GnuPG - signed Telefax communication
Hi all, If people have a modern Telefax machine, have you ever tried out to send a GnuPG signed Fax? I was thinking about the following: One prepares his message in the following way: ---begin message--- Message. --end message--- Then saves the message, detach signs it and converts the detached signature as QR-code which is put then also on the Fax document, while the receiver then OCR scans the document and decodes the QR-code. The --begin etc. markers should be used to detect where the OCR scanned document begins and ends to have later a good signature. Well, just a thought. Regards Stefan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG - signed Telefax communication
On Fri, 2022-01-14 at 16:42 +, Стефан Васильев via Gnupg-users wrote: > The --begin etc. markers should be used to detect where > the OCR scanned document begins and ends to have later > a good signature. If you are relying on OCR to reconstitute a bitwise-perfect message (because that's the only way a signature will validate) then you're asking for trouble, unless you're using a very restricted character set with at most one whitespace codepoint. > the receiver then OCR scans the document and decodes the QR-code If QR is an option, why not encode the entire message in QR? A signature.asc Description: This is a digitally signed message part ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG - signed Telefax communication
On 1/14/2022 at 11:46 AM, "Стефан Васильев via Gnupg-users" wrote:Hi all, If people have a modern Telefax machine, have you ever tried out to send a GnuPG signed Fax? = You can simply armor sign the message. Don't bother with the 'begin' and 'end' part, it can be added on the receiving end. OCR it into telefax and send. I have never done this, and the few times I have tried similar things, the OCR always made mistakes. Anyone used an OCR program that reliably could get a page of gnupg block ciphertext Without mistakes ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG - signed Telefax communication
Andrew Gallagher wrote: On Fri, 2022-01-14 at 16:42 +, Стефан Васильев via Gnupg-users wrote: The --begin etc. markers should be used to detect where the OCR scanned document begins and ends to have later a good signature. If you are relying on OCR to reconstitute a bitwise-perfect message (because that's the only way a signature will validate) then you're asking for trouble, unless you're using a very restricted character set with at most one whitespace codepoint. Maybe one could use a character, like a + or * etc., as whitespace. The idea is to use a Telefax machine for endpoint security, with an offline usage PC, which for example gpg4win is ideal for. the receiver then OCR scans the document and decodes the QR-code If QR is an option, why not encode the entire message in QR? I thought about that too, but in case the document would be several pages long and would not fit into a QR-code. Ok, one can split the large document and insert then several QR-codes into one Fax page. Regards Stefan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG - signed Telefax communication
ved...@nym.hush.com wrote: On 1/14/2022 at 11:46 AM, "Стефан Васильев via Gnupg-users" wrote: Hi all, If people have a modern Telefax machine, have you ever tried out to send a GnuPG signed Fax? = You can simply armor sign the message. Don't bother with the 'begin' and 'end' part, it can be added on the receiving end. OCR it into telefax and send. I have never done this, and the few times I have tried similar things, the OCR always made mistakes. Anyone used an OCR program that reliably could get a page of gnupg block ciphertext Without mistakes The only reliable OCR software I have found in the past was a Windows PC software, which gave 100 percent correct results. I used that for a scanned document, from a printed page. Maybe base32, for example, would be a good candidate, when used only with uppercase or only lowercase letters. http://www.boxoft.com/free-ocr/ Regards Stefan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG - signed Telefax communication
On 14/01/2022 17:54, Стефан Васильев wrote: > > The idea is to use a Telefax machine for endpoint security, with > an offline usage PC, which for example gpg4win is ideal for. Would it not be simpler to use a modem? > I thought about that too, but in case the document would be several > pages long and would not fit into a QR-code. Ok, one can split the > large document and insert then several QR-codes into one Fax page. The largest standard QR code can hold just under 3kB of data in a single image. If you need more than that you would probably have to split across multiple sheets no matter what encoding system you choose. A OpenPGP_signature Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG - signed Telefax communication
Andrew Gallagher wrote: On 14/01/2022 17:54, Стефан Васильев wrote: The idea is to use a Telefax machine for endpoint security, with an offline usage PC, which for example gpg4win is ideal for. Would it not be simpler to use a modem? Good question. My thought was that Telefax is still used, among lawyers, doctors, business folks etc., and brand-new Fax machines can be bought on Amazon etc. I thought about that too, but in case the document would be several pages long and would not fit into a QR-code. Ok, one can split the large document and insert then several QR-codes into one Fax page. The largest standard QR code can hold just under 3kB of data in a single image. If you need more than that you would probably have to split across multiple sheets no matter what encoding system you choose. Yes, do you know of any QR-code software (open source) which could do that task automatically, i.e. split a large (encoded) message into several QR-codes and reassemble later? Regards Stefan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG - signed Telefax communication
On 14/01/2022 18:22, Стефан Васильев wrote: >> Good question. My thought was that Telefax is still used, among > lawyers, doctors, business folks etc., and brand-new Fax machines > can be bought on Amazon etc. +1 for obsolescence! Beware of course that fax machines are VERY noisy, and analogue lines are increasingly routed over VOIP, so if you're using this as some kind of off-grid technique you're not going to get very far. > Yes, do you know of any QR-code software (open source) which could > do that task automatically, i.e. split a large (encoded) message into > several QR-codes and reassemble later? I don't know about QR codes, but splitting a single file into multiple parts of a given size and reassembling them again can be done with the venerable unix utilities `split` and `cat`. A OpenPGP_signature Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG - signed Telefax communication
Andrew Gallagher wrote: On 14/01/2022 18:22, Стефан Васильев wrote: Good question. My thought was that Telefax is still used, among lawyers, doctors, business folks etc., and brand-new Fax machines can be bought on Amazon etc. +1 for obsolescence! Beware of course that fax machines are VERY noisy, and analogue lines are increasingly routed over VOIP, so if you're using this as some kind of off-grid technique you're not going to get very far. Well, but what I personally like about using a Fax machine is, that you get a Fax report, can archive the Fax as a paper document, have in the Fax header your data defined and can use with GnuPG a free-form UID explicitly used for the Fax telephone number. And it is IMHO more decentralized and personal, compared to email usage, when signing up for an email service. And you don't need a MUA :-). Yes, do you know of any QR-code software (open source) which could do that task automatically, i.e. split a large (encoded) message into several QR-codes and reassemble later? I don't know about QR codes, but splitting a single file into multiple parts of a given size and reassembling them again can be done with the venerable unix utilities `split` and `cat`. Ok, I have to check this out and as a Windows solution, because it is the most widely used OS. Maybe an idea for Werner and his commercial version of GnuPG Desktop. Regards Stefan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG - signed Telefax communication
On Fri, 14 Jan 2022 17:54:56 + Стефан Васильев via Gnupg-users wrote: > > If QR is an option, why not encode the entire message in QR? > > I thought about that too, but in case the document would be several > pages long and would not fit into a QR-code. Ok, one can split the > large document and insert then several QR-codes into one Fax page. I've experimented with using QR codes with OpenPGP on-and-off… mostly as a mechanism for sharing the public keys: the idea being that you could have business cards printed up with the back side containing a QR code of your public key (not a fingerprint, the actual key). In my experience, it is very hard to get the big and complex QR codes to scan reliably. Some of the QR codes used for COVID-19 contact tracing and vaccination status _really_ push the limits -- with those largish codes often failing to scan. ECC keys could be made small enough to have a snowflake's chance in hell of working. 4096-bit RSA was a no-go. There are schemes for encoding an image for printing onto a piece of paper and later scanning it back in to recover the original data. QR code is obviously a more recent option, but was not the first. These may be worth pursuing. -- Stuart Longland (aka Redhatter, VK4MSL) I haven't lost my mind... ...it's backed up on a tape somewhere. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG - signed Telefax communication
Stuart Longland wrote: On Fri, 14 Jan 2022 17:54:56 + Стефан Васильев via Gnupg-users wrote: > If QR is an option, why not encode the entire message in QR? I thought about that too, but in case the document would be several pages long and would not fit into a QR-code. Ok, one can split the large document and insert then several QR-codes into one Fax page. I've experimented with using QR codes with OpenPGP on-and-off… mostly as a mechanism for sharing the public keys: the idea being that you could have business cards printed up with the back side containing a QR code of your public key (not a fingerprint, the actual key). In my experience, it is very hard to get the big and complex QR codes to scan reliably. Some of the QR codes used for COVID-19 contact tracing and vaccination status _really_ push the limits -- with those largish codes often failing to scan. ECC keys could be made small enough to have a snowflake's chance in hell of working. 4096-bit RSA was a no-go. Thanks for sharing your experience, much appreciated! There are schemes for encoding an image for printing onto a piece of paper and later scanning it back in to recover the original data. QR code is obviously a more recent option, but was not the first. These may be worth pursuing. Would you like to explain a bit such schemes? I am aware, for example, that GnuPG on a mini offline laptop can beat *all* smartphone crypto messenger, when it comes to endpoint security, when used with a dumb phone with a USB port and while sending GnuPG MMS messages. All users need for that is a software from GitHub, which can convert GnuPG messages to .png images and back. Simply search there for 'imgify'. Regards Stefan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG - signed Telefax communication
On Fri, 14 Jan 2022 20:50:57 + Стефан Васильев wrote: > Stuart Longland wrote: > > > On Fri, 14 Jan 2022 17:54:56 + > > Стефан Васильев via Gnupg-users wrote: > > > >> > If QR is an option, why not encode the entire message in QR? > >> > >> I thought about that too, but in case the document would be several > >> pages long and would not fit into a QR-code. Ok, one can split the > >> large document and insert then several QR-codes into one Fax page. > > > > I've experimented with using QR codes with OpenPGP on-and-off… mostly > > as a mechanism for sharing the public keys: the idea being that you > > could have business cards printed up with the back side containing a QR > > code of your public key (not a fingerprint, the actual key). > > > > In my experience, it is very hard to get the big and complex QR codes > > to scan reliably. Some of the QR codes used for COVID-19 contact > > tracing and vaccination status _really_ push the limits -- with those > > largish codes often failing to scan. > > > > ECC keys could be made small enough to have a snowflake's chance in > > hell of working. 4096-bit RSA was a no-go. > > Thanks for sharing your experience, much appreciated! > > > There are schemes for encoding an image for printing onto a piece of > > paper and later scanning it back in to recover the original data. QR > > code is obviously a more recent option, but was not the first. These > > may be worth pursuing. > > Would you like to explain a bit such schemes? I am aware, for example, > that GnuPG on a mini offline laptop can beat *all* smartphone crypto > messenger, when it comes to endpoint security, when used with a dumb > phone with a USB port and while sending GnuPG MMS messages. All > users need for that is a software from GitHub, which can convert GnuPG > messages to .png images and back. Simply search there for 'imgify'. https://github.com/dmshaw/paperkey/ is one such scheme, intended for making a private key back-up. It could probably be adapted to store arbitrary data. There may be others, I just can't put my finger on them now. -- Stuart Longland (aka Redhatter, VK4MSL) I haven't lost my mind... ...it's backed up on a tape somewhere. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG - signed Telefax communication
On 2022-01-14 at 16:42 +, Стефан Васильев wrote: > Hi all, > > If people have a modern Telefax machine, have you ever > tried out to send a GnuPG signed Fax? > > I was thinking about the following: > > One prepares his message in the following way: > > ---begin message--- > > Message. > > --end message--- > > Then saves the message, detach signs it and converts the > detached signature as QR-code which is put then also on > the Fax document, while the receiver then OCR scans the > document and decodes the QR-code. What's wrong with simply using a PGP clearsign signature? -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Dear Mr Васильев I hereby send you this signed document with the information you requested: Gur nggnpx jvyy or ynhapurq ba fvkgu Whar Yours faithfully -BEGIN PGP SIGNATURE- iIcEARYIAC8WIQQCizm6L17e6dtQkgGnASDnmmvMqAUCYeH06xEcYW5nZWxAMTZi aXRzLm5ldAAKCRCnASDnmmvMqL6LAP9TIWvEqVFLAPbAZWqCegFvO2KEp/44ovJu XpE9FoZqiQD/U4Xz0ePZJNThyxzJuNwVyh8C2Iz3Kw3DFpYf3vF68Aw= =ZQiA -END PGP SIGNATURE- Of course, you need to properly OCR the signature, but you already need to properly OCR all the text anyway. (Hint: the final checksum may help). The font choice could be helpful in getting good OCR results as well. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG - signed Telefax communication
Ángel wrote: On 2022-01-14 at 16:42 +, Стефан Васильев wrote: Hi all, If people have a modern Telefax machine, have you ever tried out to send a GnuPG signed Fax? I was thinking about the following: One prepares his message in the following way: ---begin message--- Message. --end message--- Then saves the message, detach signs it and converts the detached signature as QR-code which is put then also on the Fax document, while the receiver then OCR scans the document and decodes the QR-code. What's wrong with simply using a PGP clearsign signature? I tried in the past to OCR scan armored GnuPG payloads, but it introduced errors in some characters. And in case this happens to others, how can users not having the original digital document correct then errors? If this works 100 percent reliable for you, you could explain the required (standard) settings for printed/scanned documents. Regards Stefan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG - signed Telefax communication
On Fri, 14 Jan 2022 22:32:49 + Стефан Васильев wrote: > Ah ok, you referred to encoding key material. Not explicitly… as I said, you may be able to adapt that other project to store other things (e.g. the digitally signed documents discussed). > I just did a quick look and found this, which I may explore a little. > > http://ronja.twibright.com/optar/ That sounds like a better tool. I didn't quite manage to pull that up with my search queries before. -- Stuart Longland (aka Redhatter, VK4MSL) I haven't lost my mind... ...it's backed up on a tape somewhere. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG - signed Telefax communication
Stuart Longland wrote: On Fri, 14 Jan 2022 20:50:57 + Стефан Васильев wrote: Would you like to explain a bit such schemes? I am aware, for example, that GnuPG on a mini offline laptop can beat *all* smartphone crypto messenger, when it comes to endpoint security, when used with a dumb phone with a USB port and while sending GnuPG MMS messages. All users need for that is a software from GitHub, which can convert GnuPG messages to .png images and back. Simply search there for 'imgify'. https://github.com/dmshaw/paperkey/ is one such scheme, intended for making a private key back-up. It could probably be adapted to store arbitrary data. There may be others, I just can't put my finger on them now. Ah ok, you referred to encoding key material. I just did a quick look and found this, which I may explore a little. http://ronja.twibright.com/optar/ Regards Stefan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG - signed Telefax communication
On 2022-01-14 at 22:39 +, Стефан Васильев via Gnupg-users wrote: > > What's wrong with simply using a PGP clearsign signature? > > I tried in the past to OCR scan armored GnuPG payloads, but > it introduced errors in some characters. And in case this > happens to others, how can users not having the original digital > document correct then errors? > > If this works 100 percent reliable for you, you could explain the > required (standard) settings for printed/scanned documents. > > Regards > Stefan I don't claim it at all. I don't think I have even tried a scan + OCR in the last decade. However, without a proper text ocrring, you wouldn't be able to import the message content, either. Regards ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users