Quoted below as requested. But the important part is to establish a fingerprint which people can check. The fingerprint I observe is:
0xABE2DC997C2233012A86D8BE66F1B6C95688A943Archival link changed to https:
https://archive.li/ZabYw ...and .onion, for Tor users:
http://archivecaslytosk.onion/ZabYwEdit: Archive of this post (and the rest of the thread):
https://web.archive.org/web/20180424215333/https://bitcointalk.org/index.php?topic=3323999.msg35510465#msg35510465It is an ECC key, which I believe is currently the best (or at least better than standard) key type to use.
I agree with that assessment. I see that you use Ed25519, which I also currently use for my identity key.
(Aside: I am disappointed that the
current draft in the
process to revise RFC 4880 does not specify anything stronger, such as Ed448-Goldilocks. I should probably do something about that. It does prospectively specify Ed25519/Curve25519 as OpenPGP standard.)
If any established forum members would like to attempt to verify that I am who I say I am and sign my key, I would appreciate it.
This is always problematic for someone who exists as a nym. How would you propose binding 0xABE2DC997C2233012A86D8BE66F1B6C95688A943 to “RGBKey” and the given e-mail address? It’s not as if you would be flashing state-issued ID documents at me. I think that some level of TOFU is necessary in these situations. For my part, I have simply tried to spread my PGP fingerprint anywhere I can (forum post sigs, sigs in mailing list archives, etc., etc.).
As it stands, all I know is that somebody with sufficient Bitcointalk.org access to create a forum post as #182468 claims that key unidirectionally. This could hypothetically include forum admins, blackhats, Cloudflare, the NSA... There is no
cryptographic binding of identity, and there can’t be, insofar as you may have no other cryptographic anchor to which to bind. If you have a long-established, widely-published Bitcoin address, an X.509 certificate (LOL, CAs), or some other form of public-key crypto more or less strongly linked to “RGBKey”, that could be helpful.
If I've missed anything here, please let me know.
The (weak) binding of forum uid #182468 → PGP key is unidirectional; I see no statement signed by the key, claiming uid #182468 “RGBKey”. This is typically resolved with a clearsigned statement acknowledging the identity. But if the Bitcoin Forum is especially important to your identity, you may want to instead add a PGP userid to your key specifying your forum identity. All userids must be certified by your (C) key to be valid. I added that to my key last month; please
have a look:
In gpg, I specified “Bitcoin Forum uid 976210” as my “Name” and the URL as the “Comment”. An OpenPGP userid is anyway only a single UTF-8 text string, as specified by
RFC 4880 §5.11. E-mail addresses are enclosed in angle brackets and comments are parenthesized by common convention, in the manner of RFC 2822; but if you do a hex dump of your public key, you’ll see that the User ID packet is just one string.
Also:
man gpg and look for
--export-secret-subkeys; also,
--expert --full-generate-key (which I presume you used anyway to get an ECC key).
This lets you generate a Certification (C)-only primary key plus signing (S) and encryption (E) subkeys on an airgap machine, then export only the subkeys to your networked machine (using a GnuPG extension which, to my knowledge, is only compatible with GnuPG). This way, even if your networked machine is compromised, your identity is not; and you can issue new subkeys using your airgapped primary key. Examine my keys to see what the result may look like.
Most people don’t seem to care about this; but I myself value the extra margin of safety for a pseudonymous person who exists only as a virtual identity. My identity is anchored in a strictly offline key: I
am 0xC2E91CD74A4C57A105F6C21B5A00591B2F307E0C (or whatever other keys I may use that key to roll over to in the future, if and as better algorithms become available).
Edit 1: I just noticed that you are currently using a 32-bit keyid in your personal text. Please reconsider. 32-bit keyids are totally insecure; using fast ECC crypto (in that case secp256k1), I myself bruteforced
keyid 0x69696969 in 1055.33375204 seconds on one core of an old laptop CPU. See also
https://evil32.com/. I don’t trust 64-bit keyids, either. The Bitcoin mining network currently does 2
64 work every few seconds. For creating a “vanity” keyid, it is an amount of computation within reach of a powerful adversary (or anybody with access to a large distributed computing grid/botnet/whatever, plus lots of patience). Whereas the full fingerprint is a SHA-1 hash (soon to be changed to SHA-256 with v5 keys), which is still secure against a full preimage attack.
Full quote of OP:
Hey folks,
I've been a longstanding advocate of encryption, but I've come to realize that I don't really have an established PGP key to use for communications here. I've just created a new one (I created one ~4 years ago and have since lost it) and I'm going to publish it here and record it. I would greatly appreciate it if a few (please don't go too overboard) people would quote this post to establish it. I will also use archive.is to record this post and post it in a follow-up reply.
Here is my key:
-----BEGIN PGP PUBLIC KEY BLOCK-----
mDMEWtLazxYJKwYBBAHaRw8BAQdAgX5FwRIX6Vjq4cGZmrufz1/9PMBx40DcdTeD
Yw2P2Ry0GVJHQktleSA8cmdia2V5QGdtYWlsLmNvbT6IkAQTFggAOBYhBKvi3Jl8
IjMBKobYvmbxtslWiKlDBQJa0trPAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheA
AAoJEGbxtslWiKlDDF8BAOMjI3HkUOpMU1/qiFixKqB9DywR6WLtq/gO/1FuglFo
AQCK6+OKONT+dCxGRZShrolXpCd1hhGXWhkPU9yj5mvlCbg4BFrS2s8SCisGAQQB
l1UBBQEBB0A6iXCX3Rvd8SWXxDuqd8CFL1jtD7IeUaSlVEmx8OSAQgMBCAeIeAQY
FggAIBYhBKvi3Jl8IjMBKobYvmbxtslWiKlDBQJa0trPAhsMAAoJEGbxtslWiKlD
iGgBAILE2I8JZs2EVEtQiEVLi0/gZ7Mb5+/VIG7GAkmRsWV3AQD1pHktwUWF1i6G
Y4g5j275O69cp2muXydlsBr8fIXlBQ==
=CmTR
-----END PGP PUBLIC KEY BLOCK-----
It is an ECC key, which I believe is currently the best (or at least better than standard) key type to use.
I've also published it
to MIT's keyserver.
If any established forum members would like to attempt to verify that I am who I say I am and sign my key, I would appreciate it.
If I've missed anything here, please let me know.
