq3tDhHP
M6ofk3wTkg37+fulcXK1rcR+/XfVMSKDclUihd/36aJTSeXD4CqGZERzXWdDY1LV
tqmnFNwRELOlG0W/P4EIQt9UU7k8ZkbOAcIPFX00aCP0gZenbjxW0mpJilaebH2v
911ZmBsMKHNd106X6TMsYKVTqI2wGlmIplbd5UFLGFCQ2C4ZdYeTBqtg7f/PRs0u
Ph1nfHUYCkmofgb4oPy9pmkUmoaDL+OxJbbdGGhPgsDINWpiYp8u7XUXvmXGeat2
xgPOsvMNeXvEjlMssormyHYDWN2XiB/0HhpllApdd3y7POI9UxxhuF1gY5gxNsmE
Zv6K6gdBMlKUqBxO5Er5q6G61FrrCJf5tdUU6/5bX1NNe7ID+zl5Upsd02bp92Or
9llNQCx77zMWYhpT1ki0NWO6m8QMgXAEyX9yGhf3YZnsiiGvyb6tVMT5e02wO0iw
OJBcbK9IjOE9aNwp/C8OI3+r5WV5kSYjjo7ufpqkngdAv/okeKNxMgFM6+9tygwA
ewUnvrQ2RGlyZSBXb2xmIChiYzFxbWhqcDJmd21udmhuYzJqcnloYzQ5dzNya2pj
cXV4ZnF0ZWZwa3QpiQJOBBMBCAA4FiEEfqiAaKZt+8x8rLvr4uCjp+qzzqUFAl5t
B5QCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQ4uCjp+qzzqUufA/+Itq1
XKE1ybqR3UWM5bRDxg0hGGljqOc9K41O9W07J6w8COnm0M0OO1NYz6qvvIWmho8l
S8hn12mL33Mkfn0607JbjwqWqtw9HJVEb3Y9mH4C6km62bBRyy7mo5z4UgMYtzRP
PYTbdWZM5Xgq6lpVXl8/8VceSilUEL8EwE6urA7sP76ICDDCufamefGxG6eZDwJ2
3lpIFOU4+anMyj31UFmaqRe+L5YwG3dFx2TsqZtrFhf1NA6qUMDX8oqqdmsapa6r
OFreXsA1izv2IN/deoCuY9HktW1xoqYHh45yeKNNgrDWwtN9x/7XQdrTYeKSDH3F
I7eU359YXU1tfzb5u8BCJH5HKRchJEs/t70QK6K4hpyH3ACw81kPZRs8cVgtGKGV
Jrk/RO8gc3q9LJiUsPZFS1ujCpOS39qH4DBlz7YfANAqXZoZWPMrOkyqLdCH0kFy
6UlquenHx4VncdPo9VwvIE7xO4iiejD5lqCkvmCSkVYVAq0wj8cFN6gszsfyaA1X
4EoshMvy5RvMlH4rW7rV6R7xjisWRsDTAGoov3zAlBQpybAIQTqRCm7dJVJE1Zb2
I3TzdlEUIkSS2V3dBTwLdNX1lo+lK8fLaN/CrGfC/UTshIc2QfGYhOqp874xqoYw
oA7m770W99SQoivTpoeC35KU+EczQw5XBDo6E7C0LkRpcmUgV29sZiAoMzhUemNC
QUJFYXYxaUI3Nzk2bWlRYWNpWTNjZ0pkNVM3YymJAk4EEwEIADgWIQR+qIBopm37
zHysu+vi4KOn6rPOpQUCXm0HrgIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAK
CRDi4KOn6rPOpVCOEACOHjTScmxH5IkTqKpav4/XnYGu1ChD99OJwIoYNZDt5bQ0
eTgfkVXqtjBpliKqiQZlogl9cgKWY7qkeaRTX6NaGjFMJi7IgRd2IhsMmfB/yNex
tm8K0zGQVe0g49iwm878jjze85wIahjx+HMQhTft9wiMmNxX+El/XdfZn3Jp8ewV
mnqhwhuXHso/Wj7WnExZr10UTFa5z0IbPAOcEu29quygjk5ifpO+wjlhs1FitXRy
IWUnKdRsScmnWphYiwfT9IVwhBImdh7aHr5cOY2ku5u3hU13JM6PPa+85n3K9e+0
PdahJ010IPMmOqtd+1OVXzcJwtqubuJr37r2kBOJCD1IjRl0HWGmFqRWZnqOfw3+
1jGRZ8N7fyADX4tRllvWP8BsHW505cXRiIkYGLDr24gG+yRwN77QzV+taCE27DJ5
YPomLZkh24ZIdp8G8YLZ4j5eJmoPp8ol6y7JvP/cWBcidzEjh3GdhP3FvtRwy75W
V3zizMV6fWna8ygmuRBdimdkgYNa+N+dW8XovFPGswEwpNh+dUwrvvX7fBC2wc8L
IskyUwwZRt0drsk6JY5MjUj2YnKUACLtXD2We08iLzGy//OlW3w4EDzyYQFu3MR9
HvjDEGDc1rUj+iXGEzSva53Yl0Ifh/O8fZ0NHsU8CX7y35P2CTM+eza7I1egv7Qu
RGlyZSBXb2xmICgxNTd2NjdhdEpqbng3RmRpMndtY0JCcENodWdITm1EV3VwKYkC
TgQTAQgAOBYhBH6ogGimbfvMfKy76+Lgo6fqs86lBQJebQfPAhsDBQsJCAcCBhUK
CQgLAgQWAgMBAh4BAheAAAoJEOLgo6fqs86lQWAQAIYR9JLLj55iSxbD3CLy6i2f
oHKsqi3cLBaF6mh87c4VGQ3R5l+LlRb/NIbt25nXAjbVqXxhQ3F9Scc4vmTAEJXn
rPtTU1t6FdxlumTooQh9juiLqIogiGQ72Nq/jCHZJOf51bnu2BWW3cuN/D9i+hnI
nzqFlLXtdbpL1L+xOv1mEKJ+njzP88OO+hD6NyGmjEk50HUUBEcRR6fJpU8ksHpW
5t4IcnR0VeB8ZlreRGyH9fP25W7XqVxrEbcrtxwAWUnsrDZlOiKH7AmiRb8AivHC
qHhEc7XplSq2gV670pE53LLVtkG8ww+as9phhvgV5yQLrDtxr++GPtEy0a2IBFAy
Vox4xwclCQd1qDmYrujH4pa5PEUb545FHpJsAaCozFf09izIjENGsWBRFb9MA6Wc
fw4dZ/94Dvqve80k6fOzJI2V444bzYIPNuPUne3y2xFnWJY2K9WGCWFBOhGRqJKL
v/OC6HFu4iSsH327jPsfXcIYtV8GNlnRAnJ4HlIdHRvysJQp5wdwIFKLJefCaiZP
onjHPA0sWBcVSd7ifnmRnPXfxLbNM2iC/54pJHeJPKvVLEKNloYORwovnG9lgf6c
1CAhMx+lKqiN7+c0wDvzUVXeTWettqQuiPU1Ka6nb+8DHIkTdjqcMKkdnfVOx328
ZZ3xThpD2D7XiabXuwOauQINBF5s/aMBEAC3ixEzG1xNe8uolh5/VC88Ypkm23O5
6H8Mg8ti9lb6Xl6WgCNuXZSPsm857lnHJWyNdGoSYj5Y5napCOt99q+y2MuZ59UG
8bvZeuHXMBTTU4FfPJtDPDHCTLX3ADgDR4pS4rDZE2fl0ab+44GRlG95RbXsvots
Tn7lK3EBwRBJolb8cJnEN4a3BRgKONBJA3uP2tBO1GKVGQ3fZAO2ih1SzBjb6O5n
jMak/g+18+JAoh68h2MIZA4hIfZ1oK84sBewwAvh2cBeVmoLdp3dzALua1x1D8VS
8agdfrh2elNeY+d6HnRogRjcLddYazDoVunSF3EDy54Q+51myqPhPTyQ6ZXZhifs
tEyYAbD705f564spyl1JdfTcok5ciEaprdMnsVSx1kYR+EZOhDkIFLBXOPwcr1VO
kUhmKF62ZHDt9w9X1jLjhK2HrXCNzxmDBXmmBiyB23QAuX71EORaYWm0sywn4s3t
OyJ/9TsPft71V0aWl8k8+IB3DHMpL/nT9TuyKzywDRs8R9fiAWBkigecOVt0tVxv
kq0dS/AUiFIT1rMck+ch2z2j2umecrQyUalJbCraOYOioqFsPTb4fjpstG4zR/oW
VBLRtrieyHttLKiHpZ3z6vlp0IzknAt6m3hvPyTy8Jdo9FCdQ27YI4cOTQEt3sGB
NIi+IMS7xMrvjwARAQABiQI2BBgBCAAgFiEEfqiAaKZt+8x8rLvr4uCjp+qzzqUF
Al5s/aMCGwwACgkQ4uCjp+qzzqU86RAAp0FdmT7A8oVVl1ngBZYoeJd+blIY1Jwx
Q9sSc4I+GieofcUEjR6zjVPp23X2Kvq+a9btM/H/SbzqQVUwEd6M67RzfsGIr//z
DP+cgwlUkVdXuH6y/9zDbsLwXWKZTslIinA/7Wa7W4sM74mwsrzAuBF95MKoZS9z
WtPoh6b9oBNMn6q9Yi1lV3oELRTIhx8PK4DAxRpmFH40nxTm4zcgcn9+WBTIdEfM
yJ/cib7La5eSB/PeDevzXW/R/XrRh3Oek9Q+GaSgmCaxoOzPNcDCiAS5rTNzgduu
MHT8iIG72cVedfUfVZBx6MyoaqA0IdUnjFaIsuOmof9sZAtma0o4lYKdny5nyU+v
L/c2RRXYaU5DekS/AMOAIu5r77LcSIBqz+4OOYa0kCy4e7NyxEEjMI8v1PDsdisz
QkqqnnaUF3NfKfVqmbyN8vSc3+zOcrFNsgEgaWiCfKa3sGqWHDGBl7bf7Hv3SHmX
+LDwqZ8sMOs29NuAG14S0+r1Mf9ZsVe177PJzyHqTbAJ9ImXMvGrXX6eWlpPWfJK
/OkbpMHUEUSyAtkHaC3uGNN4kqzUSKE7bzPkcEXNinhMkLyuSshFHSlqD1tlPMh1
s8xpQ1cTYBgU2NfLAnOtnUVXtRJ1tDnTgNRSclY0Wc01qbT3gU+Mx/Ix6Cll91K4
J7LyPTv74AC5Ag0EXm0IIAEQAMPP5Z7bo0fS/aasgkvVse1PJZCEg9cDZ0c3BB2+
F3kH/yG6q2dQOb7Ld3OMcUjE+jJX5LdQahCXufOFYiGrZxMxdDxV9jLbuft9BxTJ
ely4rXeWTPGtzGIA2oCrOiVnNPc/VoVKDm2tv8mQLLgx3PL44VMl0Glm6WCeMf/a
04xisq0vuCedPASBhwrgaVX8MUl4Yo4aFoRrREOrvJfK5LzdOtDLSqhJ4kGz6QrI
08mgqrEp4sZdJid1ZsazQE/j1xcS33sdMA1V9s4HCSA9+Ay6uDInNYxlSSh23qup
d5CMWimtJgzXP16/mwu6gH+6bNHyzdG3sVP8++zn76dtob6DKuhc72m4O7UKSqlp
O+n7/99mRJBHZbbikU1/5cQdCE2EFVsp0jykwiKUEZZQyN8v/AN/djbojrhKOnps
Cpt2VIxjyxv1YNNFfnCbJsHQN3nAUNV1kELze3OSh46egbjF/J+iW1wqUiZOx74H
wJIn77MFdIQLtWi5pRhZxG/wYN+nARylkohp2fyvL5tMo1EryNqZZ0CsJG+KjsGi
rVekyXOFPlZj5ifaBrHGTeS/vexWbSrrcQpcizsYxFDZnfZA/V7cftghbCE5vNJs
ySTKgTGPW+IxdOG4AghcoEz0tlUJtHWsRDNdn3PD/vHdUhcLHw0ryWgPQ3gLKSPn
v68xABEBAAGJBGwEGAEIACAWIQR+qIBopm37zHysu+vi4KOn6rPOpQUCXm0IIAIb
AgJACRDi4KOn6rPOpcF0IAQZAQgAHRYhBObgpPKqQEy9ueqnn4O6M8jdyqVHBQJe
bQggAAoJEIO6M8jdyqVHz7UP/RoxX6FaLJYX8Ws4yj2EVlMVz8CtE2fneNT8wm1p
ypxr30xamTYWxDv01zr2o8LGYnQaV8KuGwosW+1Uqz2zHjqhG7YOyVdod52VNepp
8jY7fW9veL3PCbuGF7sDKZYEq+PFY7PfB6Piyfcaijq8kf3UQGAfsxc2hMr5b1gE
M3sEBDxoifB/UcxLEkCIyFQEMNxcpW+GA6ch+gHsPzJvHBRGu50up7aBqM4pKwQH
77p7unMMgidwIjHtK33ZZGodpT60anLppFyP1SJvmhaXUJvFlhLlw6zpp7DyldLZ
La79Iu+FC3ldFX0d+iOFxLNHFQfqu1SYyr8QOlaYVEUxw14eHAWsxKXxdESMMdVN
rX8mL0tsviTp1QjgZNB8ViqBjw6XBWYuRk8wQhrUC94W/jnUhnzYwxxs1oqKQrkZ
4PCg5L/kpDfUhXg0IuNA1qgTOOlQJBFb7eeK34Vi0IytcvmOQFTnf++G33f4eGt2
VSeTWsfbvbCdeBDu1kYG0OXoBzMiSGdTW5fcrk56ZDkUbo3vhWh6wTVTrG2KlLxZ
kFTtWwYb9y628p3ABkBh6qnGczBjj2073OmNDwNhIrhjr/tSx06leY2wjwRFYCB3
ARQzWMf7lKOvz3UIxZXLyudeN806iC1uG9Rs9nsS6By+NUMocsM91QNGoxfCl+11
AW+uSagQAKjEifZ4Qb5byZR1IJYuca5aO0FkMMaomwGY7kGe5uiNW3j9TJvIoc3J
uVWhzVKKMXJAEFLKLtF7wWcSU0gkTTjvbG8lWG64KMVwjDaD0zeNfwDCUJHxqA1L
P2HTzrHDnJ3nPULFJNBOFqiuNpg95qi/qx/vxs343TTbfkY1c5NSR/+RjCB9iCfm
uOldMcUmPJg5VHwFl5Y0y0NYiU8QvkHllVb7ckqEOQd6hVkHrth+2ecvYRyTscYJ
sC8Smfzm9qsOR1FyuMAXEjMKoakIeduVdIbr3/bCMTEYvARmzWv8w8Qz4VvYRnvH
PzqmrvpV2TbDxlsFHNwpaF8xK8L9vCTCH68uvAvvDvIxeMWQUuhUmYyMHPHQqEIa
vuixzz4+AKKPaKyeSKXi6BHsAuvdfhZd0+JtUWSftWvpw2zAjQzfDVenmc9gd3OV
5K7mFVDWDY/WkjOlAjOBKaxLC02bQ4/PJZdf02yKsWcHRbq8u4ws1fRJs2W4aEOu
VCaVd5W1/oKTgc1FFxkQ2g7j8Qx6wWRkzLZSOJ1C1ktLFfPbliRgmBVFDQ/x4BL8
7R4DnNFPnjGTWTa5r0m4znx/9TIgwEjISbSoXqfSkSdLN32UtHgCiMWJXwGR+qzJ
hfdLpCPXwkbNxxrugAOgTv5ZoRERds4dUAGgPHMaEHn+lrvynI2T
=bgs1
-----END PGP PUBLIC KEY BLOCK-----

Signatures:

New Key:
Code:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

14 MAR 2020
This is DireWolfM14 (u=2003859) updating my staked PGP key.

New fingerprint: 7EA88068A66DFBCC7CACBBEBE2E0A3A7EAB3CEA5
Old fingerprint: 8FE4A7A028980A92143F2E936FC0D490FA1861B8
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE5uCk8qpATL256qefg7ozyN3KpUcFAl5tObUACgkQg7ozyN3K
pUcfiA//W6vZE+U9fMzZXvMfEdU8kMeuo4cJTyM+NKRUdj3ryrbjB0Ss/+VjPt7p
umfqinJLrfTuJCMqU8tGQS/q4+gg1MH6gCInCvpEtCXmDfa+Xj71LgOAVJUMfNrw
d/mSAWH7pvslKFDHDAbrkhwuRVehctu7KhBACrP0hj2yf476ctm8MwjSeoSNr/US
8rZgHtYC+5E8d16irW4M7vwZ8ixVgQkz/gA3u9WUCOe9GG921M1ofN6hNPrqhP6Y
pBULqSU97OTDFnzh5Lds8TY2OWnYUyl3pK+Gu5iWlrQA2ylqZNVOsHNzWC2MAtB8
MMjkoZnPvIgIWCzT0lTvbZ+TwQIAPrcYm+W37e5OSzjGhUVWuj3AeHZSNm0A9bfY
N019ms4Hz+lUzjgxYsV/9JUKLygKw00jBKxQR7N6R3HRGvL2Twry5z96hiiNMMC3
r5JgKM5L71R+qpDksf30eiOkV/ygpzxuv6S90Q4bj3p95/O/3Wk27A25hNzfEkh9
dEHWu2uieYcaE3el3mKfDgxEDwBCPFQfrmK5QmvL+BfAJjw06R0aLrfvxjKdaIe6
yuuk7Msn0u7HdcLopr6HH36IvvfQ2Jn/HdiYJ5+LE3sJBda3bXzWEaCVLopq4K81
YEMmfHZhEnDva1RuUT9MCQOTSfUZJixYIEAnTt2BAaDp/VgRrmE=
=M2oL
-----END PGP SIGNATURE-----

Old Key:
Code:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

14 MAR 2020
This is DireWolfM14 (u=2003859) updating my staked PGP key.

New fingerprint: 7EA88068A66DFBCC7CACBBEBE2E0A3A7EAB3CEA5
Old fingerprint: 8FE4A7A028980A92143F2E936FC0D490FA1861B8
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEj+SnoCiYCpIUPy6Tb8DUkPoYYbgFAl5tOe8ACgkQb8DUkPoY
YbiEvgf/f/Na+a8YGvqHs2ad0B8YFA6f9oKMktjv9Wr1GQxeQ/H1qHCU6SIQRIeB
exPBi3BFmBRelMNlAQQOue9n6kj7RaIYhSAzl92zUDRWk0SkYRNfQBUr3uWgzzi6
XxylGti1PSJocejpUwEB58QeeueFRPtiGBO+U3YeuWyKZhCLaRu/WOaE4GcXJdD8
9OUA0461lAaNHZy+IFW0epVKifCUCuvcfn+xiLFcYI5XP4+bwFMXM/W39NIsRyAF
B52aaPhtlEYOdlIEhcPfl+yBwNE2UWybA3CZX7h9S0bjOF5ogTQen0uOYksJsqcI
eXz0rq8m9Nx0AxzHbtO54pKT4BIN+w==
=fAVc
-----END PGP SIGNATURE-----
Staked here: https://bitcointalksearch.org/topic/m.49995630


Bitcoin address:
Code:
-----BEGIN BITCOIN SIGNED MESSAGE-----
14 MAR 2020
This is DireWolfM14 (u=2003859) updating my staked PGP key.

New fingerprint: 7EA88068A66DFBCC7CACBBEBE2E0A3A7EAB3CEA5
Old fingerprint: 8FE4A7A028980A92143F2E936FC0D490FA1861B8
-----BEGIN SIGNATURE-----
157v67atJjnx7Fdi2wmcBBpChugHNmDWup
H5u2CCHhfK5RqUUQMQqs7O5QmPixVAtt1+p/aE+XNjGOTqIgU+atEYOaitPGgeSRegYVk6bUcH/ZFUmN4A/eEWI=
-----END BITCOIN SIGNED MESSAGE-----
Staked here: https://bitcointalksearch.org/topic/m.41987221
DireWolfM14
copper member
Activity: 2170
Merit: 4238
Join the world-leading crypto sportsbook NOW!
Re: The BCT PGP/GPG Public Key Database: Stake Your PGP Key Here
March 12, 2020, 08:43:40 PM
#438
Ploni embedded the text string "bitcointalk.org u=2778290" as one of the user IDs of the public key.  If you use Windows and Kleopatra to import the public key you'll see this list of user IDs:

nullius
copper member
Activity: 630
Merit: 2610
If you don’t do PGP, you don’t do crypto!
Re: The BCT PGP/GPG Public Key Database: Stake Your PGP Key Here
March 12, 2020, 07:21:15 PM
#437
Quote from: nutildah on March 12, 2020, 12:37:38 AM
Quote from: Ploni Almoni on March 11, 2020, 12:13:55 PM
The fact that I could create a "bitcointalk.org u=2778290" userid (self-signed by the primary key, with the signature's embedded creation time) proves everything that a signed "I am bitcointalk.org u=2778290" statement could, at the time of initial publication of the key. That is the reason for self-signatures on userids... a point that most people miss. Please learn how PGP works before explaining it to others.

dragon is absolutely correct.

You didn't actually provide proof of ownership of the public key.

Everything else you just said isn't proof of ownership.

No, you and dragonvslinux are both incorrect.  (And dragonvslinux’s prior post also conflated the term public key with private key.)

Ploni’s PGP userid is strong cryptographic evidence that the owner of the key claims ownership of the forum identity.  It is indeed how PGP works.

I myself have been critical of some of the security-theatre rituals on this thread; I have intended to speak up more about that.  I especially dislike the claims by users to have “verified” other users’ signed statements.  That is worse than meaningless:  It is outright damaging, insofar as it inculcates in users a tendency to trust Gavin-style “verification”.  Everybody should independently verify all the signatures that they care about!  The custom here of inventing ad hoc half-baked substitutes for the functionality of OpenPGP standard features does not help, either.  And it certainly does not help to deny that OpenPGP self-signatures do what they actually do.

Although traditionally, the self-signature on a userid is used for strong cryptographic evidence that the possessor of a private key claims ownership of an e-mail address, the same concept properly applies to any identifier.  This is proof that the owner of the key claims the other identifier, not vice versa.  Unfortunately, by the nature of such things, there is no elegant cryptographic means for the owner of a non-cryptographic identifier (such as an e-mail address or forum uid) to claim ownership of the key.  The WKS proposal tests an e-mail account holder’s ability to decrypt a message encrypted to a key, then trusts the server to publish the correct key through WKD (with trust partly based on the pessimistic assumption that the owner of an Internet domain can always play monkey-games with mailboxes at that domain, anyway).  I think that a user’s posting of a key through his forum account is the best that can be reasonably done here, for attesting that the account claims the key.

If, in the future, the user wishes to demonstrate that the person controlling the account continues to be the person possessing the PGP private key, a signed statement would be helpful.  This is a related, but distinct use case for PGP.  He could also bump the timestamp on the pertinent PGP userid’s self-signature; but that would require modifying his key, it would be difficult for most users to verify, and it would invoke a long theoretical discussion of exactly what it does and does not prove.  For that purpose, I think that the best practical way with readily available software would be a signed statement containing current-events information, such as a quote of a recent forum post by somebody else—or better, the most recent few Bitcoin block hashes.  This would provide evidence of the freshness of the statement.


No special action is required to verify the self-signature on a PGP userid, because gpg or any other reasonable OpenPGP software will refuse to accept the userid if the self-signature didn’t verify.  The signature is required.

(N.b. in this context that “reasonable OpenPGP software” excludes traditional keyservers, which verify nothing at all.  You are supposed to verify these things with your own software, not trust the server (or a forum user) to do it for you.)

I just empirically tested what gpg with its default settings actually does when the signature is broken.  I created a copy of Ploni’s key, with exactly one bit flipped in the signature on his forum uid:

Code:
$ gpg --export -o ploni.bin ploni
cp -p ploni.bin ploni_broken.bin
[...use a hex editor to flip one bit inside the self-sig in question...]
$ cmp -l ploni.bin ploni_broken.bin 
 503 161 121

gpg automatically drops the userid with the broken signature; it emits a warning, but exits with a success code:

Code:
$ mkdir -m0700 /tmp/gpgtest
$ gpg --homedir /tmp/gpgtest --import ploni_broken.bin ; echo "gpg: exit code $?"
gpg: keybox '/tmp/gpgtest/pubring.kbx' created
gpg: key D50ED7B480AC5F96: 1 bad signature
gpg: /tmp/gpgtest/trustdb.gpg: trustdb created
gpg: key D50ED7B480AC5F96: public key "Ploni Almoni (הוי האמרים לרע טוב, ולטוב רע:  שמים חשך לאור ואור לחשך, שמים מר למתוק ומתוק למר.)" imported
gpg: Total number processed: 1
gpg:               imported: 1
gpg: exit code 0
$ gpg --homedir /tmp/gpgtest -k
/tmp/gpgtest/pubring.kbx
------------------------
pub   ed25519 2020-03-10 [C]
      C79DD6973572969A0C2CFC9BD50ED7B480AC5F96
uid           [ unknown] Ploni Almoni (הוי האמרים לרע טוב, ולטוב רע:  שמים חשך לאור ואור לחשך, שמים מר למתוק ומתוק למר.)
uid           [ unknown] bc1qaux6ajvglvm3y3cxvtu0gc2es6fx6wlcheqgjq
uid           [ unknown] zs15m7tjrxelc6tmnsamt5lmymh48c95g4rtylx36xpjyn6t4wffue56kwflar7qvp4sc3vy3ladtl
sub   ed25519 2020-03-10 [S]
sub   cv25519 2020-03-10 [E]

Note the lack of any claim to a Bitcoin Forum userid.

Thus, if you see the “bitcointalk.org u=2778290” imported to your gpg keyring, you may rest assured that gpg has already verified a signature on that statement by the holder of the primary key.  Other user-facing OpenPGP software should behave as strictly, or moreso; if your preferred OpenPGP implementation accepts the userid with the broken signature, then you should file a bug report!

Now, how does this actually work?  Read RFC 4880 to understand what all this means:

Code:
$ gpg -v -v < ploni.asc 2>&1 | less
[...interesting stuff...]
# off=354 ctb=b4 tag=13 hlen=2 plen=25
:user ID packet: "bitcointalk.org u=2778290"
# off=381 ctb=88 tag=2 hlen=2 plen=142
:signature packet: algo 22, keyid D50ED7B480AC5F96
        version 4, created 1583879873, md5len 0, sigclass 0x13
        digest algo 10, begin of digest c0 e3
        hashed subpkt 33 len 21 (issuer fpr v4 C79DD6973572969A0C2CFC9BD50ED7B480AC5F96)
        hashed subpkt 2 len 4 (sig created 2020-03-10)
[...more interesting stuff...]

His key is a work of art.  The primary key, all subkeys, and all self-signatures have a timestamp of the exact second when his forum account was created.  He uses a primary key split from subkeys, which can support good security practices (protip: generate and store the primary key on an airgap machine, `man gpg` and look for `--export-secret-subkeys`).  I also noticed that he copied my unusual cipher preferences.  LOL.  I exercised the same attention to detail when I made my own Faketoshi key.  Anyway, I think it’s clear that Ploni has a deep understanding of OpenPGP internals.
nutildah
legendary
Activity: 2940
Merit: 7892
Re: The BCT PGP/GPG Public Key Database: Stake Your PGP Key Here
March 12, 2020, 12:37:38 AM
#436
Quote from: Ploni Almoni on March 11, 2020, 12:13:55 PM
The fact that I could create a "bitcointalk.org u=2778290" userid (self-signed by the primary key, with the signature's embedded creation time) proves everything that a signed "I am bitcointalk.org u=2778290" statement could, at the time of initial publication of the key. That is the reason for self-signatures on userids... a point that most people miss. Please learn how PGP works before explaining it to others.

dragon is absolutely correct.

You didn't actually provide proof of ownership of the public key.

Everything else you just said isn't proof of ownership.
Ploni Almoni
copper member
Activity: 12
Merit: 1
Re: The BCT PGP/GPG Public Key Database: Stake Your PGP Key Here
March 11, 2020, 12:13:55 PM
#435
Quote from: dragonvslinux on March 11, 2020, 04:17:39 AM
Quote from: Ploni Almoni on March 11, 2020, 02:36:47 AM
No need for a separate signed statement.

That's debatable, signature proves the ownership of the public key.

The fact that I could create a "bitcointalk.org u=2778290" userid (self-signed by the primary key, with the signature's embedded creation time) proves everything that a signed "I am bitcointalk.org u=2778290" statement could, at the time of initial publication of the key. That is the reason for self-signatures on userids... a point that most people miss. Please learn how PGP works before explaining it to others.

Quote from: dragonvslinux on March 11, 2020, 04:17:39 AM
Quote from: Ploni Almoni on March 11, 2020, 02:36:47 AM
My forum uid is bound in a userid.

Verified.
...

Archived.

Thanks.
dragonvslinux
legendary
Activity: 1652
Merit: 2177
Crypto Swap Exchange
Re: The BCT PGP/GPG Public Key Database: Stake Your PGP Key Here
March 11, 2020, 04:17:39 AM
#434
Quote from: Ploni Almoni on March 11, 2020, 02:36:47 AM
My forum uid is bound in a userid.

Verified.

Quote from: Ploni Almoni on March 11, 2020, 02:36:47 AM
No need for a separate signed statement.

That's debatable, signature proves the ownership of the public key.

Quote from: Ploni Almoni on March 11, 2020, 02:36:47 AM
Code:
-----BEGIN PGP PUBLIC KEY BLOCK-----

mDMEXmgWwRYJKwYBBAHaRw8BAQdARy3/fyKwUzEsrxHCU4oqH8et9FIjXo2LycsD
Dm7j2BC0m1Bsb25pIEFsbW9uaSAo15TXldeZINeU15DXnteo15nXnSDXnNeo16Ig
15jXldeRLCDXldec15jXldeRINeo16I6ICDXqdee15nXnSDXl9ep15og15zXkNeV
16gg15XXkNeV16gg15zXl9ep15osINep157XmdedINee16gg15zXnteq15XXpyDX
ldee16rXldenINec157XqC4piI4EExYKADYWIQTHndaXNXKWmgws/JvVDte0gKxf
lgUCXmgWwQIbAQMLCQ0FFQoJCAsFFgIDAQACHgECF4AACgkQ1Q7XtICsX5ZV4AD+
JnnyUbXmctPoAFwsZPJ4yfwA0QOLKfntFeAlZbZPQoQA/AqBE9VZmm/4O4GsZ07K
oVbiKWj8meZUToONQaQxt4UJtBliaXRjb2ludGFsay5vcmcgdT0yNzc4MjkwiI4E
ExYKADYWIQTHndaXNXKWmgws/JvVDte0gKxflgUCXmgWwQIbAQMLCQ0FFQoJCAsF
FgIDAQACHgECF4AACgkQ1Q7XtICsX5bA4wEAnfYjwGU97Zz8s2hSR9plOCVMkLsp
mufgTQ1e0dIfxdcA/RTbYbT7/LnoSnH0s8wPEaOVv97JZ+0zPzttf0Vge1sHtCpi
YzFxYXV4NmFqdmdsdm0zeTNjeHZ0dTBnYzJlczZmeDZ3bGNoZXFnanGIjgQTFgoA
NhYhBMed1pc1cpaaDCz8m9UO17SArF+WBQJeaBbBAhsBAwsJDQUVCgkICwUWAgMB
AAIeAQIXgAAKCRDVDte0gKxflrlmAQDC8R7wEy9L3HdCLQ0UAeqOkStm9+k9/ZoK
URzmP3tH1QEAj884KIxKrJ0jzYmlnQNP6wsX2Z4AAUOh/LkUqJcXQgO0TnpzMTVt
N3RqcnhlbGM2dG1uc2FtdDVsbXltaDQ4Yzk1ZzRydHlseDM2eHBqeW42dDR3ZmZ1
ZTU2a3dmbGFyN3F2cDRzYzN2eTNsYWR0bIiOBBMWCgA2FiEEx53WlzVylpoMLPyb
1Q7XtICsX5YFAl5oFsECGwEDCwkNBRUKCQgLBRYCAwEAAh4BAheAAAoJENUO17SA
rF+W0DoBAOJMCTnzAxqWWqC+ELKWdAf6cAuwLA/T+dLdv8z+fJ9yAQDZC/+eVxa8
1jN2DO0vH/b572JPiV8hWH1bFUHZ0efXALgzBF5oFsEWCSsGAQQB2kcPAQEHQPyn
BzONkUENf/V3dXGgwoEEE2AGrI9I3vtjyh7aSayWiO8EGBYKACAWIQTHndaXNXKW
mgws/JvVDte0gKxflgUCXmgWwQIbAgCBCRDVDte0gKxflnYgBBkWCgAdFiEEts7j
vkEJGhOEY3d4sDdzDtMf+esFAl5oFsEACgkQsDdzDtMf+etg0wEAr2xIGqFCoVnL
TJZIKksyANcHs5b6sD83/90Xvg7OQfMA/0w3vMNUCRoLzV6aIrJtfAkPRmVJ51xQ
gDeBQ2AezCEFRtYBAPxzv/NqzfE7lztls69r8OjmQRHnHT6+SY7mEUwz6iCAAP0Q
4NFXQilT3g5m+F66Sxa5lALb7Keg8f/7iKrjAf0LD7g4BF5oFsESCisGAQQBl1UB
BQEBB0BB8iQ1EEBXc8a0aLHzvySm18kuGffPQWjpjwhN5HysGwMBCAeIeAQYFgoA
IBYhBMed1pc1cpaaDCz8m9UO17SArF+WBQJeaBbBAhsMAAoJENUO17SArF+WANMA
/AqVm157ny1eOj3WI6AlR+559VDMRf8Xkd1sbQyTmreAAP4yRZTZM2DMq2p9fbLt
Z8c2lJCAzOL9kWdOCh+K93//Ag==
=GnN3
-----END PGP PUBLIC KEY BLOCK-----

While I am at it, here are some additional hash commitments:

Code:
a3459b092beca5c62a303ebc09bc3f2059fcb385e0eca49014b094be71afebb2

141238bad9b9dde36a1305034b0adfe0b7e5ee6402847851ed9df96b2b33aeb7

16e19d9c485e852e80207563c184594f84db61ed8a4b8ee780952575180692ac

9d40f1b97bf8250db05f1eb20646fcf3cb0b5bb34ef2815b63a03325f4773793

17672339b980195ce44d79eb0f3513bb52fa03ecbd59a1e3faa8a2a77a5204eb

4661794aeb3c2f74bd6121ba4221230db60c95e2083a1272ce1f77fcd283e98b

6120ff9d631e63ae97fa2d2d731734ec0cffaea8463f49960608346d124d77ed

Please quote & archive. Thanks.

Archived.
Ploni Almoni
copper member
Activity: 12
Merit: 1
Re: The BCT PGP/GPG Public Key Database: Stake Your PGP Key Here
March 11, 2020, 02:36:47 AM
#433
Code:
-----BEGIN PGP PUBLIC KEY BLOCK-----

mDMEXmgWwRYJKwYBBAHaRw8BAQdARy3/fyKwUzEsrxHCU4oqH8et9FIjXo2LycsD
Dm7j2BC0m1Bsb25pIEFsbW9uaSAo15TXldeZINeU15DXnteo15nXnSDXnNeo16Ig
15jXldeRLCDXldec15jXldeRINeo16I6ICDXqdee15nXnSDXl9ep15og15zXkNeV
16gg15XXkNeV16gg15zXl9ep15osINep157XmdedINee16gg15zXnteq15XXpyDX
ldee16rXldenINec157XqC4piI4EExYKADYWIQTHndaXNXKWmgws/JvVDte0gKxf
lgUCXmgWwQIbAQMLCQ0FFQoJCAsFFgIDAQACHgECF4AACgkQ1Q7XtICsX5ZV4AD+
JnnyUbXmctPoAFwsZPJ4yfwA0QOLKfntFeAlZbZPQoQA/AqBE9VZmm/4O4GsZ07K
oVbiKWj8meZUToONQaQxt4UJtBliaXRjb2ludGFsay5vcmcgdT0yNzc4MjkwiI4E
ExYKADYWIQTHndaXNXKWmgws/JvVDte0gKxflgUCXmgWwQIbAQMLCQ0FFQoJCAsF
FgIDAQACHgECF4AACgkQ1Q7XtICsX5bA4wEAnfYjwGU97Zz8s2hSR9plOCVMkLsp
mufgTQ1e0dIfxdcA/RTbYbT7/LnoSnH0s8wPEaOVv97JZ+0zPzttf0Vge1sHtCpi
YzFxYXV4NmFqdmdsdm0zeTNjeHZ0dTBnYzJlczZmeDZ3bGNoZXFnanGIjgQTFgoA
NhYhBMed1pc1cpaaDCz8m9UO17SArF+WBQJeaBbBAhsBAwsJDQUVCgkICwUWAgMB
AAIeAQIXgAAKCRDVDte0gKxflrlmAQDC8R7wEy9L3HdCLQ0UAeqOkStm9+k9/ZoK
URzmP3tH1QEAj884KIxKrJ0jzYmlnQNP6wsX2Z4AAUOh/LkUqJcXQgO0TnpzMTVt
N3RqcnhlbGM2dG1uc2FtdDVsbXltaDQ4Yzk1ZzRydHlseDM2eHBqeW42dDR3ZmZ1
ZTU2a3dmbGFyN3F2cDRzYzN2eTNsYWR0bIiOBBMWCgA2FiEEx53WlzVylpoMLPyb
1Q7XtICsX5YFAl5oFsECGwEDCwkNBRUKCQgLBRYCAwEAAh4BAheAAAoJENUO17SA
rF+W0DoBAOJMCTnzAxqWWqC+ELKWdAf6cAuwLA/T+dLdv8z+fJ9yAQDZC/+eVxa8
1jN2DO0vH/b572JPiV8hWH1bFUHZ0efXALgzBF5oFsEWCSsGAQQB2kcPAQEHQPyn
BzONkUENf/V3dXGgwoEEE2AGrI9I3vtjyh7aSayWiO8EGBYKACAWIQTHndaXNXKW
mgws/JvVDte0gKxflgUCXmgWwQIbAgCBCRDVDte0gKxflnYgBBkWCgAdFiEEts7j
vkEJGhOEY3d4sDdzDtMf+esFAl5oFsEACgkQsDdzDtMf+etg0wEAr2xIGqFCoVnL
TJZIKksyANcHs5b6sD83/90Xvg7OQfMA/0w3vMNUCRoLzV6aIrJtfAkPRmVJ51xQ
gDeBQ2AezCEFRtYBAPxzv/NqzfE7lztls69r8OjmQRHnHT6+SY7mEUwz6iCAAP0Q
4NFXQilT3g5m+F66Sxa5lALb7Keg8f/7iKrjAf0LD7g4BF5oFsESCisGAQQBl1UB
BQEBB0BB8iQ1EEBXc8a0aLHzvySm18kuGffPQWjpjwhN5HysGwMBCAeIeAQYFgoA
IBYhBMed1pc1cpaaDCz8m9UO17SArF+WBQJeaBbBAhsMAAoJENUO17SArF+WANMA
/AqVm157ny1eOj3WI6AlR+559VDMRf8Xkd1sbQyTmreAAP4yRZTZM2DMq2p9fbLt
Z8c2lJCAzOL9kWdOCh+K93//Ag==
=GnN3
-----END PGP PUBLIC KEY BLOCK-----

My forum uid is bound in a userid. No need for a separate signed statement.

While I am at it, here are some additional hash commitments:

Code:
a3459b092beca5c62a303ebc09bc3f2059fcb385e0eca49014b094be71afebb2

141238bad9b9dde36a1305034b0adfe0b7e5ee6402847851ed9df96b2b33aeb7

16e19d9c485e852e80207563c184594f84db61ed8a4b8ee780952575180692ac

9d40f1b97bf8250db05f1eb20646fcf3cb0b5bb34ef2815b63a03325f4773793

17672339b980195ce44d79eb0f3513bb52fa03ecbd59a1e3faa8a2a77a5204eb

4661794aeb3c2f74bd6121ba4221230db60c95e2083a1272ce1f77fcd283e98b

6120ff9d631e63ae97fa2d2d731734ec0cffaea8463f49960608346d124d77ed

Please quote & archive. Thanks.
Timelord2067
legendary
Activity: 3626
Merit: 2209
💲🏎️💨🚓
Re: The BCT PGP/GPG Public Key Database: Stake Your PGP Key Here
February 27, 2020, 01:19:37 PM
#432
Quote from: nullius on February 27, 2020, 09:02:44 AM
If or when I stop using the below-described key, I intend to edit this post and/or make a new post on this thread, with another signed notice as appropriate.  However, of course, I cannot guarantee that that will happen.

I am posting this in public, so as to have a link to provide.  Please quote and verify.

Code:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

**Until further notice**, I am also using for communication
security purposes a separate, temporary PGP key,
0x66EA0A29C54F89B9523DC51361B25B17B45FCAF3.

Key fingerprint = 66EA 0A29 C54F 89B9 523D  C513 61B2 5B17 B45F CAF3

I do not wish to disclose the key publicly, for reasons that I do not
wish to disclose publicly.  I am posting this notice, because there may be
OpenPGP software in the wild that does not implement the checking of WoT
signatures; I do not think that I will bother with a WoT signature here.

The 0x61B25B17B45FCAF3 key MUST NOT be trusted for purposes other than
securing ordinary communications; e.g., it MUST NOT be used for forum
account control purposes.

0xC2E91CD74A4C57A105F6C21B5A00591B2F307E0C is, and remains, my canonical
identity key and root of trust.

Signed,

nullius (2020-02-27)

-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQSNOMR84IlYpr/EF5vEJ5MVn575SQUCXle8RAAKCRDEJ5MVn575
SUT6AP4zk7S5Ycm4bvR4mddz4NGznPy1bm1I60YOZg7ibherEwEA7Rjv4/ehPe25
eTAnqMl31O9BLW03Ns8hf+Is0AGhVgg=
=C0vR
-----END PGP SIGNATURE-----

Message quoted and Archived [1a], [1b] for future reference.


The whole purpose of this thread is to *not* modify your posts here. (which is why they are quoted and archived for when on those rare occasions someone takes it upon themselves to disregard the request).
nullius
copper member
Activity: 630
Merit: 2610
If you don’t do PGP, you don’t do crypto!
Re: The BCT PGP/GPG Public Key Database: Stake Your PGP Key Here
February 27, 2020, 09:02:44 AM
#431
If or when I stop using the below-described key, I intend to edit this post and/or make a new post on this thread, with another signed notice as appropriate.  However, of course, I cannot guarantee that that will happen.

I am posting this in public, so as to have a link to provide.  Please quote and verify.

Code:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

**Until further notice**, I am also using for communication
security purposes a separate, temporary PGP key,
0x66EA0A29C54F89B9523DC51361B25B17B45FCAF3.

Key fingerprint = 66EA 0A29 C54F 89B9 523D  C513 61B2 5B17 B45F CAF3

I do not wish to disclose the key publicly, for reasons that I do not
wish to disclose publicly.  I am posting this notice, because there may be
OpenPGP software in the wild that does not implement the checking of WoT
signatures; I do not think that I will bother with a WoT signature here.

The 0x61B25B17B45FCAF3 key MUST NOT be trusted for purposes other than
securing ordinary communications; e.g., it MUST NOT be used for forum
account control purposes.

0xC2E91CD74A4C57A105F6C21B5A00591B2F307E0C is, and remains, my canonical
identity key and root of trust.

Signed,

nullius (2020-02-27)

-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQSNOMR84IlYpr/EF5vEJ5MVn575SQUCXle8RAAKCRDEJ5MVn575
SUT6AP4zk7S5Ycm4bvR4mddz4NGznPy1bm1I60YOZg7ibherEwEA7Rjv4/ehPe25
eTAnqMl31O9BLW03Ns8hf+Is0AGhVgg=
=C0vR
-----END PGP SIGNATURE-----
Timelord2067
legendary
Activity: 3626
Merit: 2209
💲🏎️💨🚓
Re: The BCT PGP/GPG Public Key Database: Stake Your PGP Key Here
February 18, 2020, 03:24:46 AM
#430
Quote from: Lauda on February 17, 2020, 05:12:12 AM
Old key is here: https://bitcointalksearch.org/topic/m.46696549.

Quote
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

This key expires tomorrow. New key generated.
Fingerprint:
1F2E 62A4 553E DA69 3A11  C923 44E3 4D3B 633C F4EA

- -----BEGIN PGP PUBLIC KEY BLOCK-----

mDMEXkpVxhYJKwYBBAHaRw8BAQdAUxufqRTd+8uyRkTp+ZIHXTfUDCx0/S6MuJKf
iU2D0u+0BUxhdWRhiJYEExYIAD4WIQQfLmKkVT7aaToRySNE4007Yzz06gUCXkpV
xgIbAwUJA8JnAAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRBE4007Yzz06iMd
AP4woonf+rFOQ+R7nWcac+tcDHLHMwqAqqrCrcTYOdTWggEA32N2ZyVwOBWWJUTO
1/gT1bz0mxauaBVajG4RLWkE6AK4OAReSlXGEgorBgEEAZdVAQUBAQdAYT3Co5PJ
JkJ0sB3oB+k4xNawjDzVEmYGXUrvVvnrjSMDAQgHiH4EGBYIACYWIQQfLmKkVT7a
aToRySNE4007Yzz06gUCXkpVxgIbDAUJA8JnAAAKCRBE4007Yzz06lz9AQDSo02Y
D0RsIPWL/TpqIpoa01HAQDN/iZKr39MJwGCopAD+KgESbqYfiXO4xyEED+SbEd1C
LfSvrBU+CLjgOuFtvg8=
=V0Bx
- -----END PGP PUBLIC KEY BLOCK-----

Date: 17/02/2020
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEYbYndMiukd+rDQpnxNflug4bR/AFAl5KVmAACgkQxNflug4b
R/Dk9RAAjHg7ASvJBkZ36LoPQsSYI9j8GhaFOIGq/z6dDujs+boyYWLPx7iJvOGn
sZIgAmhhL3yvEtadMhMG8g3VVyKVF9+YK6ONGt3rAcfIkj2t7BljBWXgk3NRMuvH
D6H4yWpWcN7A3NYHk9jBVrxP3CWJjwcHn3ZrD6X4ohlSMJSSu5wL5FD5/SJOJaTH
/DZqivYA2pCXvz85j1VDPsa4Ie07vQMxWijWzWZyQcw7PZ6r7B/VvT8PVplCIc8y
9jLfNCYTWY5oYP0d7/mVhMa7sOS/XeTnEOw5KKdGzoo4UEVCSh7AS6PiOD89Qx1r
1wHYjX576y0rvwK6vOR5CMl7tYI1sby6y9TvFGJS8D7dGJ2wWIPwgsGb1FKkWjii
6VBIBuq6hNNIybVQjwAUZ9Kbl7juw/pDQN2ecmPn95n7pkk3kWjoB5Dg+DkflolO
PosN2obVYSQ8xg12TRQUCyUvQvXKDN35b5PXRWebgqlX5dcG8PfuH5KCtQ05IUjb
+nawLuP+K26dC/CYs9QUAN4WkoJ9Mj7ai43yjE1eILljVC282f66zLgKtWBi72sS
4ZhqWYlcven9cY42+BFjB5ht8kuGgAW09c23qKBougfUDTy2bQxS5uyMwCZxF+Di
d60pWjjg+htSAA1m8pnLxNDFzkY9fI1xt5sZ+m5tq5RR+GkqFBQ=
=DjjO
-----END PGP SIGNATURE-----

Quote
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello, World!

2020-02-17:   I am Lauda.
-----BEGIN PGP SIGNATURE-----

iHUEARYIAB0WIQQfLmKkVT7aaToRySNE4007Yzz06gUCXkpXbgAKCRBE4007Yzz0
6kNHAP0ZdN0OrzGSHTlMZeckeB5cBVzpwFCLlF1Bz0xP/qLQ+QD8Cti8A5CFnbWZ
3fRsTOLsa4qPkFSZDeWVprhrk+9Rsg8=
=otu8
-----END PGP SIGNATURE-----

Message quoted and archived for future reference: Archive [1a], [1b]
nullius
copper member
Activity: 630
Merit: 2610
If you don’t do PGP, you don’t do crypto!
Re: The BCT PGP/GPG Public Key Database: Stake Your PGP Key Here
February 17, 2020, 05:29:56 AM
#429
Quote from: Lauda on February 17, 2020, 05:12:12 AM
Old key is here: https://bitcointalksearch.org/topic/m.46696549.

Quote
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

This key expires tomorrow. New key generated.
Fingerprint:
1F2E 62A4 553E DA69 3A11  C923 44E3 4D3B 633C F4EA

- -----BEGIN PGP PUBLIC KEY BLOCK-----

mDMEXkpVxhYJKwYBBAHaRw8BAQdAUxufqRTd+8uyRkTp+ZIHXTfUDCx0/S6MuJKf
iU2D0u+0BUxhdWRhiJYEExYIAD4WIQQfLmKkVT7aaToRySNE4007Yzz06gUCXkpV
xgIbAwUJA8JnAAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRBE4007Yzz06iMd
AP4woonf+rFOQ+R7nWcac+tcDHLHMwqAqqrCrcTYOdTWggEA32N2ZyVwOBWWJUTO
1/gT1bz0mxauaBVajG4RLWkE6AK4OAReSlXGEgorBgEEAZdVAQUBAQdAYT3Co5PJ
JkJ0sB3oB+k4xNawjDzVEmYGXUrvVvnrjSMDAQgHiH4EGBYIACYWIQQfLmKkVT7a
aToRySNE4007Yzz06gUCXkpVxgIbDAUJA8JnAAAKCRBE4007Yzz06lz9AQDSo02Y
D0RsIPWL/TpqIpoa01HAQDN/iZKr39MJwGCopAD+KgESbqYfiXO4xyEED+SbEd1C
LfSvrBU+CLjgOuFtvg8=
=V0Bx
- -----END PGP PUBLIC KEY BLOCK-----

Date: 17/02/2020
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEYbYndMiukd+rDQpnxNflug4bR/AFAl5KVmAACgkQxNflug4b
R/Dk9RAAjHg7ASvJBkZ36LoPQsSYI9j8GhaFOIGq/z6dDujs+boyYWLPx7iJvOGn
sZIgAmhhL3yvEtadMhMG8g3VVyKVF9+YK6ONGt3rAcfIkj2t7BljBWXgk3NRMuvH
D6H4yWpWcN7A3NYHk9jBVrxP3CWJjwcHn3ZrD6X4ohlSMJSSu5wL5FD5/SJOJaTH
/DZqivYA2pCXvz85j1VDPsa4Ie07vQMxWijWzWZyQcw7PZ6r7B/VvT8PVplCIc8y
9jLfNCYTWY5oYP0d7/mVhMa7sOS/XeTnEOw5KKdGzoo4UEVCSh7AS6PiOD89Qx1r
1wHYjX576y0rvwK6vOR5CMl7tYI1sby6y9TvFGJS8D7dGJ2wWIPwgsGb1FKkWjii
6VBIBuq6hNNIybVQjwAUZ9Kbl7juw/pDQN2ecmPn95n7pkk3kWjoB5Dg+DkflolO
PosN2obVYSQ8xg12TRQUCyUvQvXKDN35b5PXRWebgqlX5dcG8PfuH5KCtQ05IUjb
+nawLuP+K26dC/CYs9QUAN4WkoJ9Mj7ai43yjE1eILljVC282f66zLgKtWBi72sS
4ZhqWYlcven9cY42+BFjB5ht8kuGgAW09c23qKBougfUDTy2bQxS5uyMwCZxF+Di
d60pWjjg+htSAA1m8pnLxNDFzkY9fI1xt5sZ+m5tq5RR+GkqFBQ=
=DjjO
-----END PGP SIGNATURE-----

Quote
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello, World!

2020-02-17:   I am Lauda.
-----BEGIN PGP SIGNATURE-----

iHUEARYIAB0WIQQfLmKkVT7aaToRySNE4007Yzz06gUCXkpXbgAKCRBE4007Yzz0
6kNHAP0ZdN0OrzGSHTlMZeckeB5cBVzpwFCLlF1Bz0xP/qLQ+QD8Cti8A5CFnbWZ
3fRsTOLsa4qPkFSZDeWVprhrk+9Rsg8=
=otu8
-----END PGP SIGNATURE-----

Quoted and verified.  Purr at PGP.  :-)  Hiss at the forum’s ad-hoc means of less-securely reinventing key management. :-/
Lauda
legendary
Activity: 2674
Merit: 2965
Terminated.
Re: The BCT PGP/GPG Public Key Database: Stake Your PGP Key Here
February 17, 2020, 05:12:12 AM
#428
Old key is here: https://bitcointalksearch.org/topic/m.46696549.

Quote
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

This key expires tomorrow. New key generated.
Fingerprint:
1F2E 62A4 553E DA69 3A11  C923 44E3 4D3B 633C F4EA

- -----BEGIN PGP PUBLIC KEY BLOCK-----

mDMEXkpVxhYJKwYBBAHaRw8BAQdAUxufqRTd+8uyRkTp+ZIHXTfUDCx0/S6MuJKf
iU2D0u+0BUxhdWRhiJYEExYIAD4WIQQfLmKkVT7aaToRySNE4007Yzz06gUCXkpV
xgIbAwUJA8JnAAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRBE4007Yzz06iMd
AP4woonf+rFOQ+R7nWcac+tcDHLHMwqAqqrCrcTYOdTWggEA32N2ZyVwOBWWJUTO
1/gT1bz0mxauaBVajG4RLWkE6AK4OAReSlXGEgorBgEEAZdVAQUBAQdAYT3Co5PJ
JkJ0sB3oB+k4xNawjDzVEmYGXUrvVvnrjSMDAQgHiH4EGBYIACYWIQQfLmKkVT7a
aToRySNE4007Yzz06gUCXkpVxgIbDAUJA8JnAAAKCRBE4007Yzz06lz9AQDSo02Y
D0RsIPWL/TpqIpoa01HAQDN/iZKr39MJwGCopAD+KgESbqYfiXO4xyEED+SbEd1C
LfSvrBU+CLjgOuFtvg8=
=V0Bx
- -----END PGP PUBLIC KEY BLOCK-----

Date: 17/02/2020
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEYbYndMiukd+rDQpnxNflug4bR/AFAl5KVmAACgkQxNflug4b
R/Dk9RAAjHg7ASvJBkZ36LoPQsSYI9j8GhaFOIGq/z6dDujs+boyYWLPx7iJvOGn
sZIgAmhhL3yvEtadMhMG8g3VVyKVF9+YK6ONGt3rAcfIkj2t7BljBWXgk3NRMuvH
D6H4yWpWcN7A3NYHk9jBVrxP3CWJjwcHn3ZrD6X4ohlSMJSSu5wL5FD5/SJOJaTH
/DZqivYA2pCXvz85j1VDPsa4Ie07vQMxWijWzWZyQcw7PZ6r7B/VvT8PVplCIc8y
9jLfNCYTWY5oYP0d7/mVhMa7sOS/XeTnEOw5KKdGzoo4UEVCSh7AS6PiOD89Qx1r
1wHYjX576y0rvwK6vOR5CMl7tYI1sby6y9TvFGJS8D7dGJ2wWIPwgsGb1FKkWjii
6VBIBuq6hNNIybVQjwAUZ9Kbl7juw/pDQN2ecmPn95n7pkk3kWjoB5Dg+DkflolO
PosN2obVYSQ8xg12TRQUCyUvQvXKDN35b5PXRWebgqlX5dcG8PfuH5KCtQ05IUjb
+nawLuP+K26dC/CYs9QUAN4WkoJ9Mj7ai43yjE1eILljVC282f66zLgKtWBi72sS
4ZhqWYlcven9cY42+BFjB5ht8kuGgAW09c23qKBougfUDTy2bQxS5uyMwCZxF+Di
d60pWjjg+htSAA1m8pnLxNDFzkY9fI1xt5sZ+m5tq5RR+GkqFBQ=
=DjjO
-----END PGP SIGNATURE-----

Quote
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello, World!

2020-02-17:   I am Lauda.
-----BEGIN PGP SIGNATURE-----

iHUEARYIAB0WIQQfLmKkVT7aaToRySNE4007Yzz06gUCXkpXbgAKCRBE4007Yzz0
6kNHAP0ZdN0OrzGSHTlMZeckeB5cBVzpwFCLlF1Bz0xP/qLQ+QD8Cti8A5CFnbWZ
3fRsTOLsa4qPkFSZDeWVprhrk+9Rsg8=
=otu8
-----END PGP SIGNATURE-----
DireWolfM14
copper member
Activity: 2170
Merit: 4238
Join the world-leading crypto sportsbook NOW!
Re: The BCT PGP/GPG Public Key Database: Stake Your PGP Key Here
February 15, 2020, 02:00:58 PM
#427
Quote from: mindrust on February 15, 2020, 12:55:13 PM
Fingerprint: 3772128E81E3B74250DF6AA898A9F2690FF78C30

Code:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I am mindrust.
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEN3ISjoHjt0JQ32qomKnyaQ/3jDAFAl5IIYsACgkQmKnyaQ/3
jDDymwgAr4UM4+SQNFVLtHbB4d8sutgmeWpV4kGpokeQU/yPszaaI1xK4ATTK4NR
ifqTPQNgbclBP8/R6hvlDm1D37gnCDbuPcdxyHkGwLdT6idBwQT5mklbdtUFHoav
BU0cLwWezGrcTt4GE8akhJTRgDJ6yQqgxRZnZ91DZvVSLVTvJSjkaRZglbaY0JPE
T7Y9LNqK5M5XIZF3SfzE+A3fl5JPubffc+ikDnVJLNUiXlT8BGCyiGz5q5rZGyJA
//CopRF9tjjZKjmJiAnDoBdDuuPb5Q/LDS4GI+hpNx0YY2Ocd5OC3v+3lx8vUUgx
O19utHyvlhGYKpueTHH6WO2xq1OnGQ==
=Rl+F
-----END PGP SIGNATURE-----


Code:
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQENBF42t2QBCAC/DfGHEEj4SzJgQ6zx3ONNszC1udHdUDfteloXfyeJvp0P//ZD
Vvoik6/dxm9FY8Pp85n9FWkGoAcii66QApGC1Yf9Gb09IpRnkl8wBO3J5SJDn4fh
CbyHxuvelq1m8odsJxeE4XbWxYB3iIefPIobbLbt3KsSwkx45KARQAMpHLNdtZQX
JxqeY2tGqZ8jkXsKwsD/XhvP1eDkmtwsZ79ooas3C6nD5lX3IqgvQoMwAgh2aCAI
cjZHeoZsmxNZsjo3hVXcOc/z6k2GNNq6ALuDsRFMxpB5GNCKQgoakrXNF7uN1j6S
005mb2Pdz09B+qc/0mPRyoWx9iqumxEXxIZLABEBAAG0JW1pbmRydXN0IDxtaW5k
cnVzdGJ0dEBwcm90b25tYWlsLmNvbT6JAU4EEwEIADgWIQQ3chKOgeO3QlDfaqiY
qfJpD/eMMAUCXja3ZAIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRCYqfJp
D/eMMGoqB/wNQOWobfxl8H61gGLHLgPKTJaZ2OMgYgFoj36ZPRlD7vkmOY3YplOG
1T2ER1PiBGmzkIda7vjZzzrvoSzLlgHbz0ACLIUCCsAnmZdXLwz+mGIoIvQ66V3Z
SDNKrPCIUfoazIqreclDgGAg9cxfQAIdjyzs8keISCB8z0doiKRyn7i5/bv+zgK+
rxpgrjI31gDnZyE2G1a3mEyUIp0UWOzgk+L5fEL3HPYXa+N8uiVRZ5lL5J4Ye8ds
Vx82reTWKcsH9u3vBdzOohXJ5KBcLvXaSrz2JrNuT4Ga/zpo3ofmzjedbzNPhcVK
A4v6H641dEajYAzDLW/p3+Kg+ew7jwg2uQENBF42t2QBCAC9hr34PWyNqQatBw6O
MvaJ9CXRZwsVvxQAFtOG0evIut5Fu5zrHf3IIVjzsjINGnvfLKQLcmVSWORTuF8j
1zqAJxCu1P5J9cCtHIDP+Sf/xSSIiFKxPo3GPy9FvfLkxSCVAsSvp8zpW2Ki/7GY
xSrtFCGERQ/Pn6giGRgjn34M1H/ZmQhOhorBR0S9ksUlSQeEILrv5H41qjjRxkkm
4acPFfrfjcRYsYSDTx1Jdyh7WkYYxrO7ZhHCKcA0YZsm4W+9GTFDuk8mTBnVwNtY
BkcJGNM/qp2HDdDgzYuHWtOvyFiDwBQHXBHBDZu5dafH8B4+rD0KFBKadmwW5L48
thGJABEBAAGJATYEGAEIACAWIQQ3chKOgeO3QlDfaqiYqfJpD/eMMAUCXja3ZAIb
DAAKCRCYqfJpD/eMMBGYB/9Sfcv1yUHHq6okoSSSbnvpSiQBJZn+c6RFvwP3fTzF
+rjuXBzXAj3tmit+7EyCKWdvchORRSP1q+E4kNMZkrXeZwrg6qU0Mb8cC891oSPi
5jXDZKSo0B9V4HAwhoYHoeAzqxsSYyzKflbXi4NUYVQoZq5mC83mxTZaF78WlUPu
M80LLPaKSWHWWENHXpmlNhDdsVyBlcikgjbBPe+zLG+s4vEPEopwlU//wqb4jZWp
DGizUU53yiYIobtYHPmDjYj5nNNoal/2ai7mD2J6NrzbibqVJTru/NnZdfSaeKtH
O0ue8gTfZSzSCbGqXGTYN2CmiIexZpL1HuS0ahYlU5O8
=MzB2

-----END PGP PUBLIC KEY BLOCK-----


I verified the signature using Kleaopatra, which returned the same fingerprint.
Pages:
Bitcoin Forum>Economy>Trading Discussion>Reputation
Jump to: