The BCT PGP/GPG Public Key Database: Stake Your PGP Key Here

[nutildah]

His key is a work of art. 

 

Ploni embedded the text string "bitcointalk.org u=2778290" as one of the user IDs of the public key.  If you use Windows and Kleopatra to import the public key you'll see this list of user IDs:

I did import the key and noticed that, but its still not the same thing as providing a signature along with the key. It is extremely compelling rationale that the public key belongs to this user but there is no substitution for producing a signature from the corresponding private key.

[1715228718]

1715228718

[1715228718]

1715228718

[1715228718]

1715228718

[1715228718]

1715228718

[DireWolfM14]

His key is a work of art.  

 

I know, right?  Was this just an excuse for nullius to gush over his own genius?  He sure does seem proud of himself, lol!

I did import the key and noticed that, but its still not the same thing as providing a signature along with the key. It is extremely compelling rationale that the public key belongs to this user but there is no substitution for producing a signature from the corresponding private key.

In technical terms, nullius is right, but I agree with you.  The point nullius is missing is that here, on this site on of the practical purposes of staking a GPG key is not only to claim ownership of the key, but to couple the key with your forum account.  It's a security measure that could come in very handy if the account was ever hacked.  

At this point there is no proof that Ploni has access to the secret key, or the ability to sign a message with it.  Anyone can create a GPG key and embed any user name they want into it, but the fact that Spartacus Ploni posted the key and it has his forum ID in it, we can assume that he created the key, and that he has access to the secret key which will allow him to sign messages.  But that's it, all we have is enough to assume, not enough to prove.

[nutildah]

At this point there is proof that Ploni has access to the secret key, or the ability to sign a message with it.  Anyone can create a GPG key and embed any user name they want into it, but the fact that Spartacus Ploni posted the key and it has his forum ID in it, we can assume that he created the key, and that he has access to the secret key which will allow him to sign messages.  But that's it, all we have is enough to assume, not enough to prove.

I was thinking about it and yes I suppose its more just a matter of common courtesy and/or protocol to sign a message from the key as proof of ownership. Theoretically, somebody could have created the key pair and the account and then handed off only the account to nullius er ploni baloney (though however unlikely), but much like Craig Wright's interpretation of private key ownership, signing a message with the key only proves that you own(ed) the key at that particular moment, so ultimately either way, well I guess, who really cares.

[DireWolfM14]

At this point there is no proof that Ploni has access to the secret key, or the ability to sign a message with it.  Anyone can create a GPG key and embed any user name they want into it, but the fact that Spartacus Ploni posted the key and it has his forum ID in it, we can assume that he created the key, and that he has access to the secret key which will allow him to sign messages.  But that's it, all we have is enough to assume, not enough to prove.

I was thinking about it and yes I suppose its more just a matter of common courtesy and/or protocol to sign a message from the key as proof of ownership. Theoretically, somebody could have created the key pair and the account and then handed off only the account to nullius er ploni baloney (though however unlikely), but much like Craig Wright's interpretation of private key ownership, signing a message with the key only proves that you own(ed) the key at that particular moment, so ultimately either way, well I guess, who really cares.

Sorry, I made a mistake in my post; I left out a small, yet very important word.

I do want to add that by creating the key and the forum account on the same day provides very compelling (if only circumstantial) evidence that indeed plonius created both the account and the key.  Like you said, it's highly unlikely that two separate individuals would be clamoring to claim a newbie account, and concoct a sinister plan that entails a PGP "work of art."

[PrimeNumber7]

At this point there is no proof that Ploni has access to the secret key, or the ability to sign a message with it.  Anyone can create a GPG key and embed any user name they want into it, but the fact that Spartacus Ploni posted the key and it has his forum ID in it, we can assume that he created the key, and that he has access to the secret key which will allow him to sign messages.  But that's it, all we have is enough to assume, not enough to prove.

By that logic, anyone who has posted a signed message has not proven they control the private key. Anyone can sign a message, and give that message to a third party to pass off as their own.

Based on the fact that the timestamp on the key generation matches the timestamp the account was created, and the UID being part of the userid shows that whoever created the private key intended to show association with the account. The account posting that he controls the GPG private key shows whoever is behind the account is intending to show he controls the private key. This is just as strong of evidence as a signed message.

The timestamp of the generation date is only the timestamp reflected on the computer when it was generated, and this is something that can be trivially changed. When you sign a message, the signed message will contain a small amount of metadata. I assume this is why Ploni doesn't want to provide a signed message.

[nullius]

Everybody who is debating over Ploni’s key is missing the point.

An OpenPGP userid is itself a digitally signed statement.  Ploni’s key (and indeed, every valid OpenPGP key) also contains within itself several other important digital signatures, which prevent attacks that the people arguing with me are too ignorant to even think of.

nutildah and dragonvslinux are stating misinformation that effectually FUDs the security of OpenPGP standard.  DireWolfM14 seemed to get it, but then just had to get in a dig at me—oops, wrong, too.  Everything that PrimeNumber7 said was technically correct; but he seemed to only be replying to the last post (please check the prior context).

His key is a work of art.

 

If that is a fancy means of saying, “TL;DR”, here is the TL;DR:

I did import the key and noticed that, but its still not the same thing as providing a signature along with the key. It is extremely compelling rationale that the public key belongs to this user but there is no substitution for producing a signature from the corresponding private key.

Wrong.  The PGP certificate contains a digital signature from the corresponding private key.  I explained this at length; and as I noted:

The signature is required.

I am all for the proper use of digital signatures.  That cause is not helped by misinformation which, on your part, seems to be motivated by a desire to personally oppose me.

The statement claiming a forum uid is digitally signed.  What other digital signatures do you want?  Perhaps a demonstration that Ploni can actually sign with his signing subkey—with any and all signing subkey(s)?  That would prevent Ploni from adding e.g. Satoshi’s public key to his public PGP certificate as a signing subkey, even though he couldn’t sign with it.  Such mischief may be of very limited use to fool people who don’t understand any more about PGP than you evidently do, or for some oddball attacks in scenarios not relevant here; it seems that should be trivial to do that with some custom programming to wrangle PGP packets, yes?

I doubt that you even thought that far:  Indeed, if somebody were to make multiple different signing subkeys and present a signed statement from only one of them, I doubt that you would even notice.  But even if you thought of this, the architects of the OpenPGP standard are still way ahead of you:  The primary (certification) key and each signing subkey MUST digitally sign each other.  And in Ploni’s case, they indeed did so:

Code:

$ gpg -v -v < ploni.asc 2>&1 | less
[...]
# off=937 ctb=b8 tag=14 hlen=2 plen=51
:public sub key packet:
        version 4, algo 22, created 1583879873, expires 0
        pkey[0]: [80 bits] ed25519 (1.3.6.1.4.1.11591.15.1)
        pkey[1]: [263 bits]
        keyid: B037730ED31FF9EB
# off=990 ctb=88 tag=2 hlen=2 plen=239
:signature packet: algo 22, keyid D50ED7B480AC5F96
        version 4, created 1583879873, md5len 0, sigclass 0x18
        digest algo 10, begin of digest 46 d6
        hashed subpkt 33 len 21 (issuer fpr v4 C79DD6973572969A0C2CFC9BD50ED7B480AC5F96)
        hashed subpkt 2 len 4 (sig created 2020-03-10)
        hashed subpkt 27 len 1 (key flags: 02)
        subpkt 16 len 8 (issuer key ID D50ED7B480AC5F96)
        subpkt 32 len 117 (signature: v4, class 0x19, algo 22, digest algo 10)
        data: [256 bits]
        data: [253 bits]
[...]

N.b. these two lines, particularly the magic numbers 0x18 and 0x19:

Code:

        version 4, created 1583879873, md5len 0, sigclass 0x18

        subpkt 32 len 117 (signature: v4, class 0x19, algo 22, digest algo 10)

What does that mean?

https://tools.ietf.org/html/rfc4880#section-5.2.1

5.2.1.  Signature Types

[...]

   0x18: Subkey Binding Signature
       This signature is a statement by the top-level signing key that
       indicates that it owns the subkey.  This signature is calculated
       directly on the primary key and subkey, and not on any User ID or
       other packets.  A signature that binds a signing subkey MUST have
       an Embedded Signature subpacket in this binding signature that
       contains a 0x19 signature made by the signing subkey on the
       primary key and subkey.

   0x19: Primary Key Binding Signature
       This signature is a statement by a signing subkey, indicating
       that it is owned by the primary key and subkey.  This signature
       is calculated the same way as a 0x18 signature: directly on the
       primary key and subkey, and not on any User ID or other packets.

https://tools.ietf.org/html/rfc2119

1. MUST   This word, or the terms "REQUIRED" or "SHALL", mean that the definition is an absolute requirement of the specification.

(Aside, those who want to know more OpenPGP magic numbers will want the IANA assignment list in addition to the RFC.)

Also relevant, just so that you know exactly what bits are being digitally signed:

https://tools.ietf.org/html/rfc4880#section-5.2.4

5.2.4.  Computing Signatures

[...]

   When a signature is made over a key, the hash data starts with the
   octet 0x99, followed by a two-octet length of the key, and then body
   of the key packet.  (Note that this is an old-style packet header for
   a key packet with two-octet length.)  A subkey binding signature
   (type 0x18) or primary key binding signature (type 0x19) then hashes
   the subkey using the same format as the main key (also using 0x99 as
   the first octet).  Key revocation signatures (types 0x20 and 0x28)
   hash only the key being revoked.

Thus, I count three different types of digital signatures that Ploni has provided—all of which were done automatically by his OpenPGP implementation, because the OpenPGP standard authors are also big fans of digital signatures (!):

• Ploni’s key contains within itself a digitally signed statement claiming ownership of his forum uid, in the forum of an OpenPGP userid.  This statement is digitally signed by the certification primary key, not the signing subkey.  (Due to the unusual split-key construction of his PGP certificate, I suspect that the certification key is probably handled using some sort of security magic (airgap machine, etc.).)  This digital signature is REQUIRED by the OpenPGP standard; and I have empirically demonstrated that if the signature is invalid, then GnuPG properly discards the userid with a warning.  Of course, all of his other PGP userids are likewise digitally signed.  So are any and all PGP userids created by anybody using OpenPGP standard software.
• Ploni’s key contains within itself a digitally signed statement by the primary key that it owns the signing subkey (sigclass 0x18).  This is REQUIRED by the OpenPGP standard.  Without this signature, OpenPGP-compliant software MUST reject the signing subkey.
• Ploni’s key contains within itself a digitally signed statement by the signing subkey (sigclass 0x19), acknowledging its ownership by the primary key.  This completes the bidirectional binding which is REQUIRED by the OpenPGP standard, and proves that the person possessing the private primary key also possesses the private subkey.  Without this signature, OpenPGP-compliant software MUST reject the signing subkey.

How many more digitally signed statements do you want?  Please explain in technically precise terms exactly what you want to see proved, and what attacks that is intended to prevent.  If you thought of an attack that the OpenPGP standard authors and other PGP experts totally missed for the nearly 29 years since the invention of PGP, please also report it to the OpenPGP IETF working group, which is currently active for the drafts of “RFC4880bis”.  Thanks.

(I do note that there is no proof that Ploni can decrypt messages encrypted to his encryption subkey.  The WKS draft standard implicitly requires a trusted server to test this ability before publishing a key with WKD.  The OpenPGP standard does not provide any means to prove ownership of an encryption subkey using digital signatures; and doing so would require much effort for little gain, even for algorithms for which that could possibly be sensible (such as cv25519/ed25519).  If you can think of a practical attack which could be done by falsely claiming ownership of an encryption-only subkey, please discuss it on the OpenPGP WG mailing list.)




I have added boldface to the part where nutildah misses the point that an OpenPGP userid is digitally signed:

I did import the key and noticed that, but its still not the same thing as providing a signature along with the key. It is extremely compelling rationale that the public key belongs to this user but there is no substitution for producing a signature from the corresponding private key.

In technical terms, nullius is right, but I agree with you.  The point nullius is missing is that here, on this site on of the practical purposes of staking a GPG key is not only to claim ownership of the key, but to couple the key with your forum account.  It's a security measure that could come in very handy if the account was ever hacked.

And what, praytell, is the practical difference between a digitally signed OpenPGP userid claiming a forum uid, and a `gpg --clearsign` statement claiming a forum uid?

In my prior post, I pointed out that it is impossible to cryptographically bind a non-cryptographic identity, such as a forum account.  Whereas posting a key with an embedded signed statement claiming the forum account is not functionally different than posting the key, plus a `gpg --clearsign` statement created almost simultaneously, with substantively the same content.

The timestamp of the generation date is only the timestamp reflected on the computer when it was generated, and this is something that can be trivially changed.

It’s even easier than that:  gpg’s `--faked-system-time` option with an exclamation mark.

I showed how to do this in my recent demonstration wherein I created my own Faketoshi key.  I thereby perfectly duplicated almost all metadata in Satoshi’s real key, including (but not nearly limited to) the timestamps—using only bog-standard gpg, with no custom programming.  (The only tiny bit of mismatched metadata would have required some trivial programming to fix; it would have been easy, but not worthwhile since my point had been made.)  I showed my work.  Anybody who follows my posts would have seen that.  Not that I am claiming credit for what Ploni did; I suspect that he has a very deep knowledge of the OpenPGP standard.

And how?  Trivial.

Code:

$ cat faketoshi.conf 
cert-digest-algo SHA1
default-preference-list AES256 AES192 AES128 CAST5 3DES SHA1 SHA256 RIPEMD160 ZLIB BZIP2 ZIP
$ gpg --faked-system-time "1225390759!" --options faketoshi.conf --expert --full-gen-key
[...]

When you sign a message, the signed message will contain a small amount of metadata. I assume this is why Ploni doesn't want to provide a signed message.

Good thought; this is an important point completely missed by most people.  But controlling the metadata is only a matter of some practical know-how.  Check my own PGP output.  Anything you find, I wanted there.  For example, you will not find any original filename unless I wanted to show one.  If Ploni knew well enough to construct his key as he did, then he must know well enough to avoid leaking metadata which he does not wish to disclose.


I have a little surprise in store.  It is pending blockchain confirmation.  It is significant, so I will post when that’s done.

[DireWolfM14]

And what, praytell, is the practical difference between a digitally signed OpenPGP userid claiming a forum uid, and a `gpg --clearsign` statement claiming a forum uid?

The forum ID proving ownership of the key.  Right now the owner of the key is claiming ownership of the forum account, and that's all we know for certain.  The owner of the forum account has not proven ownership of the key.  Only a signed message could do that.

[nullius]

I have a little surprise in store.  It is pending blockchain confirmation.  It is significant, so I will post when that’s done.

Appropriately made its own thread:  Nullian Verification.

The forum ID proving ownership of the key.  Right now the owner of the key is claiming ownership of the forum account, and that's all we know for certain.  The owner of the forum account has not proven ownership of the key.  Only a signed message could do that.

If posting the signed message saying, “I am bitcointalk.org u=XYZ” in the same post alongside initial publication of the key would suffice, then so should posting a key containing substantively the same signed message:  The cases are indistinguishable from a security perspective.

Would you please explain what type of attack scenario you have in mind, in which a person creates a Brand New forum account, and then within 8 hours thereafter posts a claim to a PGP key that he doesn’t actually control—but in which he somehow procured a digitally signed userid claiming his less-than-8-hours-old forum account, despite his lack of ability to sign with the key?


A general note (not only in response to DireWolfM14):

To avoid a false sense of security requires precise thinking about what each piece of evidence does or does not tend to prove.

What we want is a bidirectional binding between two identities:  (A) The forum account claiming the key, and (B) the key claiming the forum account.  Unfortunately, as I have repeatedly pointed out, (A) cannot be done cryptographically; the best that can be done is for the person who creates an account to post a claim to a key ASAP, as the user did here.  (B) can and must be done cryptographically.  (B) is only and exactly what would be proved by a signed statement.  It is equally, or even better proved by a certification on an OpenPGP userid; indeed, for a key to claim a non-cryptographic type of account (usually an e-mail address) is the whole purpose of the design of OpenPGP userids!

To be absolutely clear, all of this discussion is orthogonal to the question of what evidence later use of a PGP key can provide.  In the future, if the account’s integrity is in question (e.g., allegations that it was hacked), the person who claimed a public key now can then demonstrate continuing possession of the corresponding private key.  What we are now doing is trying to establish the initial association of  an account with a key and a key with an account.

So, again...

And what, praytell, is the practical difference between a digitally signed OpenPGP userid claiming a forum uid, and a `gpg --clearsign` statement claiming a forum uid?

(Pedantic note:  I emphasize the word practical, because the former <key → forum account> binding is certified (i.e., signed as a PGP userid) with the user’s certification-only primary key, and the latter would perforce be signed with a signing subkey certified by the certification-only primary key.  For the purpose of this discussion, that technical difference should have negligible impact—although I would assume that the certification key is handled with greater security; nobody does the split-key thing unless extreme measures are desired for the primary key.)

[nutildah]

The statement claiming a forum uid is digitally signed.  What other digital signatures do you want? 

An actual signed message from the key. Everything else is just you him wasting everybody's time.

[nullius]

The statement claiming a forum uid is digitally signed.  What other digital signatures do you want?  

An actual signed message from the key. Everything else is just you him wasting everybody's time.

For the nth time:  What is the substantial difference between a digital signature on a userid (plus the primary key binding signature from the signing subkey, which I doubt you even understand the significance of)—and a digital signature on a clearsigned text file with substantially the same content, posted together with the initial publication of the key?

You have been wasting my time providing you with patient technical explanations that either you are too lazy to read, or you are too stupid to understand.  For you to attempt insulting me is despicable.  Either explain in technical terms why I am so terribly wrong, which logically requires answering the above question, or fork off with your security theatre.

[nutildah]

The statement claiming a forum uid is digitally signed.  What other digital signatures do you want?  

An actual signed message from the key. Everything else is just you him wasting everybody's time.

For the nth time:  What is the substantial difference between a digital signature on a userid (plus the primary key binding signature from the signing subkey, which I doubt you even understand the significance of)—and a digital signature on a clearsigned text file with substantially the same content, posted together with the initial publication of the key?

You have been wasting my time providing you with patient technical explanations that either you are too lazy to read, or you are too stupid to understand.  For you to attempt insulting me is despicable.  Either explain in technical terms why I am so terribly wrong, which logically requires answering the above question, or fork off with your security theatre.

Producing a signature using the private key is proof of ownership of the paired public key. Producing a public key in itself is not proof of possession of the paired private key, regardless of what extra features are embedded in that key. This is a logically simple concept and should be fairly easy to understand.

Like I said earlier, what if somebody created the account and the key pair at the same time, and then passed off the account to somebody else while keeping the key pair for themselves? Was the post with the public key also timestamped at the exact same moment of creation as the account and key pair? Obviously no, it wasn't.

You're asking us to assume the public key is theirs because of the embedded data within the key, and that's fine, but if I were serious about cryptography I wouldn't use that as a substitution for production of a signature using the private key. I would ask for more substantial proof of ownership before attempting to send an encrypted message to that person.

Regardless, as I'll never have any interaction with ploney baloney that needs to be encrypted I really don't care, nor do I think they will ever say anything of importance for which their signature is required to authenticate they are the one saying it, so its a moot point.

Others are welcome to disagree with my interpretation, and that's fine.

[nullius]

When time permits, I must catch up with important replies on various threads.  First things first:  Assuring communications security.

Refreshed key.  The only change:  New certification signature on the same old encryption subkey.  No need to quote; it is the same key as I have been using since 2017, only with a new self-signature omitting the key expiration time (subpacket type 9) for one subkey.  As a separate matter, fresh verifications are periodically made here.

Code:

-----BEGIN PGP PUBLIC KEY BLOCK-----

mDMEWNCx5RYJKwYBBAHaRw8BAQdAbYq4lHj3xqG+Lu5/y/YuPNBGtvFlHolTGdys
1JWnWAu0Gk51bGxpdXMgPG51bGxpdXNAbnltLnpvbmU+iJEEExYKADkCGwEDCwkN
BRUKCQgLBRYCAwEAAh4BAheAFiEEwukc10pMV6EF9sIbWgBZGy8wfgwFAljbU+IC
GQEACgkQWgBZGy8wfgwJswD9GX9sAFccqAcarTv03qJFc6RCTmeE6oh3pdH0IuzI
paUBAJ3MSUInQr1f6Ds97GS02K4wVWfRIgLAtqyE1LBzFtgHiQI3BBABCgAhFiEE
ojJ1BmTMOdYc5dYVNuu0q2maEO4FAlqxJZoDBQJ4AAoJEDbrtKtpmhDuMi0QANav
Fuj5RW1ahrfcJgB/YLIPHB4al2Uj8cGhMCRZ1GJ9JfVuHtDn9YcfiQmitamxdRFk
f453rXK5SnA/M7+Aykh0arke2/qBPxOJiQ1AnPq5NC/nkqAOi07r11TpCmFctu3E
HBYpDU1J61+TZsMi5AeqwRrnwmXqDelPFCWs7x6Qf5mKYcir6kpC9vEayCHvaF7p
IAbc1m1bO5sjnj1eBQjSJNQHK3H3qpztN5g46FxIePrX2V+aGYinpB1r8mHGUAX2
7RfJ1emI5ysFdds7yAFt6j6z4Fu28ERLoyR3Ui12Mg4/E5TeZyxD8RQB2hYwiBfo
uWTu+FDNUN4Cp3IGrqHcNfFydnnpqCXuS7/Otz7JKTYTH2qpJnzekl46xnxU+5f2
9BV9C7++FRpP04OHNLvH5TNol2tRDfp+11sTxE0/3mVHZ+T1ZcegdpGUnQDq1AfC
7aNgiNudiU7sBTWEhYLHqn1J+hVoSR76ri+pPVmqJkCuE358pLjHZ8gusXQAQCyc
4P89sQM8bNMrm4cJpwomB+K8XWCzlgdHDCspMqxFhnHvICAlljE8HihR26QbbV8Z
IJCGldjSlpFOmSfRjkIQJsI1uFQ95G6T9VckuoA/WEF8GsDI96nWUQdNzubYj9TZ
K5OHbUJFL8vJyZwwFjgN9QosV774GMdkXGGSbhe6tENOdWxsaXVzIChUTFMtZW5m
b3JjZWQgbWFpbDsgdXNlIHRoaXMhKSA8bnVsbGl1c0BzZWN1cmUubWFpbGJveC5v
cmc+iK4EMBYKAFYWIQTC6RzXSkxXoQX2whtaAFkbLzB+DAUCXg/MADgdIG1haWxi
b3gub3JnIHN0b3BwZWQgYWNjZXB0aW5nIEJpdGNvaW47IGFjY291bnQgY2xvc2Vk
LgAKCRBaAFkbLzB+DM5EAP47xMioRUVvVWUT1FboeTiwGzqt15OrSdv8mLMDSoFt
YAEAwtL3Sea7Bc1o8KSThdx2LuI32dy+/BinymZ7Oj7LGgSIjgQTFgoANgIbAQML
CQ0FFQoJCAsFFgIDAQACHgECF4AWIQTC6RzXSkxXoQX2whtaAFkbLzB+DAUCWNtT
4gAKCRBaAFkbLzB+DIqCAQCrXIwb5801w3oIXMcI6/UVvK93QJ8+/TRec2HGId+g
zAEAr0n0yuzFqbKQg2yXBGZLfmBBdBLy8vWk0KtsrLPIYAy0HU51bGxpdXMgPG51
bGxpdXNAbWFpbGJveC5vcmc+iK4EMBYKAFYWIQTC6RzXSkxXoQX2whtaAFkbLzB+
DAUCXg/MIzgdIG1haWxib3gub3JnIHN0b3BwZWQgYWNjZXB0aW5nIEJpdGNvaW47
IGFjY291bnQgY2xvc2VkLgAKCRBaAFkbLzB+DL1kAQDS7xuKficcslnB4HeLDOTa
2XQe3RSA6JyyApVQIoNZygD/XuAg6qizuuHyZ2El8vNVo1GBglzBtgKZQ4s9Ll+R
+AGIjgQTFgoANhYhBMLpHNdKTFehBfbCG1oAWRsvMH4MBQJY21OdAhsBAwsJDQUV
CgkICwUWAgMBAAIeAQIXgAAKCRBaAFkbLzB+DISSAP9ok7iHIuvIZBTcaFaTxPCq
0SjbHm6oQX7QG5P4dsDDxgD/cgVCfYPsACT3k4TkwddBPzWUirKRaNclfPGGG837
5gS0H251bGxpdXMgPG51bGxpdXNAYml0Y3VsdC5mYWl0aD6IjgQTFgoANhYhBMLp
HNdKTFehBfbCG1oAWRsvMH4MBQJasSRWAhsBAwsJDQUVCgkICwUWAgMBAAIeAQIX
gAAKCRBaAFkbLzB+DO1vAP9zhPQOqfdhw0P6Ea64cBMjE2bL3FOmoVQsAkGsrTqt
hAEAiyJ+6XKKV7P1dkTLx08P7wpwQM94CJKsaPMJXsG7uQW0M0JpdGNvaW4gRm9y
dW0gdWlkIDk3NjIxMCAoaHR0cHM6Ly9iaXRjb2ludGFsay5vcmcvKYiOBBMWCgA2
FiEEwukc10pMV6EF9sIbWgBZGy8wfgwFAlqxJLICGwEDCwkNBRUKCQgLBRYCAwEA
Ah4BAheAAAoJEFoAWRsvMH4MwT0BANIE/0JssDpB0qKdTCyo8bmr1Ch4uSuDoPTq
Pxa1HatxAQCSeK3enHwkFyxia/cCpb3+hfEbuS+/JadaBvgKxb82BbgzBFjQseUW
CSsGAQQB2kcPAQEHQCbPsq7uabzPS60W89XkGkDKJyuz9rF6RNjqHbIls3G2iO8E
GBYKACAWIQTC6RzXSkxXoQX2whtaAFkbLzB+DAUCWNCx5QIbAgCBCRBaAFkbLzB+
DHYgBBkWCgAdFiEEjTjEfOCJWKa/xBebxCeTFZ+e+UkFAljQseUACgkQxCeTFZ+e
+UmX/AD/Wi4k1gJEVb3FCnHsxUPfFLDS3aOcmpTNPeqQMVTh3ZoA/1blIhhrENvT
qydnVnQ4inP3n4dWkDaVtbR8W0DjfGsHapMBAPqTAt8zDpzl0UOAHlxRlhgNpDDw
7CkMkf2eX0DtRmh6AP0diPXIcb4oHYtv2gmKAZQd+dtjQ/2F7tM4BwjkjlMeArg4
BFjbUIwSCisGAQQBl1UBBQEBB0BDDMv3gd+9/0otZJwJqeBt1+BQLCpDfCoEZsWv
1BQKPAMBCAeIeAQYFgoAIAIbDBYhBMLpHNdKTFehBfbCG1oAWRsvMH4MBQJegShw
AAoJEFoAWRsvMH4MgyEBAMY+LWoRoAxfI6GNOTmgEFPl5pb45c/SaYtWAXKqKi92
AP9tP949evWDdRQVgdptg0XzDgDXOiapdtRA/zSPyiEmD7gzBFjbUOIWCSsGAQQB
2kcPAQEHQAnpQKP+nMivdbqH4Gak1mrDj+SeAJ+XjQ5VUzor8MX7iH4EGBYKACYW
IQTC6RzXSkxXoQX2whtaAFkbLzB+DAUCWNtQ4gIbIAUJA8JnAAAKCRBaAFkbLzB+
DPloAQCBFf1Yfeg//7t0fLII+ciyWYI9mbwlSZC/XCK5fUwXlAEAv3IEqIll434K
AG33e2Z6kQ4xNYa4b74oG0dO1hm2lgw=
=Sr1A
-----END PGP PUBLIC KEY BLOCK-----

I do not generally recommend setting such short expirations as I had been using on my encryption subkey.  I have done that in the expectation that I would upgrade my keymat handling in ways that I do not wish to discuss publicly, and issue a new subkey.  Plans have been delayed.  Now, as a hedge against future uncertainties (and in view of my own abysmal past performance in keeping this updated), I have removed the expiration date so as to assure that people will always have some means to encrypt a message to me.  If or when I complete the upgrade, then I should just revoke the old encryption subkey.  It is not known or suspected to be compromised in any way.

~

I did not reply before, because you gave a substantive response that I think warrants discussion best split off to a new thread; and my attention has been diverted elsewhere, unfortunately.

(It would be good to pick up a technical discussion about practical cryptographic security, instead of wading through another myriad posts about how Bill Gates created the coronavirus to push you to use vaccines instead of taking megadoses of Vitamin C, or whatever—ahem.)

In brief, I think that you have a flawed threat model based on an incomplete understanding of what various uses of signatures do and don’t prove.  It is an important issue.  I should take it up sometime.

Like I said earlier, what if somebody created the account and the key pair at the same time, and then passed off the account to somebody else while keeping the key pair for themselves? Was the post with the public key also timestamped at the exact same moment of creation as the account and key pair? Obviously no, it wasn't.

I don’t see any practical freshness problem, whereas the user posted a key containing within itself a signature on a forum account uid within eight hours after that forum account was created.

Timestamps on signatures can be trivially faked, anyway.  `man gpg`, look for `--faked-system-time`.  In your scenario, why couldn’t the user create a forward-dated signed statement, then pass off the account and the signed statement (but not the private key)?  If the new account holder is willing to post a public key (with userid claiming the account) for which he does not control the corresponding private key, then he would also be willing to post a forward-dated signed statement; and in any case, the parties are colluding in a way that is almost impossible to detect or prevent.  Moreover, given that both new PGP keys and brand-new forum accounts are easy to create, I do not even see what an attacker would be trying to accomplish in the scenario that you stated.

It is for reason of the ease of forward-dating signature timestamps that in the Nullian Verifiation thread, I include the infeasible-to-predict current information such as the past few Bitcoin block hashes within the signed statement.  Satoshi included a current news headline in the Genesis Block for the same purpose.  Add OpenTimestamps to prevent backdating, and the time of actual signing is strongly evidenced to be within a very short window.

For example, the signature on 2020-03-15 verification is strongly evidenced to have been created before Bitcoin block height 621774 (per OpenTimestamps), and after block height 621772 (for which the signed message contains the block hash, plus the nine preceding block hashes).  I do believe that that is stronger evidence of the time of a signature than anybody has ever provided in these forum PGP threads!

[Timelord2067]

When time permits, I must catch up with important replies on various threads.  First things first:  Assuring communications security.

Refreshed key.  The only change:  New certification signature on the same old encryption subkey.  No need to quote; it is the same key as I have been using since 2017, only with a new self-signature omitting the key expiration time (subpacket type 9) for one subkey.  As a separate matter, fresh verifications are periodically made here.

Code:

-----BEGIN PGP PUBLIC KEY BLOCK-----

mDMEWNCx5RYJKwYBBAHaRw8BAQdAbYq4lHj3xqG+Lu5/y/YuPNBGtvFlHolTGdys
1JWnWAu0Gk51bGxpdXMgPG51bGxpdXNAbnltLnpvbmU+iJEEExYKADkCGwEDCwkN
BRUKCQgLBRYCAwEAAh4BAheAFiEEwukc10pMV6EF9sIbWgBZGy8wfgwFAljbU+IC
GQEACgkQWgBZGy8wfgwJswD9GX9sAFccqAcarTv03qJFc6RCTmeE6oh3pdH0IuzI
paUBAJ3MSUInQr1f6Ds97GS02K4wVWfRIgLAtqyE1LBzFtgHiQI3BBABCgAhFiEE
ojJ1BmTMOdYc5dYVNuu0q2maEO4FAlqxJZoDBQJ4AAoJEDbrtKtpmhDuMi0QANav
Fuj5RW1ahrfcJgB/YLIPHB4al2Uj8cGhMCRZ1GJ9JfVuHtDn9YcfiQmitamxdRFk
f453rXK5SnA/M7+Aykh0arke2/qBPxOJiQ1AnPq5NC/nkqAOi07r11TpCmFctu3E
HBYpDU1J61+TZsMi5AeqwRrnwmXqDelPFCWs7x6Qf5mKYcir6kpC9vEayCHvaF7p
IAbc1m1bO5sjnj1eBQjSJNQHK3H3qpztN5g46FxIePrX2V+aGYinpB1r8mHGUAX2
7RfJ1emI5ysFdds7yAFt6j6z4Fu28ERLoyR3Ui12Mg4/E5TeZyxD8RQB2hYwiBfo
uWTu+FDNUN4Cp3IGrqHcNfFydnnpqCXuS7/Otz7JKTYTH2qpJnzekl46xnxU+5f2
9BV9C7++FRpP04OHNLvH5TNol2tRDfp+11sTxE0/3mVHZ+T1ZcegdpGUnQDq1AfC
7aNgiNudiU7sBTWEhYLHqn1J+hVoSR76ri+pPVmqJkCuE358pLjHZ8gusXQAQCyc
4P89sQM8bNMrm4cJpwomB+K8XWCzlgdHDCspMqxFhnHvICAlljE8HihR26QbbV8Z
IJCGldjSlpFOmSfRjkIQJsI1uFQ95G6T9VckuoA/WEF8GsDI96nWUQdNzubYj9TZ
K5OHbUJFL8vJyZwwFjgN9QosV774GMdkXGGSbhe6tENOdWxsaXVzIChUTFMtZW5m
b3JjZWQgbWFpbDsgdXNlIHRoaXMhKSA8bnVsbGl1c0BzZWN1cmUubWFpbGJveC5v
cmc+iK4EMBYKAFYWIQTC6RzXSkxXoQX2whtaAFkbLzB+DAUCXg/MADgdIG1haWxi
b3gub3JnIHN0b3BwZWQgYWNjZXB0aW5nIEJpdGNvaW47IGFjY291bnQgY2xvc2Vk
LgAKCRBaAFkbLzB+DM5EAP47xMioRUVvVWUT1FboeTiwGzqt15OrSdv8mLMDSoFt
YAEAwtL3Sea7Bc1o8KSThdx2LuI32dy+/BinymZ7Oj7LGgSIjgQTFgoANgIbAQML
CQ0FFQoJCAsFFgIDAQACHgECF4AWIQTC6RzXSkxXoQX2whtaAFkbLzB+DAUCWNtT
4gAKCRBaAFkbLzB+DIqCAQCrXIwb5801w3oIXMcI6/UVvK93QJ8+/TRec2HGId+g
zAEAr0n0yuzFqbKQg2yXBGZLfmBBdBLy8vWk0KtsrLPIYAy0HU51bGxpdXMgPG51
bGxpdXNAbWFpbGJveC5vcmc+iK4EMBYKAFYWIQTC6RzXSkxXoQX2whtaAFkbLzB+
DAUCXg/MIzgdIG1haWxib3gub3JnIHN0b3BwZWQgYWNjZXB0aW5nIEJpdGNvaW47
IGFjY291bnQgY2xvc2VkLgAKCRBaAFkbLzB+DL1kAQDS7xuKficcslnB4HeLDOTa
2XQe3RSA6JyyApVQIoNZygD/XuAg6qizuuHyZ2El8vNVo1GBglzBtgKZQ4s9Ll+R
+AGIjgQTFgoANhYhBMLpHNdKTFehBfbCG1oAWRsvMH4MBQJY21OdAhsBAwsJDQUV
CgkICwUWAgMBAAIeAQIXgAAKCRBaAFkbLzB+DISSAP9ok7iHIuvIZBTcaFaTxPCq
0SjbHm6oQX7QG5P4dsDDxgD/cgVCfYPsACT3k4TkwddBPzWUirKRaNclfPGGG837
5gS0H251bGxpdXMgPG51bGxpdXNAYml0Y3VsdC5mYWl0aD6IjgQTFgoANhYhBMLp
HNdKTFehBfbCG1oAWRsvMH4MBQJasSRWAhsBAwsJDQUVCgkICwUWAgMBAAIeAQIX
gAAKCRBaAFkbLzB+DO1vAP9zhPQOqfdhw0P6Ea64cBMjE2bL3FOmoVQsAkGsrTqt
hAEAiyJ+6XKKV7P1dkTLx08P7wpwQM94CJKsaPMJXsG7uQW0M0JpdGNvaW4gRm9y
dW0gdWlkIDk3NjIxMCAoaHR0cHM6Ly9iaXRjb2ludGFsay5vcmcvKYiOBBMWCgA2
FiEEwukc10pMV6EF9sIbWgBZGy8wfgwFAlqxJLICGwEDCwkNBRUKCQgLBRYCAwEA
Ah4BAheAAAoJEFoAWRsvMH4MwT0BANIE/0JssDpB0qKdTCyo8bmr1Ch4uSuDoPTq
Pxa1HatxAQCSeK3enHwkFyxia/cCpb3+hfEbuS+/JadaBvgKxb82BbgzBFjQseUW
CSsGAQQB2kcPAQEHQCbPsq7uabzPS60W89XkGkDKJyuz9rF6RNjqHbIls3G2iO8E
GBYKACAWIQTC6RzXSkxXoQX2whtaAFkbLzB+DAUCWNCx5QIbAgCBCRBaAFkbLzB+
DHYgBBkWCgAdFiEEjTjEfOCJWKa/xBebxCeTFZ+e+UkFAljQseUACgkQxCeTFZ+e
+UmX/AD/Wi4k1gJEVb3FCnHsxUPfFLDS3aOcmpTNPeqQMVTh3ZoA/1blIhhrENvT
qydnVnQ4inP3n4dWkDaVtbR8W0DjfGsHapMBAPqTAt8zDpzl0UOAHlxRlhgNpDDw
7CkMkf2eX0DtRmh6AP0diPXIcb4oHYtv2gmKAZQd+dtjQ/2F7tM4BwjkjlMeArg4
BFjbUIwSCisGAQQBl1UBBQEBB0BDDMv3gd+9/0otZJwJqeBt1+BQLCpDfCoEZsWv
1BQKPAMBCAeIeAQYFgoAIAIbDBYhBMLpHNdKTFehBfbCG1oAWRsvMH4MBQJegShw
AAoJEFoAWRsvMH4MgyEBAMY+LWoRoAxfI6GNOTmgEFPl5pb45c/SaYtWAXKqKi92
AP9tP949evWDdRQVgdptg0XzDgDXOiapdtRA/zSPyiEmD7gzBFjbUOIWCSsGAQQB
2kcPAQEHQAnpQKP+nMivdbqH4Gak1mrDj+SeAJ+XjQ5VUzor8MX7iH4EGBYKACYW
IQTC6RzXSkxXoQX2whtaAFkbLzB+DAUCWNtQ4gIbIAUJA8JnAAAKCRBaAFkbLzB+
DPloAQCBFf1Yfeg//7t0fLII+ciyWYI9mbwlSZC/XCK5fUwXlAEAv3IEqIll434K
AG33e2Z6kQ4xNYa4b74oG0dO1hm2lgw=
=Sr1A
-----END PGP PUBLIC KEY BLOCK-----

I do not generally recommend setting such short expirations as I had been using on my encryption subkey.  I have done that in the expectation that I would upgrade my keymat handling in ways that I do not wish to discuss publicly, and issue a new subkey.  Plans have been delayed.  Now, as a hedge against future uncertainties (and in view of my own abysmal past performance in keeping this updated), I have removed the expiration date so as to assure that people will always have some means to encrypt a message to me.  If or when I complete the upgrade, then I should just revoke the old encryption subkey.  It is not known or suspected to be compromised in any way.

~

I did not reply before, because you gave a substantive response that I think warrants discussion best split off to a new thread; and my attention has been diverted elsewhere, unfortunately.

(It would be good to pick up a technical discussion about practical cryptographic security, instead of wading through another myriad posts about how Bill Gates created the coronavirus to push you to use vaccines instead of taking megadoses of Vitamin C, or whatever—ahem.)

In brief, I think that you have a flawed threat model based on an incomplete understanding of what various uses of signatures do and don’t prove.  It is an important issue.  I should take it up sometime.

Like I said earlier, what if somebody created the account and the key pair at the same time, and then passed off the account to somebody else while keeping the key pair for themselves? Was the post with the public key also timestamped at the exact same moment of creation as the account and key pair? Obviously no, it wasn't.

I don’t see any practical freshness problem, whereas the user posted a key containing within itself a signature on a forum account uid within eight hours after that forum account was created.

Timestamps on signatures can be trivially faked, anyway.  `man gpg`, look for `--faked-system-time`.  In your scenario, why couldn’t the user create a forward-dated signed statement, then pass off the account and the signed statement (but not the private key)?  If the new account holder is willing to post a public key (with userid claiming the account) for which he does not control the corresponding private key, then he would also be willing to post a forward-dated signed statement; and in any case, the parties are colluding in a way that is almost impossible to detect or prevent.  Moreover, given that both new PGP keys and brand-new forum accounts are easy to create, I do not even see what an attacker would be trying to accomplish in the scenario that you stated.

It is for reason of the ease of forward-dating signature timestamps that in the Nullian Verifiation thread, I include the infeasible-to-predict current information such as the past few Bitcoin block hashes within the signed statement.  Satoshi included a current news headline in the Genesis Block for the same purpose.  Add OpenTimestamps to prevent backdating, and the time of actual signing is strongly evidenced to be within a very short window.

For example, the signature on 2020-03-15 verification is strongly evidenced to have been created before Bitcoin block height 621774 (per OpenTimestamps), and after block height 621772 (for which the signed message contains the block hash, plus the nine preceding block hashes).  I do believe that that is stronger evidence of the time of a signature than anybody has ever provided in these forum PGP threads!

Message Quoted and archived for future reference:

Archive [1a], [1b]

[Cence]

Please witness my PGP public key and fingerprint for future references.

Fingerprint:

Code:

DC7E D292 B66C 9B2F C162 7600 6935 74EB D9F2 5774

Public Key:

Code:

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQENBF6ahmgBCADLtsq3fIPnz1u8e6mm6vEWw5tUkKoA9BSlPONYSYsDT5Hlc02h
pc9CLjVWnX/06I4vNcJKdYLCWd7zJvKKFWuF1YH+/qM9oM2GC6Mg+fgyg/j0wJsY
qCgRrBHFU9rbOV3Mr5H9naprcIGrkIRImjtUJ/0I0DSJztySA556R2pxa87BFLmk
euoBbEWUEYCXTk+ZiOA5mkUDuhramFI966J+g694JC1i+uHAyyVwYnQUhKK8sHSk
9DmnedEBydPeTljFgvCHx60wmopSuogWyBWZgtStXJ1V8ukW7WeTMeUEb9XgPxxN
X+1qJYs+vk0UGq4Dncsqen0BhnQS/dtT2nqjABEBAAG0HkNlbmNlIDxpbWNlbmNl
QHByb3Rvbm1haWwuY29tPokBTgQTAQoAOBYhBNx+0pK2bJsvwWJ2AGk1dOvZ8ld0
BQJemoZoAhsvBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEGk1dOvZ8ld0uZsI
AKwDpB+hFSNoeQCBfwxPkQhp97dbdJWfkN0AtMz8pnpCry0npDh+O1WS6deyWnAt
seznibZsCVTItrZkV7KpF4OrGnY65L2XlE0QjbLeQk+kPwPubb/3zJc0EwU0XUlM
gNsSKledjD8p2LOFb8SUOj60sYOmobtpPHckdfIpgxAxY7tE816wrNJ+AJSAmwlv
8jTxArFlykylFI/GBZfMyQmIL2Sa1mik+fIJh+BMBwlPx8bXlK2CqzOmvYvgxvPw
Ke78n2OT5wVK6yYHBFUg1k9C1ySePHEoJFvkUFk5sL6xyhYYmX6qiP609tpiP9Ku
DDiR5coidGgtyhQGhPSFIdS5AQ0EXpqGaAEIAMVnLtool0Ina/nA87Cdgg77MY8D
6oWPUPQcxM8DiXP7YGnhsIRtbN5mLcEG+AtrXWx6b3pGRwjp79wk45Bs/pyo12gI
5U/bIabZthT0B5NToedMjQeSROvpUFQi3Q092nWA25h6t4FhFAAp8JCg6TBsanxH
fxW52UbcYZ3RbCCyhMp53fCqEbYp6Sx0pYgIJ2KdUUz778jBdQXOhIAjBxbakECi
JkT8qKEgQmSBh7GWWWENn12mIEACMZT2LE6Qh+9t1zSooGoFDqIHit1zCFHtC+WM
Kjim2DVuInx0rjwkjRpFi0iPwZJvS/Q3VuFrHaHkLUZwR/ImqROLr9B0nsMAEQEA
AYkCbAQYAQoAIBYhBNx+0pK2bJsvwWJ2AGk1dOvZ8ld0BQJemoZoAhsuAUAJEGk1
dOvZ8ld0wHQgBBkBCgAdFiEEEiT+UUQWDirMdET9aliN31wCfdEFAl6ahmgACgkQ
aliN31wCfdE+kQf9GXZwR/7/0kwRu5kKBya0fxFFHNZ+IB5VsxLjQgFJTeIBwbnr
NJOmh4XMXWMtO0PqQAVyCoYOhMXWoRhJ0yCOcRf99W3ecQNq3IidLNNZAHR6d308
7xYscjNQm+seEYs/YBxeD9NlwZKjcRiw3sWCh+w3V4ScthJLNc/TlwvoQgVT6zVF
nbSUqD7Fb20bxh0i7Xy3xuPdzczOsowiyZO0kkkI2+9WDHZGCm0atqhHY7x65FYB
8VM2V+lzgCncR/RbODykfRzVaKgDAPzP1IGZkHw/1AHRU+9Itkqo/dBA+J9LMXAZ
jlUM5idfM6RE2DKjr253jBB4kSTJLVsWiR2jRZlFB/4qC3RtWT7uD6ATEuom+HWi
r0x/VzV3XFOzi2OeIgCejtVOTBuhK3rpm8/6eOHfXhJ+NMWbSOCy0IMkvCIv9Sre
QjnlBQCovQtjdRZC6u3JIa3NTWEAom0NECkp3uebfMjXUKxkwnT9RSpNTY5+JRAy
mZa+Eyw/0/sGyfmAK8qKfNnWnA4my9Svk1SwqGPqdyFRHjGNQNY7aOED1XfD8kj2
m+rUA0u0IQNW5ASpP3J1UE/6mwHr5/g4LMASbcnsGZN2Tx6PDZQKaTHsEDm7lppl
CY3KpgwRiXqQizIOQtM1X6YoKiCIHCIbRA7u4ebn3A6pC7OjJ+fMu9LSWFgZkrf5
=0emQ
-----END PGP PUBLIC KEY BLOCK-----

[Timelord2067]

Please witness my PGP public key and fingerprint for future references.

Fingerprint:

Code:

DC7E D292 B66C 9B2F C162 7600 6935 74EB D9F2 5774

Public Key:

Code:

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQENBF6ahmgBCADLtsq3fIPnz1u8e6mm6vEWw5tUkKoA9BSlPONYSYsDT5Hlc02h
pc9CLjVWnX/06I4vNcJKdYLCWd7zJvKKFWuF1YH+/qM9oM2GC6Mg+fgyg/j0wJsY
qCgRrBHFU9rbOV3Mr5H9naprcIGrkIRImjtUJ/0I0DSJztySA556R2pxa87BFLmk
euoBbEWUEYCXTk+ZiOA5mkUDuhramFI966J+g694JC1i+uHAyyVwYnQUhKK8sHSk
9DmnedEBydPeTljFgvCHx60wmopSuogWyBWZgtStXJ1V8ukW7WeTMeUEb9XgPxxN
X+1qJYs+vk0UGq4Dncsqen0BhnQS/dtT2nqjABEBAAG0HkNlbmNlIDxpbWNlbmNl
QHByb3Rvbm1haWwuY29tPokBTgQTAQoAOBYhBNx+0pK2bJsvwWJ2AGk1dOvZ8ld0
BQJemoZoAhsvBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEGk1dOvZ8ld0uZsI
AKwDpB+hFSNoeQCBfwxPkQhp97dbdJWfkN0AtMz8pnpCry0npDh+O1WS6deyWnAt
seznibZsCVTItrZkV7KpF4OrGnY65L2XlE0QjbLeQk+kPwPubb/3zJc0EwU0XUlM
gNsSKledjD8p2LOFb8SUOj60sYOmobtpPHckdfIpgxAxY7tE816wrNJ+AJSAmwlv
8jTxArFlykylFI/GBZfMyQmIL2Sa1mik+fIJh+BMBwlPx8bXlK2CqzOmvYvgxvPw
Ke78n2OT5wVK6yYHBFUg1k9C1ySePHEoJFvkUFk5sL6xyhYYmX6qiP609tpiP9Ku
DDiR5coidGgtyhQGhPSFIdS5AQ0EXpqGaAEIAMVnLtool0Ina/nA87Cdgg77MY8D
6oWPUPQcxM8DiXP7YGnhsIRtbN5mLcEG+AtrXWx6b3pGRwjp79wk45Bs/pyo12gI
5U/bIabZthT0B5NToedMjQeSROvpUFQi3Q092nWA25h6t4FhFAAp8JCg6TBsanxH
fxW52UbcYZ3RbCCyhMp53fCqEbYp6Sx0pYgIJ2KdUUz778jBdQXOhIAjBxbakECi
JkT8qKEgQmSBh7GWWWENn12mIEACMZT2LE6Qh+9t1zSooGoFDqIHit1zCFHtC+WM
Kjim2DVuInx0rjwkjRpFi0iPwZJvS/Q3VuFrHaHkLUZwR/ImqROLr9B0nsMAEQEA
AYkCbAQYAQoAIBYhBNx+0pK2bJsvwWJ2AGk1dOvZ8ld0BQJemoZoAhsuAUAJEGk1
dOvZ8ld0wHQgBBkBCgAdFiEEEiT+UUQWDirMdET9aliN31wCfdEFAl6ahmgACgkQ
aliN31wCfdE+kQf9GXZwR/7/0kwRu5kKBya0fxFFHNZ+IB5VsxLjQgFJTeIBwbnr
NJOmh4XMXWMtO0PqQAVyCoYOhMXWoRhJ0yCOcRf99W3ecQNq3IidLNNZAHR6d308
7xYscjNQm+seEYs/YBxeD9NlwZKjcRiw3sWCh+w3V4ScthJLNc/TlwvoQgVT6zVF
nbSUqD7Fb20bxh0i7Xy3xuPdzczOsowiyZO0kkkI2+9WDHZGCm0atqhHY7x65FYB
8VM2V+lzgCncR/RbODykfRzVaKgDAPzP1IGZkHw/1AHRU+9Itkqo/dBA+J9LMXAZ
jlUM5idfM6RE2DKjr253jBB4kSTJLVsWiR2jRZlFB/4qC3RtWT7uD6ATEuom+HWi
r0x/VzV3XFOzi2OeIgCejtVOTBuhK3rpm8/6eOHfXhJ+NMWbSOCy0IMkvCIv9Sre
QjnlBQCovQtjdRZC6u3JIa3NTWEAom0NECkp3uebfMjXUKxkwnT9RSpNTY5+JRAy
mZa+Eyw/0/sGyfmAK8qKfNnWnA4my9Svk1SwqGPqdyFRHjGNQNY7aOED1XfD8kj2
m+rUA0u0IQNW5ASpP3J1UE/6mwHr5/g4LMASbcnsGZN2Tx6PDZQKaTHsEDm7lppl
CY3KpgwRiXqQizIOQtM1X6YoKiCIHCIbRA7u4ebn3A6pC7OjJ+fMu9LSWFgZkrf5
=0emQ
-----END PGP PUBLIC KEY BLOCK-----

Message quoted and Archived [1a], [1b] for future reference.

[NotATether]

[archived]

Well I put my website here so it's useful to validate I actually own it among other rules I would like to establish about using my keys.

Code:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

NotATether is Ali Sherief in real life.

The PGP key used at present, F97D 7A6F B057 3979 F3F3 D69E CBF5 E4B3 D574 8A37, is strictly for the purpose of producing signed messages on bitcointalk only. It is not to be trusted for any other purpose.

The other PGP key I control, 2789 4325 9F53 D9EB 45CD 9B26 4936 B8C3 ACA7 BEFB, is to be used everywhere else except for Bitcointalk. Do not accept signed messages placed on the forum signed by this key.

The only scenario where the 2789 key is used here and should be trusted here is its use to make encrypted Private Messages (PMs), the key I prefer you send me encrypted email with. Though I will also accept email encrypted with the bitcointalk key but I discourage it.

Information about this event is also in https://zenulabidin.github.io/#/keys. In the event of any conflict, the content in this signed message prevails.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBCAAGBQJeqiF+AAoJEMv15LPVdIo3U2cP/2J2gExEur087bU4geQ7LpYp
j0tAMg9BHBLHsNi/XuZGpbD/PgFoMjcadtFbS0A6Xje8La6sSYZQkc2HBV5/Z8U7
XK02ouKCEMKd+LGs7wqp/HLQVvnk4rTIrsJSVHUyY8sZ72SDmtHW2sXtsL2HYkqC
J9G8K/2BRQKaza3BbGh4kZA5zKzUPCSzmGOreJPjBlr80pttmHH3zut/Yj47qIXl
Uf/hdCbBBkiE2VvFae655RWNmYYqYcCFwWqpLuCRfdVo/hAsnls+nVFj/9t8b4Kd
PKerX8cheOfr4LDrhhMaYMAaoBuJcSivF0ZXvBDyiCWwjW6M3k4GV6NasnOUpO/W
LcXjNxV53o/7sp/9I4ezx06H7IXIxGA9Hr3QMJ7KMD3LqafMwE/igMaQcOHES8nV
utNtXSdh1dyrPRT2+cwYV5HvPDAsg9YjChJF0czlmiYEokQykLsX9bfyIoAUmRd1
lzalTgtLUrwG6VAhUraHP5sMPgllrqZ5M1Dd+IlIRxTMsaZA/qSfJ+zser5yQjd1
r1KPq9XxrhGPxMu2Skxe3OihuqHfLQ2n9/FTirmmsiIUsz5GUc2EO65ZJPo1qaHd
6qs/FL1lgvIDysTpGiw+z3l+AyUh2coSDkpReB4us/RvXn2OB1bWt8Zak+iKh0vc
WQnXY+SYQ0Fn3FTV5liA
=JlG7
-----END PGP SIGNATURE-----

[Timelord2067]

omegaflare posted this:

https://bitcointalk.org/index.php?topic=1070761.new#new

EcuaMobi advised me to publish my public PGP key here.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1

mQINBFVkmOsBEADKA8lj+XSEe3uh+fuaBcu42JzRxexzxEB3UtSWVnOGfe+TVntz
p9hJUupzFXGths8/O0lgZHHFnYxyrvOiBlfFvkkPwpzO+ZtISicRzXuddI9E04GR
0b7KHswHGFrn+3oz6D8P3LqjRvBUAtacLcZR73lVIgnmpNBJgMGVufA4jBiwfGj/
j+qyLIRW6ZLqbyqipgOrzDATcrj9b3TEjCFtYaEHfCfenHANvfqp8ja7roD1lYPs
92jR361DsCUKVHHiV4h07dysqfSttfbNmyJyt9q+3oRVb5A0oDSE+FKboFBiDz5e
QRYHPqLjelAdsOMWcRchwmEFjXhLQ6VvTRmIHAU5Qky0QWzxn3WKOaXHQbgIwgkX
pGWQ/QYsuctNk/Ky1o4o5iwbJabPUyOUiLVNbMsRQjmocxw9X3pKEiAYrLbnXaGm
A4WyMw4Xm3oE2Uco20YDBook9XaLBZ7lCDZPgtAFqMsWY3bTCUbLC+Wc5js47fKr
fpZF9x9U9DHuqP/e/QOa0Lz2SqVIM8jtxtjFEUpnwnAnb8WiZYZ3FZ3u2LAPCYGm
Paqw4gr7bHz09bxa7EDVQ2YZgUBEbWiVin0wt5/VGNDq2XO4ccqBjxIjil/OHoSQ
HIFajBmRpJNj1/7Vz3BrcAZQojaxX4D5R/bJF/R6Xjk9axE9HgGstl3ccwARAQAB
tA1PTUVHQV9CSVRUQUxLiQI2BBMBCgAgBQJVZJjrAhsDBQsJCAcDBRUKCQgLBBYC
AQACHgECF4AACgkQlyMaXJHJNBmdWBAAizLcZBjtI3gtLSO4Wgzb30Xn6mNzcgT4
m5qqN1FTCnNT64/EkjMZnj7lrqpFg3/I5Q9gas0GQ3ZUuHZxBzGDai/SxO6o9aNR
OPrrSJXIJ+MkIqm8OskQlZS/B0w3mwgDRGgnQJPiBUWJQbE+Qa1kgjmauE5z3ly8
ZyUh50jBKY8zGH6QE4PvknOnsWCmmD55dwaUWt+Y3PzfO+lNSgHmHrq1qY/OFbOd
MMOOMDfEBxv7ufhNPC18OZy7sQrUIIfzn6K8eIzceZ0x+d8jZSzdi0Tl2SK8FB4Z
O7qRPxURuZachyRpns48bo2kUaZ4HCAbuXv6YorJGa2wy+qrKZDO1F0cEwI0QE+f
eXbvooNaSVtq2Q0262YdwtGdyULQwgfO49qVgpGYqE8+K1E4/q6mYIkyeYtIYLT+
dZceFWE3UO49TqwvkHIfsP1mztumRikNG8yhxxyWWprkT85ATxGDbsHs4C/TXzj5
tMcgyPizN5l3bbf+9RVwARq66TeXWRo/fp3OnSDuNtwIvOlH+Njwhx0e/6BNzIV5
IP/WaeMVFJP3Nyfrg+7np8OPetgEO8046wVZB0If9euXRBqKEmZyl+fqJbrzlbEi
e6Y+2kybG99sMUxFd3gEq61REQfkXrrSrFhUdZpsYBkTvN/YDw0trvIeIQvu7Djk
6EhwOBal4FS5Ag0EVWSY6wEQAMo0YjkyEvzrH2dQkngdaVknGOIHP7tqOrXXT2K6
l4Z6TS4dl7UqObkdvndQBXPB6Hgo+BYClBTJIOn8DJQ3I8kPUT+9GK4OA8VlNU5v
Fvtb+Y+FPPLgsHfFqm/Fnw9SLM+Kmq5Lxhce6v9T1CeE3ZGJXZMBJxwx2NEWNTLQ
+hj6ievCOErfp/QxgCyOAtMMVMUnYWNsuIgavk1Dvj6q75QOBjHOIIXEsajk0VNH
WLPYfFqAvY8GNRbe2H3SOjEaKIk2X2IeBWDZ7qsUs7J/sXtSkFv+8dhGTaTy25eR
SQdQS+rfSvmB+wHj2JSb1QKrH0XwwyyxMoAjzqsKbJHEA2LdpcvfZsAwiLSG3V8I
0qSfu3KjUu25XhpYZWPBwja4Ut7125ee8O38MAqJDJO0w4xHpaQbgfQ3H3/RJIS7
cnLnO65EbAm04igmysiSIydG3b3+LZxFN31ER2FywevpZCFa0P/iqMY8dB+3B7DU
rp5gleQL3P6+EB6t0SGl+SmfSte3m1kD5G48vKbzUozrmosOj89i5J/BFlgiO67V
plFG3XHV/rcfbQNPiXD2ofqfFiZONFYhipV1T3q3BJSj6QmNT8QV1uUHzmTu4bsm
HsoNcsfqBkub1fmwsbRutwkZLvhD7WcbFKZK6cDl8MOQdWzGx4xQ/sz70G6nj1n0
MNjVABEBAAGJAh8EGAEKAAkFAlVkmOsCGwwACgkQlyMaXJHJNBmwkRAAlC5rHbTF
qZ7P7db+5bZTUzGq6ThqkPYWgrSyKj0myURVp4AnZdJfewk0QvMU8on/HVHvCz4p
OlQByVaTLDsB/v8z5naaeHrEzpdTSKOFMLg7WsAO0Z4I1hhHd6GuJ4HwNajIquZj
Ti+0+mcLfuqsSOxCyjJbjlRbNJSrG9yrOeG4ZtcAaUAuKwsuz5ICNZllEXjCFesT
SIlAd9QXxnaZ246huChNm5gX0Lk+Eef2Wg7sscDwC1SECq3wRKtY5pVn8rQ3AwJi
PuOtIHOLC3/XYmEnngogBjqbetMgAXEBT1ntgTn8lDhI8Mc1/Y/rakw0VSAGyAcr
Ja3Qf69Ot1Mhk3tqo3Xc7TO24qUTKoWsrosODQAzJiQInZ6B0LRDd5Igg65j8/0O
h7I8QMtp72dPGvvujuHQua2QZcuoJ+SyQz34Vasy2YmvJAv8blbV/pmq3UR1DKDg
zMH061pA+VeD9DjtMOp4LG3zOJCTRUvuI+5u77CmygfuLxm0hfUec5vOCiuHnfne
uxQpyzTp/cONpExVIqIoygXbAL03HYTy7jbGo358Cw767DZCK/1VguZI3WQQjfrm
0iaHL5ZPorzSDDvy5OVGIa7rqJWSnsNfCFmQo9CEFeeYrnB8vPza++EDpaLm5y1W
BKOIB8snI+ol9XZrQRGbRHP/cXwwY7zBSFw=
=2+FZ
-----END PGP PUBLIC KEY BLOCK-----


Thanks.

Sorry, I forgot to add code tag.

Code:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1

mQINBFVkmOsBEADKA8lj+XSEe3uh+fuaBcu42JzRxexzxEB3UtSWVnOGfe+TVntz
p9hJUupzFXGths8/O0lgZHHFnYxyrvOiBlfFvkkPwpzO+ZtISicRzXuddI9E04GR
0b7KHswHGFrn+3oz6D8P3LqjRvBUAtacLcZR73lVIgnmpNBJgMGVufA4jBiwfGj/
j+qyLIRW6ZLqbyqipgOrzDATcrj9b3TEjCFtYaEHfCfenHANvfqp8ja7roD1lYPs
92jR361DsCUKVHHiV4h07dysqfSttfbNmyJyt9q+3oRVb5A0oDSE+FKboFBiDz5e
QRYHPqLjelAdsOMWcRchwmEFjXhLQ6VvTRmIHAU5Qky0QWzxn3WKOaXHQbgIwgkX
pGWQ/QYsuctNk/Ky1o4o5iwbJabPUyOUiLVNbMsRQjmocxw9X3pKEiAYrLbnXaGm
A4WyMw4Xm3oE2Uco20YDBook9XaLBZ7lCDZPgtAFqMsWY3bTCUbLC+Wc5js47fKr
fpZF9x9U9DHuqP/e/QOa0Lz2SqVIM8jtxtjFEUpnwnAnb8WiZYZ3FZ3u2LAPCYGm
Paqw4gr7bHz09bxa7EDVQ2YZgUBEbWiVin0wt5/VGNDq2XO4ccqBjxIjil/OHoSQ
HIFajBmRpJNj1/7Vz3BrcAZQojaxX4D5R/bJF/R6Xjk9axE9HgGstl3ccwARAQAB
tA1PTUVHQV9CSVRUQUxLiQI2BBMBCgAgBQJVZJjrAhsDBQsJCAcDBRUKCQgLBBYC
AQACHgECF4AACgkQlyMaXJHJNBmdWBAAizLcZBjtI3gtLSO4Wgzb30Xn6mNzcgT4
m5qqN1FTCnNT64/EkjMZnj7lrqpFg3/I5Q9gas0GQ3ZUuHZxBzGDai/SxO6o9aNR
OPrrSJXIJ+MkIqm8OskQlZS/B0w3mwgDRGgnQJPiBUWJQbE+Qa1kgjmauE5z3ly8
ZyUh50jBKY8zGH6QE4PvknOnsWCmmD55dwaUWt+Y3PzfO+lNSgHmHrq1qY/OFbOd
MMOOMDfEBxv7ufhNPC18OZy7sQrUIIfzn6K8eIzceZ0x+d8jZSzdi0Tl2SK8FB4Z
O7qRPxURuZachyRpns48bo2kUaZ4HCAbuXv6YorJGa2wy+qrKZDO1F0cEwI0QE+f
eXbvooNaSVtq2Q0262YdwtGdyULQwgfO49qVgpGYqE8+K1E4/q6mYIkyeYtIYLT+
dZceFWE3UO49TqwvkHIfsP1mztumRikNG8yhxxyWWprkT85ATxGDbsHs4C/TXzj5
tMcgyPizN5l3bbf+9RVwARq66TeXWRo/fp3OnSDuNtwIvOlH+Njwhx0e/6BNzIV5
IP/WaeMVFJP3Nyfrg+7np8OPetgEO8046wVZB0If9euXRBqKEmZyl+fqJbrzlbEi
e6Y+2kybG99sMUxFd3gEq61REQfkXrrSrFhUdZpsYBkTvN/YDw0trvIeIQvu7Djk
6EhwOBal4FS5Ag0EVWSY6wEQAMo0YjkyEvzrH2dQkngdaVknGOIHP7tqOrXXT2K6
l4Z6TS4dl7UqObkdvndQBXPB6Hgo+BYClBTJIOn8DJQ3I8kPUT+9GK4OA8VlNU5v
Fvtb+Y+FPPLgsHfFqm/Fnw9SLM+Kmq5Lxhce6v9T1CeE3ZGJXZMBJxwx2NEWNTLQ
+hj6ievCOErfp/QxgCyOAtMMVMUnYWNsuIgavk1Dvj6q75QOBjHOIIXEsajk0VNH
WLPYfFqAvY8GNRbe2H3SOjEaKIk2X2IeBWDZ7qsUs7J/sXtSkFv+8dhGTaTy25eR
SQdQS+rfSvmB+wHj2JSb1QKrH0XwwyyxMoAjzqsKbJHEA2LdpcvfZsAwiLSG3V8I
0qSfu3KjUu25XhpYZWPBwja4Ut7125ee8O38MAqJDJO0w4xHpaQbgfQ3H3/RJIS7
cnLnO65EbAm04igmysiSIydG3b3+LZxFN31ER2FywevpZCFa0P/iqMY8dB+3B7DU
rp5gleQL3P6+EB6t0SGl+SmfSte3m1kD5G48vKbzUozrmosOj89i5J/BFlgiO67V
plFG3XHV/rcfbQNPiXD2ofqfFiZONFYhipV1T3q3BJSj6QmNT8QV1uUHzmTu4bsm
HsoNcsfqBkub1fmwsbRutwkZLvhD7WcbFKZK6cDl8MOQdWzGx4xQ/sz70G6nj1n0
MNjVABEBAAGJAh8EGAEKAAkFAlVkmOsCGwwACgkQlyMaXJHJNBmwkRAAlC5rHbTF
qZ7P7db+5bZTUzGq6ThqkPYWgrSyKj0myURVp4AnZdJfewk0QvMU8on/HVHvCz4p
OlQByVaTLDsB/v8z5naaeHrEzpdTSKOFMLg7WsAO0Z4I1hhHd6GuJ4HwNajIquZj
Ti+0+mcLfuqsSOxCyjJbjlRbNJSrG9yrOeG4ZtcAaUAuKwsuz5ICNZllEXjCFesT
SIlAd9QXxnaZ246huChNm5gX0Lk+Eef2Wg7sscDwC1SECq3wRKtY5pVn8rQ3AwJi
PuOtIHOLC3/XYmEnngogBjqbetMgAXEBT1ntgTn8lDhI8Mc1/Y/rakw0VSAGyAcr
Ja3Qf69Ot1Mhk3tqo3Xc7TO24qUTKoWsrosODQAzJiQInZ6B0LRDd5Igg65j8/0O
h7I8QMtp72dPGvvujuHQua2QZcuoJ+SyQz34Vasy2YmvJAv8blbV/pmq3UR1DKDg
zMH061pA+VeD9DjtMOp4LG3zOJCTRUvuI+5u77CmygfuLxm0hfUec5vOCiuHnfne
uxQpyzTp/cONpExVIqIoygXbAL03HYTy7jbGo358Cw767DZCK/1VguZI3WQQjfrm
0iaHL5ZPorzSDDvy5OVGIa7rqJWSnsNfCFmQo9CEFeeYrnB8vPza++EDpaLm5y1W
BKOIB8snI+ol9XZrQRGbRHP/cXwwY7zBSFw=
=2+FZ
-----END PGP PUBLIC KEY BLOCK-----

See my signed message:

https://bitcointalk.org/index.php?topic=996318.msg11456779#msg11456779

Thanks.

The "signed message" was here:

This is my public PGP key:

Code:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1

mQINBFVkmOsBEADKA8lj+XSEe3uh+fuaBcu42JzRxexzxEB3UtSWVnOGfe+TVntz
p9hJUupzFXGths8/O0lgZHHFnYxyrvOiBlfFvkkPwpzO+ZtISicRzXuddI9E04GR
0b7KHswHGFrn+3oz6D8P3LqjRvBUAtacLcZR73lVIgnmpNBJgMGVufA4jBiwfGj/
j+qyLIRW6ZLqbyqipgOrzDATcrj9b3TEjCFtYaEHfCfenHANvfqp8ja7roD1lYPs
92jR361DsCUKVHHiV4h07dysqfSttfbNmyJyt9q+3oRVb5A0oDSE+FKboFBiDz5e
QRYHPqLjelAdsOMWcRchwmEFjXhLQ6VvTRmIHAU5Qky0QWzxn3WKOaXHQbgIwgkX
pGWQ/QYsuctNk/Ky1o4o5iwbJabPUyOUiLVNbMsRQjmocxw9X3pKEiAYrLbnXaGm
A4WyMw4Xm3oE2Uco20YDBook9XaLBZ7lCDZPgtAFqMsWY3bTCUbLC+Wc5js47fKr
fpZF9x9U9DHuqP/e/QOa0Lz2SqVIM8jtxtjFEUpnwnAnb8WiZYZ3FZ3u2LAPCYGm
Paqw4gr7bHz09bxa7EDVQ2YZgUBEbWiVin0wt5/VGNDq2XO4ccqBjxIjil/OHoSQ
HIFajBmRpJNj1/7Vz3BrcAZQojaxX4D5R/bJF/R6Xjk9axE9HgGstl3ccwARAQAB
tA1PTUVHQV9CSVRUQUxLiQI2BBMBCgAgBQJVZJjrAhsDBQsJCAcDBRUKCQgLBBYC
AQACHgECF4AACgkQlyMaXJHJNBmdWBAAizLcZBjtI3gtLSO4Wgzb30Xn6mNzcgT4
m5qqN1FTCnNT64/EkjMZnj7lrqpFg3/I5Q9gas0GQ3ZUuHZxBzGDai/SxO6o9aNR
OPrrSJXIJ+MkIqm8OskQlZS/B0w3mwgDRGgnQJPiBUWJQbE+Qa1kgjmauE5z3ly8
ZyUh50jBKY8zGH6QE4PvknOnsWCmmD55dwaUWt+Y3PzfO+lNSgHmHrq1qY/OFbOd
MMOOMDfEBxv7ufhNPC18OZy7sQrUIIfzn6K8eIzceZ0x+d8jZSzdi0Tl2SK8FB4Z
O7qRPxURuZachyRpns48bo2kUaZ4HCAbuXv6YorJGa2wy+qrKZDO1F0cEwI0QE+f
eXbvooNaSVtq2Q0262YdwtGdyULQwgfO49qVgpGYqE8+K1E4/q6mYIkyeYtIYLT+
dZceFWE3UO49TqwvkHIfsP1mztumRikNG8yhxxyWWprkT85ATxGDbsHs4C/TXzj5
tMcgyPizN5l3bbf+9RVwARq66TeXWRo/fp3OnSDuNtwIvOlH+Njwhx0e/6BNzIV5
IP/WaeMVFJP3Nyfrg+7np8OPetgEO8046wVZB0If9euXRBqKEmZyl+fqJbrzlbEi
e6Y+2kybG99sMUxFd3gEq61REQfkXrrSrFhUdZpsYBkTvN/YDw0trvIeIQvu7Djk
6EhwOBal4FS5Ag0EVWSY6wEQAMo0YjkyEvzrH2dQkngdaVknGOIHP7tqOrXXT2K6
l4Z6TS4dl7UqObkdvndQBXPB6Hgo+BYClBTJIOn8DJQ3I8kPUT+9GK4OA8VlNU5v
Fvtb+Y+FPPLgsHfFqm/Fnw9SLM+Kmq5Lxhce6v9T1CeE3ZGJXZMBJxwx2NEWNTLQ
+hj6ievCOErfp/QxgCyOAtMMVMUnYWNsuIgavk1Dvj6q75QOBjHOIIXEsajk0VNH
WLPYfFqAvY8GNRbe2H3SOjEaKIk2X2IeBWDZ7qsUs7J/sXtSkFv+8dhGTaTy25eR
SQdQS+rfSvmB+wHj2JSb1QKrH0XwwyyxMoAjzqsKbJHEA2LdpcvfZsAwiLSG3V8I
0qSfu3KjUu25XhpYZWPBwja4Ut7125ee8O38MAqJDJO0w4xHpaQbgfQ3H3/RJIS7
cnLnO65EbAm04igmysiSIydG3b3+LZxFN31ER2FywevpZCFa0P/iqMY8dB+3B7DU
rp5gleQL3P6+EB6t0SGl+SmfSte3m1kD5G48vKbzUozrmosOj89i5J/BFlgiO67V
plFG3XHV/rcfbQNPiXD2ofqfFiZONFYhipV1T3q3BJSj6QmNT8QV1uUHzmTu4bsm
HsoNcsfqBkub1fmwsbRutwkZLvhD7WcbFKZK6cDl8MOQdWzGx4xQ/sz70G6nj1n0
MNjVABEBAAGJAh8EGAEKAAkFAlVkmOsCGwwACgkQlyMaXJHJNBmwkRAAlC5rHbTF
qZ7P7db+5bZTUzGq6ThqkPYWgrSyKj0myURVp4AnZdJfewk0QvMU8on/HVHvCz4p
OlQByVaTLDsB/v8z5naaeHrEzpdTSKOFMLg7WsAO0Z4I1hhHd6GuJ4HwNajIquZj
Ti+0+mcLfuqsSOxCyjJbjlRbNJSrG9yrOeG4ZtcAaUAuKwsuz5ICNZllEXjCFesT
SIlAd9QXxnaZ246huChNm5gX0Lk+Eef2Wg7sscDwC1SECq3wRKtY5pVn8rQ3AwJi
PuOtIHOLC3/XYmEnngogBjqbetMgAXEBT1ntgTn8lDhI8Mc1/Y/rakw0VSAGyAcr
Ja3Qf69Ot1Mhk3tqo3Xc7TO24qUTKoWsrosODQAzJiQInZ6B0LRDd5Igg65j8/0O
h7I8QMtp72dPGvvujuHQua2QZcuoJ+SyQz34Vasy2YmvJAv8blbV/pmq3UR1DKDg
zMH061pA+VeD9DjtMOp4LG3zOJCTRUvuI+5u77CmygfuLxm0hfUec5vOCiuHnfne
uxQpyzTp/cONpExVIqIoygXbAL03HYTy7jbGo358Cw767DZCK/1VguZI3WQQjfrm
0iaHL5ZPorzSDDvy5OVGIa7rqJWSnsNfCFmQo9CEFeeYrnB8vPza++EDpaLm5y1W
BKOIB8snI+ol9XZrQRGbRHP/cXwwY7zBSFw=
=2+FZ
-----END PGP PUBLIC KEY BLOCK-----

Here's the signature:

Code:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hello:

my bitcoin address is: 1BouaUZEcLBUsQDfk6E2oTfRUrzhngqAkF. Is that all I need to do? Let me know if I did it correctly.

Thanks!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVZLJUAAoJEJcjGlyRyTQZaDQP/3GmybEDX8cVHsZdx+bumhdz
UbnkR+t8yEJ3LAZ6SrKdWlF2Dt9yYt66p0GPhE8OeRXwfZb7Fyn0ZVXrGpiLP4W5
3GQ999cCqmxHFT1EsP6ksoC4paLP9yURJFuvSG7uC760WLAoeD94CTjwM30j6dYh
MOXwEVwKefgkZZ3ccQYxaAiMljXkGEY041HltuvI9oz+UfahUo5Brk22BfFMZIU5
r6nyl3+OTM9guxEeavil0IxRGVz9eGhhEZVhBzqCDC3uB/crg3e+A+RH20/QYpOQ
pTkzBURjzNRnWFFS+gzNmQka/6K9AvxgnFmQyDLk38e+gjexXAxuJBVxQihxADlq
QfFVRe8ilmUp51ygi/whrW0+yaSEdgsvDGmPMDosPld5Y2yXl7ATTRdZ1PjvoVX6
Ed1OwWuB/kqTCjp4hLAb8BFS0wb91F8tz+nZ0LLYlnsn10bRwk9ZPIdsZ5O9h48P
ktYPTcmfXblF97IaP0s9ypwsBtFEzd/RpPSZroliukHHi1e5pvlnvk9R3QKglJ/e
3rBuaijj5QxS3ir9tgAb1rJ6DBbfFcY5kulJ/DDe4tDZJR4Mf8+pU1et4vu5RRR1
x1tGb8t1R0pS3QopmuEaDPleoXT0vJWTol2bLiDgDwcJIjegN/yhY6HQ8e4EgAs8
jMxhLKq+vTpSXxkL6ulB
=tuJr
-----END PGP SIGNATURE-----

Let me know if I did it correctly, thanks!

One post earlier was this one by favdesu:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Confirming that I am favdesu @ bitcointalk, bitsharestalk. my PGP + BTC Adr https://keybase.io/fav
IHQ9EbixCbNddSMaLxes2Mn/N3cClyY7j71zPAtUrLDEMEulAI7uOSSZvKI/8MxB4swIxT4iuixhc1tAMD0hCrk=
-----BEGIN PGP SIGNATURE-----
Version: Keybase OpenPGP v2.0.8
Comment: https://keybase.io/crypto

wsFcBAABCgAGBQJVZKnTAAoJEKRF7oTcH7KXfq0P/RxsZFH/x5MWuNCEDXJPzSj4
X9wFCEMr3u+HG/87iCb2W2KyQ53IZjbx9ymMD7XutaDZAM5lhRAzibCJ4hSlggMO
xK779/L9I3+GZ+izuLSyNvCpW8x7qyml/HOz/QyPawR9vOIDdLvCanGywhhEO7xn
2DaHY3duLD8cyG8jYUQQS3lswvxLqZFmhqfMvge12H/Inhh23+y8eyhxGCCRRGCf
NevqAAa8AZUHaB208fzkSLbQarmdCNd9ACHItw5LDkXIPFaSroqIpVSeOrBF2h9w
mtBWBQkUiWMmBsWaLdfxTTCxloCZQR5X7CensA//AyOThqEs69esUc2vYj10nbmF
0dA+QpfdLwN7w8Fu5p2aFID+zJYebRja4IopjTJAegAurj/fwL4uCgwbkJXUCUy9
J0EXKMSAwiCV3dKbzEJwcBw/y7nRlmb4t8E2/Hx8oD4EK/rRpoptE6gBV+xEttt6
38WqCqg5sul7iTxhz3SBd03lOsVAuoY5mdDE9KPxUv3COpo5S36j4M47q5wG+dvx
OzRwsowTX7kmCsFNKz8pKQRWvdsd0iqA5ysdp719pamlM81snmZWKN5xSC77M7dO
mZ25bS+jo1/KSNAUs6oEzF0Gko8xH8tQie+DRI5EQuA/Ny6SQ+Z7+vOcwMm4ryrV
3ZShLoSMdZesgxCfxrSH
=To99
-----END PGP SIGNATURE-----

[archived]

Well I put my website here so it's useful to validate I actually own it among other rules I would like to establish about using my keys.

Code:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

NotATether is Ali Sherief in real life.

The PGP key used at present, F97D 7A6F B057 3979 F3F3 D69E CBF5 E4B3 D574 8A37, is strictly for the purpose of producing signed messages on bitcointalk only. It is not to be trusted for any other purpose.

The other PGP key I control, 2789 4325 9F53 D9EB 45CD 9B26 4936 B8C3 ACA7 BEFB, is to be used everywhere else except for Bitcointalk. Do not accept signed messages placed on the forum signed by this key.

The only scenario where the 2789 key is used here and should be trusted here is its use to make encrypted Private Messages (PMs), the key I prefer you send me encrypted email with. Though I will also accept email encrypted with the bitcointalk key but I discourage it.

Information about this event is also in https://zenulabidin.github.io/#/keys. In the event of any conflict, the content in this signed message prevails.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBCAAGBQJeqiF+AAoJEMv15LPVdIo3U2cP/2J2gExEur087bU4geQ7LpYp
j0tAMg9BHBLHsNi/XuZGpbD/PgFoMjcadtFbS0A6Xje8La6sSYZQkc2HBV5/Z8U7
XK02ouKCEMKd+LGs7wqp/HLQVvnk4rTIrsJSVHUyY8sZ72SDmtHW2sXtsL2HYkqC
J9G8K/2BRQKaza3BbGh4kZA5zKzUPCSzmGOreJPjBlr80pttmHH3zut/Yj47qIXl
Uf/hdCbBBkiE2VvFae655RWNmYYqYcCFwWqpLuCRfdVo/hAsnls+nVFj/9t8b4Kd
PKerX8cheOfr4LDrhhMaYMAaoBuJcSivF0ZXvBDyiCWwjW6M3k4GV6NasnOUpO/W
LcXjNxV53o/7sp/9I4ezx06H7IXIxGA9Hr3QMJ7KMD3LqafMwE/igMaQcOHES8nV
utNtXSdh1dyrPRT2+cwYV5HvPDAsg9YjChJF0czlmiYEokQykLsX9bfyIoAUmRd1
lzalTgtLUrwG6VAhUraHP5sMPgllrqZ5M1Dd+IlIRxTMsaZA/qSfJ+zser5yQjd1
r1KPq9XxrhGPxMu2Skxe3OihuqHfLQ2n9/FTirmmsiIUsz5GUc2EO65ZJPo1qaHd
6qs/FL1lgvIDysTpGiw+z3l+AyUh2coSDkpReB4us/RvXn2OB1bWt8Zak+iKh0vc
WQnXY+SYQ0Fn3FTV5liA
=JlG7
-----END PGP SIGNATURE-----

Message quoted and Archived [1a], [1b]

[NotATether]

Changed my password recently so I thought this would be useful to prove I still maintain ownership.

Code:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

This is NotATether on Bitcointalk.org, Today is May 13th 2020. I am in sole posession of this account and this PGP key.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBCAAGBQJevAmcAAoJEMv15LPVdIo3LtIP/1TRS6bApq4mswgFLSj36vjx
ZqK+k3BmHIT3LWL485fgpj2TFq/io40br/qcypQ4ZGpWS2piwrmoLxY2+hmWm6JD
oAnuefiJqt6tqN3Q+qXJMSeqvteeCRAzVM3HZaI1Oqyf6y+Aat36M6QpdSzf9b3n
N5nqXcz7IeVySXHmpqgPPOgo0MBPcKhH49Wo02sA35TndehGrAFt6L2/6V/9QJkb
ZO9pNmC1F6uiHMY/OXo5vKSRvWW606+Zy1j4gqYlKZUc2o76GXSgLtInZfqVO9cY
l3zRtn1mlFfCtwtwDIqZcu1f9+nj5pkLFozY3w9d0tJn0972kled52557mLSNLny
WT8vkgarnUulB95ymj/ZdYasPqKSJ61bi+Phr4qEh4c73NFHiWCxlLaXAbGEM4Xs
Gp3AOVX+kUwVDeQ09JecuakM6JxCY9hVLoid3qZeDRGIAxj9sivLBtkrrptcFUwt
BC7siEopL9GTf88iA7z/Czs7WWImAGkbJZ18a2zUp0wRTm6d/sQzRC30HrnBpPxV
iRnWp2dolkYRWNFoU+MLxZzZiHyssuBD61ZbbvV16smpCzNtVK7y+mScBezGHLdx
vHbjXCv2CSzE9dze1zrUnVDFrpUJl4RlE/Yi2JRTIDgsfnwxDyoPf2PdKmMm+cBa
EFKXG0e0DYsNrMKseKJ8
=5fYn
-----END PGP SIGNATURE-----

[Timelord2067]

Changed my password recently so I thought this would be useful to prove I still maintain ownership.

Code:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

This is NotATether on Bitcointalk.org, Today is May 13th 2020. I am in sole posession of this account and this PGP key.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBCAAGBQJevAmcAAoJEMv15LPVdIo3LtIP/1TRS6bApq4mswgFLSj36vjx
ZqK+k3BmHIT3LWL485fgpj2TFq/io40br/qcypQ4ZGpWS2piwrmoLxY2+hmWm6JD
oAnuefiJqt6tqN3Q+qXJMSeqvteeCRAzVM3HZaI1Oqyf6y+Aat36M6QpdSzf9b3n
N5nqXcz7IeVySXHmpqgPPOgo0MBPcKhH49Wo02sA35TndehGrAFt6L2/6V/9QJkb
ZO9pNmC1F6uiHMY/OXo5vKSRvWW606+Zy1j4gqYlKZUc2o76GXSgLtInZfqVO9cY
l3zRtn1mlFfCtwtwDIqZcu1f9+nj5pkLFozY3w9d0tJn0972kled52557mLSNLny
WT8vkgarnUulB95ymj/ZdYasPqKSJ61bi+Phr4qEh4c73NFHiWCxlLaXAbGEM4Xs
Gp3AOVX+kUwVDeQ09JecuakM6JxCY9hVLoid3qZeDRGIAxj9sivLBtkrrptcFUwt
BC7siEopL9GTf88iA7z/Czs7WWImAGkbJZ18a2zUp0wRTm6d/sQzRC30HrnBpPxV
iRnWp2dolkYRWNFoU+MLxZzZiHyssuBD61ZbbvV16smpCzNtVK7y+mScBezGHLdx
vHbjXCv2CSzE9dze1zrUnVDFrpUJl4RlE/Yi2JRTIDgsfnwxDyoPf2PdKmMm+cBa
EFKXG0e0DYsNrMKseKJ8
=5fYn
-----END PGP SIGNATURE-----

Message quoted and Archived for future reference: [1a], [1b]

[Room101]

Code:

Fingerprint: B99D 4BA6 CB3B 856C F309  D0A5 6C47 012C 5D5D 9612 

Code:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

This is Room 101 on bitcointalk.org, today is 14th May 2020. I am in sole possession of this account and PGP key
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEuZ1Lpss7hWzzCdClbEcBLF1dlhIFAl68ongACgkQbEcBLF1d
lhK4Egf9HcZLV/C1JV1E/4YX+F43gTDFlX876VoGq+e/iXHkQMCfWg2TgaGjaJIH
eHQ78p6CucZceSzz8KTuOkTo4KEgwHvO2czVHJsGK9QIT/7Xdge2Vft0JjYC0gj8
rG0C3Jvh6s2P/gmxp+FCga5EynvpmqGw5ye9tQqy3tQNAGT6ZNRCAvmjRyJhXpvx
pWhJO61q4DjafXFL1J1Ebk8AEPs3mdTQMi8HNOH2DT/7HziOpzx2Hdp//i2ZZW5E
gKpBjeLUSkjR9vR1yS8i4ZZu2tdVZ5s53pjWHJIKaDBKQ0bnXTTK94H6zvO+NGGI
1mjPPmWuQA09nQXa64n8cmkfRzNolw==
=N4mq
-----END PGP SIGNATURE-----

Code:

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQENBF68cbgBCADCDSWg5X9ON6FbenvIiRA4x7NbzsRykc2WH/bxHn9Cx95a/7VF
mirPEn0a15+rUqG2Yn0cLY/+g1JvM4yC03+0Qxgxity3qfRvUwecGcaRlYKEYsqN
OozjiTzRmdxexgm4ZFET2Pzivdfg0hl6do4nMJ7Bcj+bhUm+1UCu/YlejAS6Qr0O
5S+6lQGZBe0g5qQRgg9xWouo7N+lH/bcGv8Cn/8Gdpu7pYhTDAfjhp5yYFa+s9aV
wQydp5/ldl/5nEqFc2Q+NdeRE32bpxdZzBgwlNf9L81Knvnv0NoaiVYygkjKQx1B
U78M6sf2aaw7j4mR7+vLSbUridJ8Au9hPbpVABEBAAG0B1Jvb20xMDGJAVQEEwEI
AD4WIQS5nUumyzuFbPMJ0KVsRwEsXV2WEgUCXrxxuAIbAwUJA8KbaAULCQgHAgYV
CgkICwIEFgIDAQIeAQIXgAAKCRBsRwEsXV2WEmbsB/wJzc6k+E62PjOrW+krikFZ
jamgpE5HfMV84BkydE4GLzFPj5UqUohzxFD82iY8tjfOUwYr8gGLZMZc/H1v1fqp
zO6SRxbd8oLWc1rA4Dv9Zret2pTwD0Y2vG/UTPAPpTj1VR2/iozPdc58oZ5KiWeh
pOKk/g3WP9Ul/vqj5gKQaGTOk1qiFusQ2NbmocHM+joTP44QlbdmzG3rUGLQS8PT
ibD0RxC7WiMw1VXblinHoXZ1aLPCeQ34G6R2OEBxptjr3fMjrZyj2/kDFxH2Ls/b
ZrEggifON+0s2E9EFiDfgGlZwV7NXZxzzRPivk0Ta6cBWlRORgAkwJXhSja+xWhz
uQENBF68cbgBCADht5QsW2Lvq8bQwLGtC0LovX9T/feuJ2L71zNtQpapB/6EstSl
Oi2i94x2r/R18AFnskVFUyAmdTrBlmQ8G4O8BPAAZBPDgaB+GONgVYqucVdxnQ5E
8qnNFmqfXPqVMJWmPSJFtBVoFtyx4FmTyFUa98yv7rXRBQ9dVy1LgWPYj/0A3v1g
o6Llx9e+70zMVpFU9iPNQ0I0Nk/cgYm6XBGZpYPwwh0NWmK4qhA7pGN12dTbYkRw
/i+yBHfi7y/FV7BlIXsNXudXe0Z97XoYZXB+GncrhXE0LaQz/Z9yfEGssecc/Wp/
dqexsF+rLH67FLYFU26pfeECqdaVsSFGwJ2JABEBAAGJATwEGAEIACYWIQS5nUum
yzuFbPMJ0KVsRwEsXV2WEgUCXrxxuAIbDAUJA8KbaAAKCRBsRwEsXV2WEhkWB/4g
kRRX8wDQtY5GSita8IaUMHYTUhLcRsM/uqs91Qd/SxMavn7JgzgcpgmORzf5O1x2
cGDzrLWnoSQMPhb0yKCZwFcanSeXxLMe1BWqaNPdo50wZTMLb0jnVnVno4OqAL+J
DpVozJ552irO/m0QF6U4LY+KeozyS/MBpCgWDhypUSrty2dzc4BiRRU8IpgX+hpu
vQEq4uzylzPKz++Jte+7h3KhreI7za5KrQb5f2I4H7Ito3UDNKeXF3KhDTmWV4EF
PL8SvQ3o7P7v72dWYnoIZqWrZ0OD6BalBdBgxyJx9coLghXjODB7yy/2Q1VkzGsy
icXp2lWbpkpWbfuS8y34
=gDmR
-----END PGP PUBLIC KEY BLOCK-----