Bitcoin Forum
January 21, 2019, 12:31:08 AM *
News: Latest Bitcoin Core release: 0.17.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: PGP / GPG encryption of private messages  (Read 3679 times)
EcuaMobi
Legendary
*
Offline Offline

Activity: 1666
Merit: 1228


https://Ecua.Mobi


View Profile WWW
June 13, 2014, 09:51:03 PM
 #1

I'd like to see an option to upload a public GPG key to the forum.

After that, user would be able to enable other users to send encrypted PMs. Or encryption can be enforced.

If encryption is enabled, 'Preview' would be either disabled or run completely offline on javascript.
When the message is sent, it would be first encrypted offline using openpgpjs or similar.

Decryption would be optional. Probably it'd be better to keep it off the site, so no private keys are uploaded.

For extra security, there can be information regarding when a public key was uploaded, in case a hacker accesses an account an uploads their own key.

1548030668
Hero Member
*
Offline Offline

Posts: 1548030668

View Profile Personal Message (Offline)

Ignore
1548030668
Reply with quote  #2

1548030668
Report to moderator
1548030668
Hero Member
*
Offline Offline

Posts: 1548030668

View Profile Personal Message (Offline)

Ignore
1548030668
Reply with quote  #2

1548030668
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1548030668
Hero Member
*
Offline Offline

Posts: 1548030668

View Profile Personal Message (Offline)

Ignore
1548030668
Reply with quote  #2

1548030668
Report to moderator
HeroC
Legendary
*
Offline Offline

Activity: 863
Merit: 1000


GPG: FA122C1A | IRC: HeroCC


View Profile
June 14, 2014, 05:18:51 PM
 #2

This is a good idea, for now, you can just request a Public Key from them, or tell them this message is encrypted.
TradeFortress 🏕
VIP
Legendary
*
Offline Offline

Activity: 1092
Merit: 1023


View Profile
June 16, 2014, 12:07:33 PM
 #3

I'd like to see an option to upload a public GPG key to the forum.

After that, user would be able to enable other users to send encrypted PMs. Or encryption can be enforced.

If encryption is enabled, 'Preview' would be either disabled or run completely offline on javascript.
When the message is sent, it would be first encrypted offline using openpgpjs or similar.

Decryption would be optional. Probably it'd be better to keep it off the site, so no private keys are uploaded.

For extra security, there can be information regarding when a public key was uploaded, in case a hacker accesses an account an uploads their own key.


That would be a really nice feature. It won't hurt scam protection or message verification at all, if any party consents they can post the decrypted signed message.
jayc89
Hero Member
*****
Offline Offline

Activity: 742
Merit: 500



View Profile
June 26, 2014, 05:43:48 PM
 #4

I would like to see similar functionality whereby all posts, public or private are encrypted. This would ensure the consistancy of quotes etc

.
                           ▄▄▄▄▄▄▄▄
                       ▄▀▌         ▀▀█▄
                    ▄▀   █         ▄▀ █ ▀▄
                  ▄█     ▐        ▄    ▌  ▀▄
                ▄▄▀       █      ▀      ▌  ▓▀▄
              ▄███▄       ▐    ▄▀       █▄█   ▀
             ▄  ▌ ▀ ▀▀▄    █  █      ▄▄████▄▄   ▄
            ▓  ▐   ▀▄   ▀▀▄███▄▄ ▀▀    █ ▐    ▀▀▄▄
           ▌   ▓     █▄▄▄▄▀███▄      ▄▀   ▌      ▄█
          ▌    ▌    ▐███▀   ▄▄▄▄▀▄▄██▌    █    ▄▀  █
         ▓    █    ▄▀█ ▌          ████▄   ▐   ▀    ▄▌
        ▐▀▄   ▌  ▄▀ ▐   ▌         █ ▐   ▀▄███▄ ▀▀    ▌
        ▌  ▄ ▐ ▄▀  ▐    ▐ ▄▄▄█████▄▄ █   ▐███▄       ▐
       ▓    ███   ▐▀   ▄███████████████▄ ▓     ▀▄▄    ▌
       ▀ ▄███▀█   ▌  ████████████████████         ▀ ▄ ▐
      ▐▄▄▀██▀▀▄███▄ ██████████████████████▌▀▀▀   ▄▄▄▄▄▓▌
      █  █ █   ▀██▀████████████████████████▄           ▌
      ▌ ▌  ▐    ▌ ▀████████████████████████▌▀▄         ▌
      █▀   ▐▌  █  ▐████████████████████████▌   ▌      ▐▌
      ▐     ▌ ▐    ████████████████████████      ▀▄  ▐▓
       █    █ ▌     ██████████████████████▀        ███▌
        ▓▀▄ ▐▐    ▄ ▀████████████████████       ▄▄█▀▐█
         ▄ █████▄▄ ▄▄█ ▀██████████████▀     ▄ ▀ ▄▀  █
          ▀ █▀     ███  ▐ ▀▀▀▀██████▌  ▄▄▀▀   ▄▀   ▀
            ▌    ▒▐▀ ▌▀▄ ▀        ▀███     ▄▀    ▄
             ▀▄▄  ▀  ▐  ▌ ▀       ▄    ▀███
                ▀█    ▌  ▀▄█     ▄    ▄▀▀█  █▀
                   ▀▀▄█    ▄▌   █  ▄▀  ▄▐▀▀
                         ▀▀▀▀▀ ▀ ▀▀▀▀
.
      ██
     
     ▐█▌   ▄██████████████   ▄▄████████████▄   ██▄           ▄██   ▄█████████████▄
     ▐█▌ ▐██                ▐█▀            ██    ▀█▄       ▄██▀   ██▀           ▀██
     ▐█▌ ▐█▌                ██▌            ██      ▀█▄   ▄██▀     ██             ██
     ▐█▌  ▀██▄▄▄▄▄▄▄▄▄▄▄▄▄   ▀██▄▄▄▄▄▄▄▄▄▄██▀        ▀████         ███▄▄▄▄▄▄▄▄▄▄██
      ▀      ▀▀▀▀▀▀▀▀▀▀▀▀▀      ▀▀▀▀▀▀▀▀▀▀             ▀              ▀▀▀▀▀▀▀▀▀▀
jekv2
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
June 26, 2014, 06:10:33 PM
 #5

This would also, be a retardant against bitcoin account hacking?
EcuaMobi
Legendary
*
Offline Offline

Activity: 1666
Merit: 1228


https://Ecua.Mobi


View Profile WWW
June 27, 2014, 02:12:00 AM
 #6

I would like to see similar functionality whereby all posts, public or private are encrypted. This would ensure the consistancy of quotes etc

But which public PGP key would be used to encrypt a public message? or do you mean signed rather than encrypted?

The idea of encrypted messages is to make sure they're private.


EcuaMobi
Legendary
*
Offline Offline

Activity: 1666
Merit: 1228


https://Ecua.Mobi


View Profile WWW
June 28, 2014, 03:09:23 AM
Last edit: April 06, 2015, 11:16:31 PM by EcuaMobi
 #7

This is a good idea, for now, you can just request a Public Key from them, or tell them this message is encrypted.

In the meantime, I created a tool so anybody can encrypt messages using my public PGP more easily:
http://bitPGP.com/ecuamobi/  (I no longer own this domain)
https://ecua.mobi/pgp/

If anyone wants this too, I can do it for free:
https://bitcointalk.org/index.php?topic=667380.msg7551562#msg7551562

zedicus
Legendary
*
Offline Offline

Activity: 938
Merit: 1002



View Profile
August 18, 2014, 05:10:40 AM
 #8

If you were to implement this then all messages would be decrypted on the server side. What would be much better would be to have better public awareness of the importance of using PGP for sensitive PMs.

Also the vast majority of PMs likely do not need to be encrypted as they only contain casual conversation and/or casual business that realistically no one would case about if they were able to intercept.

On a 2nd though I guess you could have a field for a public PGP key that would automatically encrypt messages and the receipt would need to manually copy/paste the message to decrypt, however this would still involve encryption on the server side which is still much less secure then encryption on the client side.


              ▄███▄
           ▄████▀████▄
        ▄████▀     ▀████▄
     ▄████▀    ███    ▀████▄
  ▄    ▀      ▄███▄      ▀████▄
████▀      ▄█████████▄      ▀████
███     ▄▄  █▀ ███ ▀████▄     ███
███    ███▀    ███    ▀███    ███
███    ███     ███     ▀██    ███
███    ███     ███      ▐█    ███
███    ███     ███      ▐█    ███
███    ███     ███     ▄██    ███
███    ███▄    ███    ▄███    ███
███     ▀▀  █▄ ███ ▄████▀     ███
████▄      ▀█████████▀      ▄████
  ▀    ▄      ▀███▀      ▄████▀
     ▀████▄    ███    ▄████▀
        ▀████▄     ▄████▀
           ▀████▄████▀
              ▀███▀




███  ██▄         ███  ██████████████  ██████████████  ███████████████  ███  ██▄         ███
███  ████▄       ███  ███             ███             ███         ███  ███  ████▄       ███
███  ██████▄     ███  ███             ███             ███         ███  ███  ██████▄     ███
███  ███ ▀███▄   ███  ███▄▄▄▄▄▄▄▄▄▄▄  ███             ███         ███  ███  ███ ▀███▄   ███
███  ███   ▀███▄ ███  ▀▀▀▀▀▀▀▀▀▀▀███  ███             ███         ███  ███  ███   ▀███▄ ███
███  ███     ▀██████             ███  ███             ███         ███  ███  ███     ▀██████
███  ███       ▀████             ███  ███             ███         ███  ███  ███       ▀████
███  ███         ▀██  ██████████████  ██████████████  ███████████████  ███  ███         ▀██

FOR KNOX
 
   
IN BECOMING   THE FIRST    ●●●●●●●●●●●●●●●
BLOCKCHAIN BASED   INSURANCE COMPANY 
>> 

                   ▄▄████
              ▄▄████████▌
         ▄▄█████████▀███
    ▄▄██████████▀▀ ▄███▌
▄████████████▀▀  ▄█████
▀▀▀███████▀   ▄███████▌
      ██    ▄█████████
       █  ▄██████████▌
       █  ███████████
       █ ██▀ ▀██████▌
       ██▀     ▀████
                 ▀█▌


             ▄████▄▄   ▄
█▄          ██████████▀▄
███        ███████████▀
▐████▄     ██████████▌
▄▄██████▄▄▄▄█████████▌
▀████████████████████
  ▀█████████████████
  ▄▄███████████████
   ▀█████████████▀
    ▄▄█████████▀
▀▀██████████▀
    ▀▀▀▀▀
 

             █▀▀▀▄▄▄██▄
             █     ▀██▀
            █
         ▄▄▄█▄▄▄
 ████▄▄███████████▄▄████
▐██████▀▀███████▀▀██████▌
 ▀████    █████    ████▀
  ████▄  ▄█████▄  ▄████
  ▀███████████████████▀
   ▀████▄▀█████▀▄████▀
     ▀▀███▄▄▄▄▄███▀▀
         ▀▀▀▀▀▀▀
in
 

   ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
 ▄█████████████████████████▄
 ███████████████████████████
▐███████████████████████████▌
▐███████████  ▀█████████████▌
▐███████████     ▀██████████▌
▐███████████     ▄██████████▌
▐███████████  ▄█████████████▌
▐███████████████████████████▌
 ███████████████████████████
 ▀█████████████████████████▀
   ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
EcuaMobi
Legendary
*
Offline Offline

Activity: 1666
Merit: 1228


https://Ecua.Mobi


View Profile WWW
August 18, 2014, 02:19:56 PM
 #9

If you were to implement this then all messages would be decrypted on the server side. What would be much better would be to have better public awareness of the importance of using PGP for sensitive PMs.

Also the vast majority of PMs likely do not need to be encrypted as they only contain casual conversation and/or casual business that realistically no one would case about if they were able to intercept.

On a 2nd though I guess you could have a field for a public PGP key that would automatically encrypt messages and the receipt would need to manually copy/paste the message to decrypt, however this would still involve encryption on the server side which is still much less secure then encryption on the client side.

It can be encrypted via Javascript on the client (browser) just before sending the data.
It doesn't need to be encrypted server-side.

ACCTseller
Hero Member
*****
Offline Offline

Activity: 532
Merit: 500

no longer selling accounts


View Profile
August 20, 2014, 10:55:12 PM
 #10

If you were to implement this then all messages would be decrypted on the server side. What would be much better would be to have better public awareness of the importance of using PGP for sensitive PMs.

Also the vast majority of PMs likely do not need to be encrypted as they only contain casual conversation and/or casual business that realistically no one would case about if they were able to intercept.

On a 2nd though I guess you could have a field for a public PGP key that would automatically encrypt messages and the receipt would need to manually copy/paste the message to decrypt, however this would still involve encryption on the server side which is still much less secure then encryption on the client side.

It can be encrypted via Javascript on the client (browser) just before sending the data.
It doesn't need to be encrypted server-side.

What if javascript is disabled on someone's browser? Would they not be able to send PMs?

I would also not personally want some 3rd party software encrypting my messages (automatically or not). If the forum were to get hacked and the hack does not get noticed then an attacker could potentially modify the software to also encrypt messages to they PGP key.

I think it would cause unnecessary work for when information that is not at all sensitive is being sent, for example that the seller of a transaction received payment.
Pages: [1]
  Print  
 
Jump to:  

Bitcointalk.org is not available or authorized for sale. Do not believe any fake listings.
Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!