tmsr - Search: pgp

1000+ entries in 0.365s

phf: took me a while to figure out why my pgp key doesn't decrypt

fromphuctor: Looks like it's going to take me a while to get up to speed on pgp. Is there even a way to minimally wrap an RSA public key without entering name and info fields?

fromphuctor: Would be nice to paste in SSH keys too, not just PGP.

fromphuctor: GPG is just an implementation of PGP

fromphuctor: Ah, so I should have been searching for PGP not GPG

mircea_popescu: it entirely subverts pgp. and i don't believe it to be accidental either.

asciilifeform: ... it would be displayed as latest; folks who -receive-key longfp would end up with it; all known pgp clients - happily encipher to it; etc.

asciilifeform: btw does mircea_popescu know what would happen if a pgp key with his main key but new magical subkey were generated and posted to sks ? ☟︎

asciilifeform: ^ this may actually be practical with pgp

Framedragger: let's particularize: hpa's parent key was embedded in the pgp wot (whether the latter is worth anything is a *separate* point) which people trusted. then, hpa's child key appears, and it's not properly signed by hpa's parent key, the latter being trusted prior. maybe the sig is not there, maybe the sig is invalid, whatever. child key gets rejected. this scheme in itself is not circular, and it *worked*.

asciilifeform: this incidentally is why phuctor had been a depressing thing for me. the thing i set out to find, i never found (evidence of diddled rng on pgp users' boxes.) ☟︎

asciilifeform: did i ever say the pgp format shouldn't burn ?

asciilifeform: thing is, pgp key includes more info than simply 'modulus, email'

asciilifeform: mircea_popescu: phuctor is, originally, ~specifically~ about pgp keys, ~verbatim~, as found in the wild forest. any other thing will have to be a new gadget.

Framedragger: asciilifeform: ah wait lol: i'd be parsing ssh rsa keys, not pgp keys - different format - though also base64 etc. i'll check!

asciilifeform: using what pedigree there actually is - e.g., mircea_popescu's signed pgp tarball - is part of this.

asciilifeform: moxie m pushes shitphones. and ssl monkey tricks. and 'pgp is obsolete'.

mod6: gotta add one last part before we can really use it in here; get it a pgp key, register it with deedbot, then build in functions to selfvoice

a111: Logged on 2016-06-06 15:54 jurov: Yes. just pgp sign the text "I agree."

jurov: Yes. just pgp sign the text "I agree." ☟︎

asciilifeform: spandrell: you are encouraged to return with pgp key.

mircea_popescu: make a pgp wouldja.

mircea_popescu: so the way this channel works is that you register your pgp signature with the bot ; and then you can maintain an identity. otherwise anyone can "be" spandrell

mircea_popescu: ok. do you know what pgp is ?

mircea_popescu: incidentally, do you have a pgp key ?

asciilifeform: mircea_popescu: reminds me, one of the core idiocies of the pgp armour format is that it conceals screaming braindamage just fine

asciilifeform: mircea_popescu: 'unwashed herd avoids pgp like soap' is hard to square with 'the vast majority of pgp pubkeys date to that period'... no?

a111: Logged on 2016-06-03 12:12 mircea_popescu: http://btcbase.org/log/2016-06-03#1475422 << that the herd is instinctively repelled by pgp, much like soap, so it's perfectly possible NOBODY uses some arbitrary windows offering. much like in the "creative writer and activist"'s house, the broom's not nearly as worn down as the mirror.

asciilifeform: http://btcbase.org/log/2016-06-03#1475482 << '90s were the era of mindless 'cipherpunk', pgp was 'the mirror' rather than 'the broom', mountains of pubkeys from that era ☝︎

mircea_popescu: http://btcbase.org/log/2016-06-03#1475422 << that the herd is instinctively repelled by pgp, much like soap, so it's perfectly possible NOBODY uses some arbitrary windows offering. much like in the "creative writer and activist"'s house, the broom's not nearly as worn down as the mirror. ☝︎☟︎

asciilifeform: http://btcbase.org/log/2016-06-03#1475427 << briefly returning to this thread, there is a remaining possibility - that at one point there were ~many more~ phuctorable pubkeys extant, but most were somehow purged, 'accidented' from sks. with that in mind i would ask for whosoever might know of a historic (1990s vintage) archive of pgp keyz. ☝︎

a111: Logged on 2016-06-02 18:50 asciilifeform: mircea_popescu: if all it is, is a tarball of crud, i can pry out the pgp keyz myself

shinohai: http://btcbase.org/log/2016-06-02#1475232 <<< was this where you wanted the pgp keys extracted from https://www.gwern.net/Black-market%20archives ? ☝︎

asciilifeform: mircea_popescu: if all it is, is a tarball of crud, i can pry out the pgp keyz myself ☟︎

deedbot: [Recent Phuctorings.] Phuctored: 30421 divides RSA Moduli belonging to 'Jurov (Test of SSH->PGP RSA pubkey convertor #2 - purposedly b0rkt); ' - http://phuctor.nosuchlabs.com/gpgkey/D52511520F8C3A1153E5FF232315A740A39CB20508CA953A0B0A9B5A62EBA6C9

Framedragger: so wikipedia sux and sometimes you need to glance at it, the way a hasty businessman glances at a dubitable street food stand in a foreign city. sometimes the temporary "before pgp xamarin something" solution is to glance at that damn wikipedia. what of it

asciilifeform: i have not been tuned in.. mircea_popescu, how is the experiment in driving all-comers to pgp coming along ?

a111: Logged on 2016-05-30 15:48 diana_coman: well, a pgp message at this point quite serves as that letter I guess

asciilifeform: and pgp is liable to resolve to 'build it'.

asciilifeform: if you can't pgp you are a beast of the field.

diana_coman: well, a pgp message at this point quite serves as that letter I guess ☟︎

asciilifeform: it is a means of authentication almost as good as pgp.

asciilifeform: that is, have pgp key.

mircea_popescu: vc it sends you a link, it contains a pgp encrypted thing, you decrypt it and feed it back as $v blabla

mircea_popescu: do you have a pgp key ?

asciilifeform: ^ sorta how i imagine mircea_popescu's pgp laptop to look like.

Framedragger: seems that their current key is different fwiw: https://www.apple.com/support/security/pgp/ ?

asciilifeform: 'PGP digital Key signing tool' ??

shinohai: Almost there, @StartJOIN pitch almost ready, an Open Source PGP digital Key signing tool that we're after funding to add new features"

mircea_popescu: lmao omfg. dude published the 2012 census with a pgp (v2.0!) 1kb rsa key ; and he claims to be inspired by... XKCD!!! to do a fucking hilbert curve. omfg the unit-square covering discussions were all in vain, xkcd is the source.

mircea_popescu: honestly asciilifeform i'd much rather if phuctor held a table consisting of e,N,comment,pgp_crud1,pgp_crud2,etc. should be indexed by hash of first three fields. should not depend on the trailing fields existing

jurov: yes. and also (so far) faulty implemention of CSV -> PGP pubkey

jurov: just PGP public key

jurov: no, pgp rfc4880 format

mircea_popescu: principally in the form of "keys aren't pgp format, but tmsr format, of which ssh, pgp and others are idiotic restatements"

mircea_popescu: that may be ; but the problem here is that politically, we do not wish to recognize rsa is owned by pgp.

asciilifeform: the thing is pretty solidly congealed around pgp.

asciilifeform: 2) hash of moduli AS THEY APPEAR IN PGP FORMAT

asciilifeform: 1) pgp fp (64bit)

asciilifeform: no it is also a pgp key turd, that is re-parsable to obtain all of these

asciilifeform: mircea_popescu: yes. but when a key is phuctored, it expects to find the fields associated with a pgp key in the requisite db table.

mircea_popescu: so there were three : get the github keys - jurov did it ; get the ssh server/router spidering going, and convert. iirc nobody was doing this ; get pgp keys out of the gwen / sr dump. punkman was hm where is he.

asciilifeform: phuctor is hard-built in 1,01 ways around pgp format.

asciilifeform: mircea_popescu: recall the pgp in js demo ?

mircea_popescu: but speaking of reddit, check out how famous asciilifeform is : https://www.reddit.com/r/programming/comments/4hcvvi/200_pgp_keys_and_counting_publicly_broken/

mircea_popescu: actually come to think of it, someone should write code to turn standard base64 (like comes out of pgp armor etc) into text. have a nice markov-based state machine with a large-ish dictionary and a syntax/grammar checker.

mircea_popescu: the pgp permissioning being perhaps the trickiest part of it all. but ideally iut'd work like

mircea_popescu: mod6 how about if there was a ticket bot ; and we had a website, a la deedbot.org, where tickets could be seen ; and we had acess control based on pgp, so that either world, lordship, or specified people can see a particular ticket set ?

asciilifeform: https://www.pgpru.com/servisy/packetdump << they have a pgp packet dumper, but it seems to barf on anything i give it

asciilifeform: ERROR: cannot verify pgp.key-server.ioâs certificate, issued by â/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 1 Primary Intermediate Server CAâs authority.

asciilifeform: Connecting to pgp.key-server.io|67.205.56.66|:443... connected.

asciilifeform: Resolving pgp.key-server.io... 67.205.56.66, 2607:f298:6050:6f81:f816:3eff:fec4:e651

alikim: I have 4 computers and a life and I live with normal people, if you go on them like "I lost my pgp key, I lost my life" they suggest you visit a doctor.. or get laid and drunk in any order

asciilifeform: i'm also lulzing re how nobody seems to know about the old pgp standard where fp was bottom n bits of the mod

mircea_popescu: punkman pgp keys and key ratings, ie the wot, most valuable thing in there imo.

asciilifeform: unless want to generate a pgp 'box' for them.

mircea_popescu: a) it should be downloaded anyway ; b) contains pgp keys.

asciilifeform: (or closed pgp for that matter)

asciilifeform: considering that we'll be jettisoning the pgp format.

mircea_popescu: but what does the site say ? PGP key (mirror; fingerprint: 89C588CC; my old key, F7E5D682, is no longer usable)

asciilifeform: https://www.google.com/#tbs=li:1&q=%22-----BEGIN+PGP+PRIVATE+KEY+BLOCK-----%22+site:pastebin.com

mircea_popescu: ;;google site:pastebin.com "BEGIN PGP"

mircea_popescu: nice. so then let all these things converge. the server ssh keys ; the user ssh keys ; the pgp keys and the 8ball werker.

asciilifeform: (and does it actually make sense to phuctor them ~together~ with pgp keyz?)

asciilifeform: technically there is no need to convert them to pgp format

mircea_popescu: there already exists a "various ssh formats" conversion ; need to bolt on base16/10 number and pgp format.

asciilifeform: and pgp update key.

mircea_popescu: pgp has been ever since late 90s it seems.

a111: Logged on 2016-05-03 23:09 mircea_popescu: in other lulz, http://archive.is/pgp.mit.edu << full archive of the keys as found in situ

mircea_popescu: in other lulz, http://archive.is/pgp.mit.edu << full archive of the keys as found in situ ☟︎

ascii_butugychag: at long last, https://www.reddit.com/r/programming/comments/4hcvvi/200_pgp_keys_and_counting_publicly_broken/d2qvzma

mircea_popescu: you seriously should make a proper nick and register your pgp with deedbot.

mircea_popescu: i put it on my pgp page on trilema,. forgot all abpout it, now stumbled on it all over again

mircea_popescu: so isn't this pretty much 99% of bignum->rsa in pgp format ?

asciilifeform: mircea_popescu: https://www.reddit.com/r/sysadmin/comments/4hhd9p/psa_you_may_want_to_check_your_pgp_keys_and_keys/d2pqq41 << lel

fromphuctor___: thanks... would the phuctor checker work with non PGP keys, if i correctly converted an RSA key to the required format?

mircea_popescu: fromphuctor__ yes but phuctor currently eats rfc 4880 format, owing to its history as a pgp key checker.

mircea_popescu: steffen you gotta make sure your pgp is actual protocol-strength rsa not merely promise-strength rsa tho.

asciilifeform: mircea_popescu: pgp really took off in de, it seems

steffen: being a german myself, yes, and that's where I thought pgp added a nice sense of privacy to interested parties no matter the government