Re: [freenet-chat] PGP signatures

[Mathew Ryden]

From: "Aaron P Ingebrigtsen" <[EMAIL PROTECTED]>

> On Thu, 31 May 2001 07:45:40 -0500 "Mathew Ryden" <[EMAIL PROTECTED]>
> writes:
> > then you are seeing the effect of someone who didn't use an
> > algorithm
> > optomized for speed. if you do a similar thing with PGP you'll
> > notice it's
> > much faster - pgp also has installed things to make finding the
> > password
> > more difficult and from knowing how full an archive is -- I doubt
> > UC2 has
> > such stringent standards.
>
> I don't want speed, I want security.  If I have to wait longer for better
> security, fine. :)

You are running a program with unoptomized code in it. The additional wait
doesn't mean it's any secure, it just shows how much more effort the PGP
people spent in making their program easily usable. PGP is known around the
world to be secure - the 2.6.5 source is publically available (in book form
no less! :). UC2 is not known for it's security - there have been no
external source audits. Until those are done I wouldn't store anything
important in there like... anything.

> Also, I tried to encrypt with PGP and it restarted three times before it
> got 10% done.  What do I do?

I don't know. :)

> > well, I'm 95% sure that each of Rand1 and Rand2 are 56 bits but I
> > can't be
> > bothered to double check for sure.
>
> Well, you could look at UC2 yourself and test it's capabilities instead
> of telling me what you THINK it's capabilities are. :)

That would require an expenditure of resources I'm not about to take.
Becuase I highly doubt UC2 would tell me if it's using 56 or 64 bits of
encryption - later checking in AC has indeed shown me that DESede is indeed
112 bit encryption - not looking good on the security side for UC2.

> I will agree with you that the more bits are used for the encryption key
> the better. :)
>
> In PGP the best passphrase is the longest and most complex, yet still
> rememberable passphrase. :)
>
> In UC2 the best password is generated by a random password generator and
> is very difficult to remember.  And the longer the password the better.
>
> How would you do a brute force attack successfully against a UE2
> encrypted archive?  Do you just setup a program that generates passwords
> till it finds the right one, or is there a way to crack open the file and
> figure out the password from the content of the file?

Get the source first. Until then this portion of the discussion has never
been opened.

-Mathew


___
Chat mailing list
[EMAIL PROTECTED]
http://lists.freenetproject.org/mailman/listinfo/chat

Re: [freenet-chat] PGP signatures

[Aaron P Ingebrigtsen]

On Thu, 31 May 2001 07:45:40 -0500 "Mathew Ryden" <[EMAIL PROTECTED]>
writes:

> then you are seeing the effect of someone who didn't use an 
> algorithm
> optomized for speed. if you do a similar thing with PGP you'll 
> notice it's
> much faster - pgp also has installed things to make finding the 
> password
> more difficult and from knowing how full an archive is -- I doubt 
> UC2 has
> such stringent standards.

I don't want speed, I want security.  If I have to wait longer for better
security, fine. :)

Also, I tried to encrypt with PGP and it restarted three times before it
got 10% done.  What do I do?

> well, I'm 95% sure that each of Rand1 and Rand2 are 56 bits but I 
> can't be
> bothered to double check for sure.

Well, you could look at UC2 yourself and test it's capabilities instead
of telling me what you THINK it's capabilities are. :)

I will agree with you that the more bits are used for the encryption key
the better. :)

In PGP the best passphrase is the longest and most complex, yet still
rememberable passphrase. :)

In UC2 the best password is generated by a random password generator and
is very difficult to remember.  And the longer the password the better.

How would you do a brute force attack successfully against a UE2
encrypted archive?  Do you just setup a program that generates passwords
till it finds the right one, or is there a way to crack open the file and
figure out the password from the content of the file?

GET INTERNET ACCESS FROM JUNO!
Juno offers FREE or PREMIUM Internet access for less!
Join Juno today!  For your FREE software, visit:
http://dl.www.juno.com/get/tagj.

___
Chat mailing list
[EMAIL PROTECTED]
http://lists.freenetproject.org/mailman/listinfo/chat

Re: [freenet-chat] PGP signatures

[Mathew Ryden]

- Original Message -
From: "Aaron P Ingebrigtsen" <[EMAIL PROTECTED]>

> On Thu, 31 May 2001 02:14:53 -0500 "Mathew Ryden" <[EMAIL PROTECTED]>
> writes:
> > Are we talking about PGP or UC2 here? If pgp, you either have a very
> > slow
> > computer or I'm shocked at norton for having such an unoptomized
> > algorithm.
>
> I was talking about UC2 which uses MD5 hash.

then you are seeing the effect of someone who didn't use an algorithm
optomized for speed. if you do a similar thing with PGP you'll notice it's
much faster - pgp also has installed things to make finding the password
more difficult and from knowing how full an archive is -- I doubt UC2 has
such stringent standards.

> > it's fairly strong for documents you don't mind being readable quite
> > soon. a
> > triple-des encrypted file is still only as secure as the key that
> > encrypts
> > it - in this case the key is Rand1 . Rand2. Assuming that they are
> > both 56
> > bit keys (as are all DES keys if memory serves) then Triple-DES gives
> > you
> > 112 bits of security (becuase you reuse a key it doesn't make the
> > security
> > any stronger on key attacks).
>
> Well I don't know how many bits Rand1 and Rand2 are, but I do know that
> they are generated by MD5 based on the password and the archive being
> encrypted.

well, I'm 95% sure that each of Rand1 and Rand2 are 56 bits but I can't be
bothered to double check for sure.


___
Chat mailing list
[EMAIL PROTECTED]
http://lists.freenetproject.org/mailman/listinfo/chat

Re: [freenet-chat] PGP signatures

[Aaron P Ingebrigtsen]

On Thu, 31 May 2001 02:14:53 -0500 "Mathew Ryden" <[EMAIL PROTECTED]>
writes:
> Are we talking about PGP or UC2 here? If pgp, you either have a very 
> slow
> computer or I'm shocked at norton for having such an unoptomized 
> algorithm.

I was talking about UC2 which uses MD5 hash.

> 
> > But is Triple-DES better at encrypting useing SHA1 hash than the 
> current
> > CAST algorithm?
> 
> No. Assuming Triple-DES is at 112 bits and CAST is at 128, CAST is 
> better.
> Especially if you assume that the NSA is still years ahead of the 
> non-gov't
> crypto world - they probably have made breaking triple-DES trivial 
> (DES is
> already trivial).

Hmm, yes I can see how more bits makes it harder to figure out the
encryption key.

> 
> > I ask because Triple-DES does this neat thing where it Encrypts 
> with
> > Rand1, Decrypts with Rand2 and Encrypts again with Rand1, makeing 
> it
> > totaly freaking impossible to break the encryption.  I think it is 
> a VERY
> > strong encryption method.
> 
> it's fairly strong for documents you don't mind being readable quite 
> soon. a
> triple-des encrypted file is still only as secure as the key that 
> encrypts
> it - in this case the key is Rand1 . Rand2. Assuming that they are 
> both 56
> bit keys (as are all DES keys if memory serves) then Triple-DES gives 
> you
> 112 bits of security (becuase you reuse a key it doesn't make the 
> security
> any stronger on key attacks).

Well I don't know how many bits Rand1 and Rand2 are, but I do know that
they are generated by MD5 based on the password and the archive being
encrypted.

> Hash is, by defination, the same for any file. Encrypting and 
> decrypting
> both occur in linear time, correct.
> 
> -Mathew

Yes, linear, one right after the other, no weird temporal mechanics
required. :)

GET INTERNET ACCESS FROM JUNO!
Juno offers FREE or PREMIUM Internet access for less!
Join Juno today!  For your FREE software, visit:
http://dl.www.juno.com/get/tagj.

___
Chat mailing list
[EMAIL PROTECTED]
http://lists.freenetproject.org/mailman/listinfo/chat

Re: [freenet-chat] PGP signatures

[Mathew Ryden]

From: "Aaron P Ingebrigtsen" <[EMAIL PROTECTED]>


> When I tried to encrypt a 500+ megabyte archive it spent a half hour just
> trying to hash out the two crypto-random numbers, then it spent 10 hours
> trying to encrypt the huge file and it never finished, because I canceled
> the process.  If it takes that long to ENCRYPT a file of that size, it
> would be nearly impossible for a hacker to decrypt it without the right
> password.  How long it would actualy take is beyond my ability to guess,
> but I'm sure that even the fastest computers would take a long time to
> process the encrypted file.  I have nothing against MD5 and Triple-DES,
> it's just that it doesn't use the keypair functions that PGP uses so that
> people can do decryption/encryption without shareing their passwords via
> insecure methods.

Are we talking about PGP or UC2 here? If pgp, you either have a very slow
computer or I'm shocked at norton for having such an unoptomized algorithm.

> But is Triple-DES better at encrypting useing SHA1 hash than the current
> CAST algorithm?

No. Assuming Triple-DES is at 112 bits and CAST is at 128, CAST is better.
Especially if you assume that the NSA is still years ahead of the non-gov't
crypto world - they probably have made breaking triple-DES trivial (DES is
already trivial).

> I ask because Triple-DES does this neat thing where it Encrypts with
> Rand1, Decrypts with Rand2 and Encrypts again with Rand1, makeing it
> totaly freaking impossible to break the encryption.  I think it is a VERY
> strong encryption method.

it's fairly strong for documents you don't mind being readable quite soon. a
triple-des encrypted file is still only as secure as the key that encrypts
it - in this case the key is Rand1 . Rand2. Assuming that they are both 56
bit keys (as are all DES keys if memory serves) then Triple-DES gives you
112 bits of security (becuase you reuse a key it doesn't make the security
any stronger on key attacks).

> And the bigger the file, the bigger the hash, and the longer it takes to
> encrypt or decrypt the file.  It takes like 5 times as long to encrypt or
> decrypt an archive as it does to create and store files in it.

Hash is, by defination, the same for any file. Encrypting and decrypting
both occur in linear time, correct.

-Mathew


___
Chat mailing list
[EMAIL PROTECTED]
http://lists.freenetproject.org/mailman/listinfo/chat

Re: [freenet-chat] PGP signatures

[Aaron P Ingebrigtsen]

On Wed, 30 May 2001 21:50:00 +0100 "Adam Langley" <[EMAIL PROTECTED]>
writes:
> On Wed, May 30, 2001 at 02:11:14PM -0500, Mathew Ryden wrote:
> > MD5 is insecure. Don't use it. SHA1 is quite secure.
> 
> MD5 isn't bad, but here is the draft for the new SHA FIPS for all
> those really paranoid people out there:
> 
> "NIST is proposing 
> the expansion of the hash standard to include additional algorithms 
> 
> that produce a 256-bit, 384-bit, and 512-bit message digest."
> 
> (general page) http://csrc.nist.gov/encryption/tkhash.html]
> (the draft doc) http://csrc.nist.gov/encryption/shs/dfips-180-2.pdf
> 
> First person to suggest that we need 512-bit CHKs gets a slap.
> 
> AGL
> 
> -- 
> The Street finds its own uses for technology.
> 

When I tried to encrypt a 500+ megabyte archive it spent a half hour just
trying to hash out the two crypto-random numbers, then it spent 10 hours
trying to encrypt the huge file and it never finished, because I canceled
the process.  If it takes that long to ENCRYPT a file of that size, it
would be nearly impossible for a hacker to decrypt it without the right
password.  How long it would actualy take is beyond my ability to guess,
but I'm sure that even the fastest computers would take a long time to
process the encrypted file.  I have nothing against MD5 and Triple-DES,
it's just that it doesn't use the keypair functions that PGP uses so that
people can do decryption/encryption without shareing their passwords via
insecure methods.

But is Triple-DES better at encrypting useing SHA1 hash than the current
CAST algorithm?

I ask because Triple-DES does this neat thing where it Encrypts with
Rand1, Decrypts with Rand2 and Encrypts again with Rand1, makeing it
totaly freaking impossible to break the encryption.  I think it is a VERY
strong encryption method.

And the bigger the file, the bigger the hash, and the longer it takes to
encrypt or decrypt the file.  It takes like 5 times as long to encrypt or
decrypt an archive as it does to create and store files in it.

GET INTERNET ACCESS FROM JUNO!
Juno offers FREE or PREMIUM Internet access for less!
Join Juno today!  For your FREE software, visit:
http://dl.www.juno.com/get/tagj.

___
Chat mailing list
[EMAIL PROTECTED]
http://lists.freenetproject.org/mailman/listinfo/chat

Re: [freenet-chat] PGP signatures

[Adam Langley]

On Wed, May 30, 2001 at 02:11:14PM -0500, Mathew Ryden wrote:
> MD5 is insecure. Don't use it. SHA1 is quite secure.

MD5 isn't bad, but here is the draft for the new SHA FIPS for all
those really paranoid people out there:

"NIST is proposing 
the expansion of the hash standard to include additional algorithms 
that produce a 256-bit, 384-bit, and 512-bit message digest."

(general page) http://csrc.nist.gov/encryption/tkhash.html]
(the draft doc) http://csrc.nist.gov/encryption/shs/dfips-180-2.pdf

First person to suggest that we need 512-bit CHKs gets a slap.

AGL

-- 
The Street finds its own uses for technology.

 PGP signature

Re: [freenet-chat] PGP signatures

[Mathew Ryden]

- Original Message -
From: "Aaron P Ingebrigtsen" <[EMAIL PROTECTED]>

> But the signature IS encrypted, otherwise you would be able to extract
> the data no matter what file you point it at, and the text of the
> signature would never change no matter what file or message you sign.  I
> know the signature doesn't encrypt the message or file that you are
> signing, that is a different function.

A PGP signature on the bottom of the mail message is encrypted. First the
entire message goes through a hash function, then the resulting hash is
encrypted with the private key. The mail goes out, someone gets it. They
verify the message by taking the message, running it through the same hash
function and checking that against the decrypted signature. (the signature
is decrypted by using the public key)

> I was wondering, which do you think would be better, Cast, Triple-DES, or
> IDEA?  UC2 uses MD5 hash for the two crypto-random numbers that it uses
> to encrypt useing Triple-DES.  PGP can do CAST, Triple-DES, or IDEA
> encryption, and I think I might be able to change the hash from SHA1 to
> MD5, but I'm not sure.  Anyway, which do you think is better?

MD5 is insecure. Don't use it. SHA1 is quite secure.

-Mathew


___
Chat mailing list
[EMAIL PROTECTED]
http://lists.freenetproject.org/mailman/listinfo/chat

Re: [freenet-chat] PGP signatures

[Aaron P Ingebrigtsen]

On Tue, 29 May 2001 08:18:13 -0400 (EDT) Aaron Guy Davies
<[EMAIL PROTECTED]> writes:
> On Mon, 28 May 2001, Aaron P Ingebrigtsen wrote:
> 
> > On Sat, 26 May 2001 14:05:40 -0400 (EDT) Aaron Guy Davies
> > <[EMAIL PROTECTED]> writes:
> > > 
> > > You obviously still don't understand PGP. Please go read the 
> manual.
> > 
> > I understand PGP pretty well, it is the GnuPG program I don't 
> understand.
> > 
> > The files I was talking about were generated by PGP, not made up 
> by my
> > imagination.  Also, I figured out that .sig files are detached 
> signatures
> > and require the file to which they were signed in order for them 
> to
> > decrypt properly or whatever.  So if you don't have krepat.txt 
> which
> > contains only the text "hello" then you would get some kind of 
> error. 
> > The .asc file though is the text file AND signature, which is 
> really what
> > I wanted in the first place. :)
> 
> The point is that PGP *signatures* have nothing to do with 
> encryption, and
> are only useful in conjunction with the document they were generated 
> from.
> A signature is basically a secure hash of the document it signs, 
> verifying
> that the document has not been changed since it was signed. They 
> don't
> encrypt anything, and they don't mean anything without a document. A 
> PGP
> *key* is what you're probably looking for. Public keys are what you 
> need
> if you want to encrypt a document for someone else to read. The 
> .asc
> files, if I remember correctly, contain the public key in text 
> format.

But the signature IS encrypted, otherwise you would be able to extract
the data no matter what file you point it at, and the text of the
signature would never change no matter what file or message you sign.  I
know the signature doesn't encrypt the message or file that you are
signing, that is a different function. 

I was wondering, which do you think would be better, Cast, Triple-DES, or
IDEA?  UC2 uses MD5 hash for the two crypto-random numbers that it uses
to encrypt useing Triple-DES.  PGP can do CAST, Triple-DES, or IDEA
encryption, and I think I might be able to change the hash from SHA1 to
MD5, but I'm not sure.  Anyway, which do you think is better?

GET INTERNET ACCESS FROM JUNO!
Juno offers FREE or PREMIUM Internet access for less!
Join Juno today!  For your FREE software, visit:
http://dl.www.juno.com/get/tagj.

___
Chat mailing list
[EMAIL PROTECTED]
http://lists.freenetproject.org/mailman/listinfo/chat

Re: [freenet-chat] PGP signatures

[Timm Murray]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tuesday 29 May 2001 07:18, Aaron Guy Davies said:
> On Mon, 28 May 2001, Aaron P Ingebrigtsen wrote:
> > On Sat, 26 May 2001 14:05:40 -0400 (EDT) Aaron Guy Davies
> >
> > <[EMAIL PROTECTED]> writes:
> > > You obviously still don't understand PGP. Please go read the manual.
> >
> > I understand PGP pretty well, it is the GnuPG program I don't understand.
> >
> > The files I was talking about were generated by PGP, not made up by my
> > imagination.  Also, I figured out that .sig files are detached signatures
> > and require the file to which they were signed in order for them to
> > decrypt properly or whatever.  So if you don't have krepat.txt which
> > contains only the text "hello" then you would get some kind of error.
> > The .asc file though is the text file AND signature, which is really what
> > I wanted in the first place. :)
>
> The point is that PGP *signatures* have nothing to do with encryption, and
> are only useful in conjunction with the document they were generated from.
> A signature is basically a secure hash of the document it signs, verifying
> that the document has not been changed since it was signed. 

<>

IIRC, a signature is a hash of the document, then encrypted by the private 
key, which can then be decrypted by the public key.  Normaly, you would 
encrypt with the public and decrypt with the private.  So, yes, it does do 
encryption.  It's just not of a kind which is useful for hiding information 
from those that aren't supposed to have it.

- -- 
Timm Murray

 . . . example of a mobious.  This sentance is an example of a mobious.  This 
sentance is an . . . 
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.5 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7E7Mv9FVoObiUQx8RAiEIAJ40+4fc03fLBOWBVzo6bRj3N2phsACg1Pc7
hr5E3++6KMn1qBRtf0E/BlI=
=jjGX
-END PGP SIGNATURE-

___
Chat mailing list
[EMAIL PROTECTED]
http://lists.freenetproject.org/mailman/listinfo/chat

Re: [freenet-chat] PGP signatures

[Aaron Guy Davies]

On Mon, 28 May 2001, Aaron P Ingebrigtsen wrote:

> On Sat, 26 May 2001 14:05:40 -0400 (EDT) Aaron Guy Davies
> <[EMAIL PROTECTED]> writes:
> > 
> > You obviously still don't understand PGP. Please go read the manual.
> 
> I understand PGP pretty well, it is the GnuPG program I don't understand.
> 
> The files I was talking about were generated by PGP, not made up by my
> imagination.  Also, I figured out that .sig files are detached signatures
> and require the file to which they were signed in order for them to
> decrypt properly or whatever.  So if you don't have krepat.txt which
> contains only the text "hello" then you would get some kind of error. 
> The .asc file though is the text file AND signature, which is really what
> I wanted in the first place. :)

The point is that PGP *signatures* have nothing to do with encryption, and
are only useful in conjunction with the document they were generated from.
A signature is basically a secure hash of the document it signs, verifying
that the document has not been changed since it was signed. They don't
encrypt anything, and they don't mean anything without a document. A PGP
*key* is what you're probably looking for. Public keys are what you need
if you want to encrypt a document for someone else to read. The .asc
files, if I remember correctly, contain the public key in text format.
-- 
____
   /  )  /  )
  /--/ __.  __  /  / __. , __o  _  _
 /  (_(_/|_/ (_(_) / / <_  /__/_(_/|_\/ <__http://lists.freenetproject.org/mailman/listinfo/chat

Re: [freenet-chat] PGP signatures

[Aaron P Ingebrigtsen]

On Sat, 26 May 2001 14:05:40 -0400 (EDT) Aaron Guy Davies
<[EMAIL PROTECTED]> writes:
> You obviously still don't understand PGP. Please go read the manual.

I understand PGP pretty well, it is the GnuPG program I don't understand.
 The files I was talking about were generated by PGP, not made up by my
imagination.  Also, I figured out that .sig files are detached signatures
and require the file to which they were signed in order for them to
decrypt properly or whatever.  So if you don't have krepat.txt which
contains only the text "hello" then you would get some kind of error. 
The .asc file though is the text file AND signature, which is really what
I wanted in the first place. :)

Anyway, maybe I'm just getting tired or something, I just don't want to
generate a new keypair with GnuPG when I already have a keypair that was
generated by PGP.

I can work with GnuPG, I guess, but it will be difficult for a little
while longer.

GET INTERNET ACCESS FROM JUNO!
Juno offers FREE or PREMIUM Internet access for less!
Join Juno today!  For your FREE software, visit:
http://dl.www.juno.com/get/tagj.

___
Chat mailing list
[EMAIL PROTECTED]
http://lists.freenetproject.org/mailman/listinfo/chat

Re: [freenet-chat] PGP signatures

[Aaron Guy Davies]

You obviously still don't understand PGP. Please go read the manual.

On Fri, 25 May 2001, Aaron P Ingebrigtsen wrote:

> So how about if everyone just uploads a signed file.  Like hello.txt
> which contains only the text "hello" which is then signed with your key
> and attached to the message.  Thats easy enough right?  Just name the
> file, like krepta.txt.sig, or krepta.txt.asc.
> 
> Here is my attached files.
> 
> This way a signature can easily be saved to disk, decrypted, verified,
> and added to the keyring. :)
> 
> I downloaded GnuPG For Win95 and I don't understand how to use it.  It
> won't let me add my keyrings, pubring.skr and secring.skr, to the GnuPG
> keyrings.  I have no idea how to use the thing.  It would be nice if it
> had a GUI, even just a DOS GUI would be nice.
> 
> On Fri, 18 May 2001 19:11:00 +0100 Leo Howell <[EMAIL PROTECTED]>
> writes:
> > On Thu, May 17, 2001 at 02:20:58PM -0700, Aaron P Ingebrigtsen 
> > wrote:
> > > I'm signing this message with my PGP signature.  I think that the
> > > signature is determined by the content of the message as well as 
> > the
> > > public key and passphrase.
> > 
> > Well, not quite. I have a private and public key (you can get my
> > public key from Freesite - it's not on the keyservers). When I sign
> > a message I use my passphrase to decrypt my private key (stored on
> > disk) and encrypt a hash of the message with it. This hash can only
> > be decrypted with my public key - not contained in the signature -
> > and you know the message is from me if
> > a) you can decrypt the hash and
> > b) The encrypted hash and a hash of the message you generate are
> > the same.
> > 
> > And BTW I use mutt which does funky MIME stuff with PGP that no one
> > else seems to be able to read ;-)
> > 
> > HTH,
> > Leo
> > 
> > -- 
> > Leo Howell   M5AKW
> > freenet:MSK@SSK@2vz8xnhEJyJOlBVNfBEOWaohQFEQAgE/freesite//
> > 
> > 

-- 
____
   /  )  /  )
  /--/ __.  __  /  / __. , __o  _  _
 /  (_(_/|_/ (_(_) / / <_  /__/_(_/|_\/ <__http://lists.freenetproject.org/mailman/listinfo/chat

Re: [freenet-chat] PGP signatures

[Leo Howell]

On Thu, May 17, 2001 at 02:20:58PM -0700, Aaron P Ingebrigtsen wrote:
> I'm signing this message with my PGP signature.  I think that the
> signature is determined by the content of the message as well as the
> public key and passphrase.

Well, not quite. I have a private and public key (you can get my
public key from Freesite - it's not on the keyservers). When I sign
a message I use my passphrase to decrypt my private key (stored on
disk) and encrypt a hash of the message with it. This hash can only
be decrypted with my public key - not contained in the signature -
and you know the message is from me if
a) you can decrypt the hash and
b) The encrypted hash and a hash of the message you generate are
the same.

And BTW I use mutt which does funky MIME stuff with PGP that no one
else seems to be able to read ;-)

HTH,
Leo

-- 
Leo Howell   M5AKW
freenet:MSK@SSK@2vz8xnhEJyJOlBVNfBEOWaohQFEQAgE/freesite//


 PGP signature

Re: [freenet-chat] PGP signatures

[Greg Wooledge]

Aaron P Ingebrigtsen ([EMAIL PROTECTED]) wrote:

> On Fri, 11 May 2001 19:40:46 -0400 Greg Wooledge <[EMAIL PROTECTED]>
> writes:

> > *Why*?  That's what your public key ring is for!

> But my keyring isn't public

You misunderstand.  Your "public key ring" is a file that contains the
public keys of everyone you care about (including yourself).  It's not
a "public (key ring)" -- rather, it's a "(public key) ring". ;-)

> > (Not to mention 
> > the
> > public key servers)

> nor is it updated from a central
> location to which all freenet chat users add thier public keys. 

There are public key servers which server keys to everyone -- this is
not a Freenet-specific service.

Michael Pedersen and I wrote an introductory cryptography HOWTO document
last year.  It never received very wide publicity, and it's far from
comprehensive.  Also, Michael (who was hosting the CVS depot as well as
the primary mirror of the web page) seems to have vanished -- or at least
his site is not responding.

I have a mirror of it at .  It covers
public key servers, as well as many other issues that might be of interest
to the novice.  (And I'm not that much beyond the "novice" stage myself!)

> Anyway, for some reason I can't add attached signatures to my
> keyring.  Only keys that are inline, like when I sign my messages. 
> In otherwords, Juno has no PGP plugin support so I have to use the
> clipboard for encrypting and decrypting messages, and unless the
> signature is part of the message text it won't work.  ARGH!

Sorry, I don't know Juno (or Windows MUAs in general).  Michael wrote
up instructions for Outlook Express and Juno, but I don't think they
cover PGP/MIME, only the old-fashioned "inline signatures" that you're
used to.

-- 
Greg Wooledge  |   "Truth belongs to everybody."
[EMAIL PROTECTED]  |- The Red Hot Chili Peppers
http://wooledge.org/~greg/ |

 PGP signature

Re: [freenet-chat] PGP signatures

[Aaron P Ingebrigtsen]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Fri, 11 May 2001 19:40:46 -0400 Greg Wooledge <[EMAIL PROTECTED]>
writes:
> Aaron P Ingebrigtsen ([EMAIL PROTECTED]) wrote:
> 
> > Could people just kind of post thier PGP signatures here?  It 
> would
> > be nice to have a list of everyone's PGP signatures under one
> > subject.
> 
> *Why*?  That's what your public key ring is for!  (Not to mention 
> the
> public key servers)

But my keyring isn't public, nor is it updated from a central
location to which all freenet chat users add thier public keys. 
Also, I don't know how to look up individuals on this list on any
keyserver.  I don't know if the email address they use for this list
is the same as the key they generated.  I would like to just be able
to add the keys of people I like or trust whenever I want to.  And
that is most easily done when messages are signed, right?

Anyway, for some reason I can't add attached signatures to my
keyring.  Only keys that are inline, like when I sign my messages. 
In otherwords, Juno has no PGP plugin support so I have to use the
clipboard for encrypting and decrypting messages, and unless the
signature is part of the message text it won't work.  ARGH!

So it would be nice if people would, just once in a while, make thier
public keys available to people like me who are haveing some
difficulties.

If this is too much to ask, fine.  Just go about your regular
business.

Aaron.

-BEGIN PGP SIGNATURE-
Version: PGP Personal Privacy 6.5.2

iQA/AwUBOwRDZCb1Cbdz0HdeEQJbyACcCHmIVlRByz9uwZwYVCeJlq1NBDsAoOXu
Zs17XoQOxeEjfoZtdKdWmFRx
=RTkL
-END PGP SIGNATURE-

GET INTERNET ACCESS FROM JUNO!
Juno offers FREE or PREMIUM Internet access for less!
Join Juno today!  For your FREE software, visit:
http://dl.www.juno.com/get/tagj.

___
Chat mailing list
[EMAIL PROTECTED]
http://lists.freenetproject.org/mailman/listinfo/chat

Re: [freenet-chat] PGP signatures

[Aaron P Ingebrigtsen]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Fri, 11 May 2001 21:50:59 +0100 Leo Howell <[EMAIL PROTECTED]>
writes:
> On Fri, May 11, 2001 at 11:30:46AM -0700, Aaron P Ingebrigtsen 
> wrote:
> > Could people just kind of post thier PGP signatures here?  It  
> would
> > be nice to have a list of everyone's PGP signatures under one
> > subject.  Or you could just put your PGP signature on all your
> > messages. :)
> 
> Umm, what would we be signing if we posted pgp sigs here? Do you 
> mean
> public keys?

You signed your message somehow didn't you?  For some reason I am
unable to open your pgp signature with my pgp program so that I can
add your public key to my keyring.  GRRR.

Anyway, I'm useing Juno, which doesn't support the Outlook Express
PGP plugins which you might or might not be useing.  I don't know.

I'm signing this message with my PGP signature.  I think that the
signature is determined by the content of the message as well as the
public key and passphrase.

If you can help me, that would be great. :)

-BEGIN PGP SIGNATURE-
Version: PGP Personal Privacy 6.5.2

iQA/AwUBOwRAsSb1Cbdz0HdeEQK4tQCfXkFQB/nPPP8s9C4ya6hVzhce76UAn0Gi
Huwp+jsjwilJwQ7iZ/PnYOHf
=Kgky
-END PGP SIGNATURE-

GET INTERNET ACCESS FROM JUNO!
Juno offers FREE or PREMIUM Internet access for less!
Join Juno today!  For your FREE software, visit:
http://dl.www.juno.com/get/tagj.

___
Chat mailing list
[EMAIL PROTECTED]
http://lists.freenetproject.org/mailman/listinfo/chat

Re: [freenet-chat] PGP signatures

[Greg Wooledge]

Aaron P Ingebrigtsen ([EMAIL PROTECTED]) wrote:

> Could people just kind of post thier PGP signatures here?  It would
> be nice to have a list of everyone's PGP signatures under one
> subject.

*Why*?  That's what your public key ring is for!  (Not to mention the
public key servers)

-- 
Greg Wooledge  |   "Truth belongs to everybody."
[EMAIL PROTECTED]  |- The Red Hot Chili Peppers
http://wooledge.org/~greg/ |

 PGP signature

Re: [freenet-chat] PGP signatures

[Leo Howell]

On Fri, May 11, 2001 at 11:30:46AM -0700, Aaron P Ingebrigtsen wrote:
> Could people just kind of post thier PGP signatures here?  It would
> be nice to have a list of everyone's PGP signatures under one
> subject.  Or you could just put your PGP signature on all your
> messages. :)

Umm, what would we be signing if we posted pgp sigs here? Do you mean
public keys?

-- 
Leo Howell   M5AKW
freenet:MSK@SSK@2vz8xnhEJyJOlBVNfBEOWaohQFEQAgE/freesite//


 PGP signature

[freenet-chat] PGP signatures

[Aaron P Ingebrigtsen]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Could people just kind of post thier PGP signatures here?  It would
be nice to have a list of everyone's PGP signatures under one
subject.  Or you could just put your PGP signature on all your
messages. :)

-BEGIN PGP SIGNATURE-
Version: PGP Personal Privacy 6.5.2

iQA/AwUBOvwvuib1Cbdz0HdeEQKLSgCfcrZI9pHYSU2nDWezIGlw0l3MLY0An2Sp
pLJ40ybrzotxGftg5g6mIcES
=58SR
-END PGP SIGNATURE-

GET INTERNET ACCESS FROM JUNO!
Juno offers FREE or PREMIUM Internet access for less!
Join Juno today!  For your FREE software, visit:
http://dl.www.juno.com/get/tagj.

___
Chat mailing list
[EMAIL PROTECTED]
http://lists.freenetproject.org/mailman/listinfo/chat