Title: Testing PGP signatures Post by: Sword Smith on May 17, 2013, 02:31:47 PM Hi! I am new to the PGP encryption and I would like to check it out. Could you please post a reply encrypted with my public PGP key which I link to in my signature?
Title: Re: Testing PGP signatures Post by: OpenYourEyes on May 17, 2013, 05:16:40 PM -----BEGIN PGP MESSAGE-----
Version: GnuPG v2.0.20 (GNU/Linux) hQEMA7Chpuqzw9ueAQf/akQJ8wk0Xo+ZiyOgjtFFadJuT2PDluB2qd8/vuz2E+Fb 1ymlzu/nHHrGx2R4Y8DA+EuhCgqCLniGnj0sFLQdToYeF1G/HyC0C/FUWIpmilyg SodJToogOaCtLY2M0Ea20utOntx4QpzcTLzHyUgEmye915p6ey+3HYthXMiQ/2nQ 0asrS0PngECGhJY8fAoqMq5rHV64M19PTuEbIVl7+VA5seyVGvE2vrr+5n0vqHDa q0zt+6LfHKwfH5ecvqF0QcEH8qx4qkZ6Zva5l1E55QdkUi5Yvf0LV4Ss6PHvwHPW q9CQlWlf/fC0AWww2+fXy0kL49vJZfDcNfYZFmpJINJTAVOquuOSOAs8jnTEo/Ug lNE1IqJoaePAEs7voP7DX3rEXKpVqb/6j4JE4rIAyeF09M8Hpyzbh0Xq534sWi8U SCd399ULF0XDjSDW+t1kTChNTMQ= =gNFM -----END PGP MESSAGE----- If you want to try an encrypted one back see sig. Title: Re: Testing PGP signatures Post by: Sword Smith on May 17, 2013, 05:28:25 PM -----BEGIN PGP MESSAGE-----
Version: GnuPG v2.0.20 (MingW32) hQEMA86s4958VTYdAQf/YVJ7VOTt60X8kLku17OKBs1xSZi7OWXtVa+edllNxwps R7rxr6zjH9dqo1mStelgpCjDSWYe0jECcDdonBHs4H7igCcbHhTqE+HuSm9WKk1t ba/IzbDX1kcgTlW63ckK49XB9nKvhQbzWL4K/PXtetK6sN1WohlZA9bDA8+ojSzO +bP2DjZ1nMV0cglCTQT/n3/7fq2USI8l10NVr/kq/+vt5behf7HD3edzQBobcXoa +kvIy4Wn4787Y9wRMOxesrRb/sg73CNCBJgmHlUty974uG5jVn/iwFnHjpqG2ySG 1uj8N3oO+OlJY6yJc7JyhKzIIfwtLuFh6ab7uSHZEdKhASAzRvDCkL1ol45tszYU 0uJIArD/kNPxaxiVir7s82NKm54OnZ9Ukul8GgiDZljkiDu8rT6ZJb01H7RQtASZ kRuN7GtfI3Zl2l3m377W6YATVW1u6kKO5bBXnOezhh9X0eybrTJ7AzbU9YUpZpju FbN2Lb9g7ng0/1UMiKMNXSYsJ0QaTAqwm9fsakcXYePyqzkKvA0JV+j13n/GdR++ NXg= =mm8z -----END PGP MESSAGE----- Title: Re: Testing PGP signatures Post by: OpenYourEyes on May 17, 2013, 05:29:21 PM :) They most definitely will.
Title: Re: Testing PGP signatures Post by: Sword Smith on May 17, 2013, 05:38:04 PM :) They most definitely will. What does the signature (FBF52716) mean? Is it some kind of hash of your public key and what is the best place to upload your public PGP key?Title: Re: Testing PGP signatures Post by: OpenYourEyes on May 17, 2013, 06:26:28 PM :) They most definitely will. What does the signature (FBF52716) mean? Is it some kind of hash of your public key and what is the best place to upload your public PGP key?Yours for that key is: 8FC8E099 (sometimes you may need to add 0x to the beginning of it) In Linux you can get it by entering: gpg -k to view all your keys. If you wanted to import mine, you could either do it manually (like you did before), or just enter gpg --recv-keys FBF52716 You can upload them to: http://pgp.mit.edu/ https://keyserver.pgp.com/vkd/GetWelcomeScreen.event They will eventually propagate to all PGP servers. You can also use my key id to search for my keys on the above sites, or search by my name, username, etc. Title: Re: Testing PGP signatures Post by: Sword Smith on May 17, 2013, 08:31:52 PM :) They most definitely will. What does the signature (FBF52716) mean? Is it some kind of hash of your public key and what is the best place to upload your public PGP key?Yours for that key is: 8FC8E099 (sometimes you may need to add 0x to the beginning of it) In Linux you can get it by entering: gpg -k to view all your keys. If you wanted to import mine, you could either do it manually (like you did before), or just enter gpg --recv-keys FBF52716 You can upload them to: http://pgp.mit.edu/ https://keyserver.pgp.com/vkd/GetWelcomeScreen.event They will eventually propagate to all PGP servers. You can also use my key id to search for my keys on the above sites, or search by my name, username, etc. Title: Re: Testing PGP signatures Post by: OpenYourEyes on May 18, 2013, 12:35:20 AM :) They most definitely will. What does the signature (FBF52716) mean? Is it some kind of hash of your public key and what is the best place to upload your public PGP key?Yours for that key is: 8FC8E099 (sometimes you may need to add 0x to the beginning of it) In Linux you can get it by entering: gpg -k to view all your keys. If you wanted to import mine, you could either do it manually (like you did before), or just enter gpg --recv-keys FBF52716 You can upload them to: http://pgp.mit.edu/ https://keyserver.pgp.com/vkd/GetWelcomeScreen.event They will eventually propagate to all PGP servers. You can also use my key id to search for my keys on the above sites, or search by my name, username, etc. That way, if someone gets hold of your keys, they'd have to know the pass phrase associated with it to do any thing with. Using an offline computer is one way to go, but every time you want to sign/encrypt/decrypt a message, you'll have to put the file on a USB, boot up the offline computer, run PGP, put the encrypted/sign file back on the USB, and back onto you're online computer. Worth doing for a Bitcoin wallet, but is overkill for something like this IMO, unless you are dealing with sensitive data or you are of importance. If you want to back it up, which I suggest, you could create a QR barcode of it (best to do it offline, but can be done online like here (http://www.the-qrcode-generator.com/#/)), you could then print that and store it somewhere safe. Quite easy to import then. I use OpenSSL on Linux to encrypt all my files, so my knowledge of Windows tools is not that great, but TrueCrypt is an option, you could then email yourself the encrypted file. If you key ever does get compromised, you can revoke it and attach your new key to it. To do this you need to create a key revocation certificate. This is just basically a certificate you create, store some where safe and never have to touch again, until you need to revoke it, which you do by uploading it to a PGP key server. When it sees this special certificate, it basically broadcasts a message to all key servers saying "my key is compromised, do not use or trust it, here is my new one". Have a read of this: http://www.pgp.net/pgpnet/pgp-faq/pgp-faq-key-revocation.html This is a great very short guide to PGP in general that helped me a lot: http://aplawrence.com/Basics/gpg.html |