Bitcoin Forum
December 13, 2024, 05:30:05 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Recording my PGP key on the forum  (Read 198 times)
RGBKey (OP)
Hero Member
*****
Offline Offline

Activity: 854
Merit: 658


rgbkey.github.io/pgp.txt


View Profile WWW
April 15, 2018, 05:39:28 AM
 #1

Hey folks,

I've been a longstanding advocate of encryption, but I've come to realize that I don't really have an established PGP key to use for communications here. I've just created a new one (I created one ~4 years ago and have since lost it) and I'm going to publish it here and record it. I would greatly appreciate it if a few (please don't go too overboard) people would quote this post to establish it. I will also use archive.is to record this post and post it in a follow-up reply.

Here is my key:
Code:
-----BEGIN PGP PUBLIC KEY BLOCK-----

mDMEWtLazxYJKwYBBAHaRw8BAQdAgX5FwRIX6Vjq4cGZmrufz1/9PMBx40DcdTeD
Yw2P2Ry0GVJHQktleSA8cmdia2V5QGdtYWlsLmNvbT6IkAQTFggAOBYhBKvi3Jl8
IjMBKobYvmbxtslWiKlDBQJa0trPAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheA
AAoJEGbxtslWiKlDDF8BAOMjI3HkUOpMU1/qiFixKqB9DywR6WLtq/gO/1FuglFo
AQCK6+OKONT+dCxGRZShrolXpCd1hhGXWhkPU9yj5mvlCbg4BFrS2s8SCisGAQQB
l1UBBQEBB0A6iXCX3Rvd8SWXxDuqd8CFL1jtD7IeUaSlVEmx8OSAQgMBCAeIeAQY
FggAIBYhBKvi3Jl8IjMBKobYvmbxtslWiKlDBQJa0trPAhsMAAoJEGbxtslWiKlD
iGgBAILE2I8JZs2EVEtQiEVLi0/gZ7Mb5+/VIG7GAkmRsWV3AQD1pHktwUWF1i6G
Y4g5j275O69cp2muXydlsBr8fIXlBQ==
=CmTR
-----END PGP PUBLIC KEY BLOCK-----

It is an ECC key, which I believe is currently the best (or at least better than standard) key type to use.

I've also published it to MIT's keyserver.

If any established forum members would like to attempt to verify that I am who I say I am and sign my key, I would appreciate it.

If I've missed anything here, please let me know.
RGBKey (OP)
Hero Member
*****
Offline Offline

Activity: 854
Merit: 658


rgbkey.github.io/pgp.txt


View Profile WWW
April 15, 2018, 05:40:02 AM
 #2

Here is the archive link: http://archive.li/ZabYw
dooglus
Legendary
*
Offline Offline

Activity: 2940
Merit: 1333



View Profile
April 15, 2018, 06:01:13 AM
 #3

Hey folks,

I've been a longstanding advocate of encryption, but I've come to realize that I don't really have an established PGP key to use for communications here. I've just created a new one (I created one ~4 years ago and have since lost it) and I'm going to publish it here and record it. I would greatly appreciate it if a few (please don't go too overboard) people would quote this post to establish it. I will also use archive.is to record this post and post it in a follow-up reply.

Here is my key:
Code:
-----BEGIN PGP PUBLIC KEY BLOCK-----

mDMEWtLazxYJKwYBBAHaRw8BAQdAgX5FwRIX6Vjq4cGZmrufz1/9PMBx40DcdTeD
Yw2P2Ry0GVJHQktleSA8cmdia2V5QGdtYWlsLmNvbT6IkAQTFggAOBYhBKvi3Jl8
IjMBKobYvmbxtslWiKlDBQJa0trPAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheA
AAoJEGbxtslWiKlDDF8BAOMjI3HkUOpMU1/qiFixKqB9DywR6WLtq/gO/1FuglFo
AQCK6+OKONT+dCxGRZShrolXpCd1hhGXWhkPU9yj5mvlCbg4BFrS2s8SCisGAQQB
l1UBBQEBB0A6iXCX3Rvd8SWXxDuqd8CFL1jtD7IeUaSlVEmx8OSAQgMBCAeIeAQY
FggAIBYhBKvi3Jl8IjMBKobYvmbxtslWiKlDBQJa0trPAhsMAAoJEGbxtslWiKlD
iGgBAILE2I8JZs2EVEtQiEVLi0/gZ7Mb5+/VIG7GAkmRsWV3AQD1pHktwUWF1i6G
Y4g5j275O69cp2muXydlsBr8fIXlBQ==
=CmTR
-----END PGP PUBLIC KEY BLOCK-----

It is an ECC key, which I believe is currently the best (or at least better than standard) key type to use.

I've also published it to MIT's keyserver.

If any established forum members would like to attempt to verify that I am who I say I am and sign my key, I would appreciate it.

If I've missed anything here, please let me know.

Who do you say you are?

Just-Dice                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   Play or Invest                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   1% House Edge
RGBKey (OP)
Hero Member
*****
Offline Offline

Activity: 854
Merit: 658


rgbkey.github.io/pgp.txt


View Profile WWW
April 15, 2018, 02:24:12 PM
 #4

-snip-
Who do you say you are?

RGBKey

Edit: I've uploaded a text file to my github pages website which hosts all my verifiers. It can be found here https://rgbkey.github.io/pgp.txt
nullius
Copper Member
Hero Member
*****
Offline Offline

Activity: 630
Merit: 2614


If you don’t do PGP, you don’t do crypto!


View Profile WWW
April 24, 2018, 09:53:08 PM
Last edit: April 24, 2018, 10:08:09 PM by nullius
 #5

Quoted below as requested.  But the important part is to establish a fingerprint which people can check.  The fingerprint I observe is: 0xABE2DC997C2233012A86D8BE66F1B6C95688A943

Archival link changed to https: https://archive.li/ZabYw  ...and .onion, for Tor users: http://archivecaslytosk.onion/ZabYw

Edit:  Archive of this post (and the rest of the thread): https://web.archive.org/web/20180424215333/https://bitcointalk.org/index.php?topic=3323999.msg35510465#msg35510465

It is an ECC key, which I believe is currently the best (or at least better than standard) key type to use.

I agree with that assessment.  I see that you use Ed25519, which I also currently use for my identity key.

(Aside:  I am disappointed that the current draft in the process to revise RFC 4880 does not specify anything stronger, such as Ed448-Goldilocks.  I should probably do something about that.  It does prospectively specify Ed25519/Curve25519 as OpenPGP standard.)

If any established forum members would like to attempt to verify that I am who I say I am and sign my key, I would appreciate it.

This is always problematic for someone who exists as a nym.  How would you propose binding 0xABE2DC997C2233012A86D8BE66F1B6C95688A943 to “RGBKey” and the given e-mail address?  It’s not as if you would be flashing state-issued ID documents at me.  I think that some level of TOFU is necessary in these situations.  For my part, I have simply tried to spread my PGP fingerprint anywhere I can (forum post sigs, sigs in mailing list archives, etc., etc.).

As it stands, all I know is that somebody with sufficient Bitcointalk.org access to create a forum post as #182468 claims that key unidirectionally.  This could hypothetically include forum admins, blackhats, Cloudflare, the NSA...  There is no cryptographic binding of identity, and there can’t be, insofar as you may have no other cryptographic anchor to which to bind.  If you have a long-established, widely-published Bitcoin address, an X.509 certificate (LOL, CAs), or some other form of public-key crypto more or less strongly linked to “RGBKey”, that could be helpful.

If I've missed anything here, please let me know.

The (weak) binding of forum uid #182468 → PGP key is unidirectional; I see no statement signed by the key, claiming uid #182468 “RGBKey”.  This is typically resolved with a clearsigned statement acknowledging the identity.  But if the Bitcoin Forum is especially important to your identity, you may want to instead add a PGP userid to your key specifying your forum identity.  All userids must be certified by your (C) key to be valid.  I added that to my key last month; please have a look:

Quote
uid Bitcoin Forum uid 976210 (https://bitcointalk.org/)

In gpg, I specified “Bitcoin Forum uid 976210” as my “Name” and the URL as the “Comment”.  An OpenPGP userid is anyway only a single UTF-8 text string, as specified by RFC 4880 §5.11.  E-mail addresses are enclosed in angle brackets and comments are parenthesized by common convention, in the manner of RFC 2822; but if you do a hex dump of your public key, you’ll see that the User ID packet is just one string.

Also:  man gpg and look for --export-secret-subkeys; also, --expert --full-generate-key (which I presume you used anyway to get an ECC key).

This lets you generate a Certification (C)-only primary key plus signing (S) and encryption (E) subkeys on an airgap machine, then export only the subkeys to your networked machine (using a GnuPG extension which, to my knowledge, is only compatible with GnuPG).  This way, even if your networked machine is compromised, your identity is not; and you can issue new subkeys using your airgapped primary key.  Examine my keys to see what the result may look like.

Most people don’t seem to care about this; but I myself value the extra margin of safety for a pseudonymous person who exists only as a virtual identity.  My identity is anchored in a strictly offline key:  I am 0xC2E91CD74A4C57A105F6C21B5A00591B2F307E0C (or whatever other keys I may use that key to roll over to in the future, if and as better algorithms become available).

Edit 1:  I just noticed that you are currently using a 32-bit keyid in your personal text.  Please reconsider.  32-bit keyids are totally insecure; using fast ECC crypto (in that case secp256k1), I myself bruteforced keyid 0x69696969 in 1055.33375204 seconds on one core of an old laptop CPU.  See also https://evil32.com/.  I don’t trust 64-bit keyids, either.  The Bitcoin mining network currently does 264 work every few seconds.  For creating a “vanity” keyid, it is an amount of computation within reach of a powerful adversary (or anybody with access to a large distributed computing grid/botnet/whatever, plus lots of patience).  Whereas the full fingerprint is a SHA-1 hash (soon to be changed to SHA-256 with v5 keys), which is still secure against a full preimage attack.



Full quote of OP:

Hey folks,

I've been a longstanding advocate of encryption, but I've come to realize that I don't really have an established PGP key to use for communications here. I've just created a new one (I created one ~4 years ago and have since lost it) and I'm going to publish it here and record it. I would greatly appreciate it if a few (please don't go too overboard) people would quote this post to establish it. I will also use archive.is to record this post and post it in a follow-up reply.

Here is my key:
Code:
-----BEGIN PGP PUBLIC KEY BLOCK-----

mDMEWtLazxYJKwYBBAHaRw8BAQdAgX5FwRIX6Vjq4cGZmrufz1/9PMBx40DcdTeD
Yw2P2Ry0GVJHQktleSA8cmdia2V5QGdtYWlsLmNvbT6IkAQTFggAOBYhBKvi3Jl8
IjMBKobYvmbxtslWiKlDBQJa0trPAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheA
AAoJEGbxtslWiKlDDF8BAOMjI3HkUOpMU1/qiFixKqB9DywR6WLtq/gO/1FuglFo
AQCK6+OKONT+dCxGRZShrolXpCd1hhGXWhkPU9yj5mvlCbg4BFrS2s8SCisGAQQB
l1UBBQEBB0A6iXCX3Rvd8SWXxDuqd8CFL1jtD7IeUaSlVEmx8OSAQgMBCAeIeAQY
FggAIBYhBKvi3Jl8IjMBKobYvmbxtslWiKlDBQJa0trPAhsMAAoJEGbxtslWiKlD
iGgBAILE2I8JZs2EVEtQiEVLi0/gZ7Mb5+/VIG7GAkmRsWV3AQD1pHktwUWF1i6G
Y4g5j275O69cp2muXydlsBr8fIXlBQ==
=CmTR
-----END PGP PUBLIC KEY BLOCK-----

It is an ECC key, which I believe is currently the best (or at least better than standard) key type to use.

I've also published it to MIT's keyserver.

If any established forum members would like to attempt to verify that I am who I say I am and sign my key, I would appreciate it.

If I've missed anything here, please let me know.

RGBKey (OP)
Hero Member
*****
Offline Offline

Activity: 854
Merit: 658


rgbkey.github.io/pgp.txt


View Profile WWW
May 01, 2018, 03:48:52 AM
 #6

Alright, I'll try to address those issues:

Code:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

This key is owned by RGBKey, user 182468 on bitcointalk.org
-----BEGIN PGP SIGNATURE-----

iHUEARYIAB0WIQSr4tyZfCIzASqG2L5m8bbJVoipQwUCWufiJwAKCRBm8bbJVoip
Q8fHAP9l5o+eJtr4BI8eMMkmDotI8O1T2MJ2jVpfA7cRaC8QRAEAwmTzBCasKtOb
72/mJtL7DEX0eCAfRX/BqylPi2Y5Fgc=
=qNyB
-----END PGP SIGNATURE-----

There's a signed message proving that the owner of the key and the person controlling this forum account at least are the same person. To try to more widely establish my name, I've also hosted my public key at https://rgbkey.github.io/pgp.txt. That site has been used by me for years as a platform for my provable fairness verification tools and is under a github account separate from the forum. Additionally I've changed my personal text to reflect that full key instead of a short, insecure fingerprint (thanks nullius).

As I am just a nym as nullius also mentioned, if requested I could provide proof as the account RGBKey on the sites that I've been known to be on (just-dice, yolodice, primedice, etc.)
mdayonliner
Copper Member
Sr. Member
****
Offline Offline

Activity: 630
Merit: 420


We are Bitcoin!


View Profile
May 24, 2018, 11:19:17 PM
 #7

Alright, I'll try to address those issues:

Code:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

This key is owned by RGBKey, user 182468 on bitcointalk.org
-----BEGIN PGP SIGNATURE-----

iHUEARYIAB0WIQSr4tyZfCIzASqG2L5m8bbJVoipQwUCWufiJwAKCRBm8bbJVoip
Q8fHAP9l5o+eJtr4BI8eMMkmDotI8O1T2MJ2jVpfA7cRaC8QRAEAwmTzBCasKtOb
72/mJtL7DEX0eCAfRX/BqylPi2Y5Fgc=
=qNyB
-----END PGP SIGNATURE-----

Quoted and verified it for myself.

By the way, figure it out @RGBKey

Code:
-----BEGIN PGP MESSAGE-----

hF4D7N/vvhTnpXwSAQdANMRpBBeeYP+Duz/5oRcp9iLglN3JQrb8ep0pfAa7sB0w
eyhQb7+NSjVCwUWGbdDglV9+wfFE+hjLPwzxZFRO2IQRfME383viDryvXxpzYj6U
0sBOAUy6l1tkzrqNgkmVzgf8VxaI6hrmWTL09m8KP14ZcwSy+sythSuS8YXTGW4T
vLlKQR1li0/Uk2JZGsMdJjHe9wbIbWXrO5HLmpF5iCstcWTsXmO3mNRNlNEQvcWO
TEny7HTx5rV862iN79XdBKs7FoHEIIwj+yFU86KvUv7W2W9wTIbBcLp5EYU5ujVC
6WF4F0Vi9eUcR28T3WcnsEgpPAGgNILLv5soUZikeWY9ZXZym5XFbYaLrVurwqGC
XLlfGE09eLe1HUExteoERTdzCFTxVzyeudRWCq08Sh8JHYW9C5OrWqau2eSL8J0d
8qikLA3n0wxu8ck0CFW6Pg0r9BoJt4nPgHywTaKh7pZG
=/VE0
-----END PGP MESSAGE-----

Be happy be at peace. Looking forward to BTC at $1M
mayankn
Newbie
*
Offline Offline

Activity: 24
Merit: 0


View Profile
June 11, 2018, 01:00:04 PM
 #8

Can anyone provide me a reliable article or video link to understand the working of PGP keys ? I want it to use for daily email communication
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!