Bitcoin Forum
December 04, 2016, 02:34:17 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2] 3 4 »  All
  Print  
Author Topic: Key-signing party!  (Read 5934 times)
kseistrup
Hero Member
*****
Offline Offline

Activity: 565


Unselfish actions pay back better


View Profile WWW
May 22, 2011, 02:27:17 PM
 #21


To verify my public key, please send an e-mail to kurt dot padilla at gmail dot com with "FF7E7CCD" in the subject and "bitcoin" in the body text. You'll then receive a signed response referring to this post.

I've received a few responses referring to this post, but all of them were unsigned…

I've now received a bunch of signed messages.  The showstopper now is that they've been converted to HTML after signing:

Code:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <meta http-equiv="content-type" content="text/html;
      charset=ISO-8859-1">
  </head>
  <body bgcolor="#ffffff" text="#000000">
    -----BEGIN PGP SIGNED MESSAGE-----<br>
    Hash: SHA256<br>
    <br>
    Hi,<br>
    <br>
    You've received this message because you followed the instructions
    in this forum post:
    <a class="moz-txt-link-freetext" href="http://forum.bitcoin.org/index.php?topic=9251.msg134453#msg134453">http://forum.bitcoin.org/index.php?topic=9251.msg134453#msg134453</a><br>
    <br>
    In it, I stated that I am Kurt Padilla and that my public key
    fingerprint is 5D67 9B6C 3A35 D9B5 5A76 42F9 D188 DC4D FF7E 7CCD. As
    such, you can verify my identity, or at least that I own both
    <a class="moz-txt-link-abbreviated" href="mailto:kurt{dot}padilla{at}gmail{dot}com">kurt{dot}padilla{at}gmail{dot}com</a> and FatherMcGruder on the Bitcoin.org forums.<br>
    <br>
    Once you do, please sign my key.<br>
    <br>
    Thanks,<br>
    Kurt<br>
    -----BEGIN PGP SIGNATURE-----<br>
    Version: GnuPG v1.4.11 (GNU/Linux)<br>
    <br>
    iF4EAREIAAYFAk3ZGvsACgkQ0YjcTf9+fM3NtAD+LI/2pZ9v1uWRbUoT9XWXfyl7<br>
    6+zR9kSh0hZT0fITD+gA/RfweaUqCwYODY04G+zaNffWaCaCQxEU8JVrlDQbbJbo<br>
    =rgX9<br>
    -----END PGP SIGNATURE-----<br>
  </body>
</html>

Cheers,

Klaus Alexander Seistrup
http://about.me/kseistrup
1480862057
Hero Member
*
Offline Offline

Posts: 1480862057

View Profile Personal Message (Offline)

Ignore
1480862057
Reply with quote  #2

1480862057
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480862057
Hero Member
*
Offline Offline

Posts: 1480862057

View Profile Personal Message (Offline)

Ignore
1480862057
Reply with quote  #2

1480862057
Report to moderator
1480862057
Hero Member
*
Offline Offline

Posts: 1480862057

View Profile Personal Message (Offline)

Ignore
1480862057
Reply with quote  #2

1480862057
Report to moderator
1480862057
Hero Member
*
Offline Offline

Posts: 1480862057

View Profile Personal Message (Offline)

Ignore
1480862057
Reply with quote  #2

1480862057
Report to moderator
FatherMcGruder
Sr. Member
****
Offline Offline

Activity: 322



View Profile WWW
May 22, 2011, 02:28:54 PM
 #22


To verify my public key, please send an e-mail to kurt dot padilla at gmail dot com with "FF7E7CCD" in the subject and "bitcoin" in the body text. You'll then receive a signed response referring to this post.

I've received a few responses referring to this post, but all of them were unsigned…

I've now received a bunch of signed messages.  The showstopper now is that they've been converted to HTML after signing:

Code:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <meta http-equiv="content-type" content="text/html;
      charset=ISO-8859-1">
  </head>
  <body bgcolor="#ffffff" text="#000000">
    -----BEGIN PGP SIGNED MESSAGE-----<br>
    Hash: SHA256<br>
    <br>
    Hi,<br>
    <br>
    You've received this message because you followed the instructions
    in this forum post:
    <a class="moz-txt-link-freetext" href="http://forum.bitcoin.org/index.php?topic=9251.msg134453#msg134453">http://forum.bitcoin.org/index.php?topic=9251.msg134453#msg134453</a><br>
    <br>
    In it, I stated that I am Kurt Padilla and that my public key
    fingerprint is 5D67 9B6C 3A35 D9B5 5A76 42F9 D188 DC4D FF7E 7CCD. As
    such, you can verify my identity, or at least that I own both
    <a class="moz-txt-link-abbreviated" href="mailto:kurt{dot}padilla{at}gmail{dot}com">kurt{dot}padilla{at}gmail{dot}com</a> and FatherMcGruder on the Bitcoin.org forums.<br>
    <br>
    Once you do, please sign my key.<br>
    <br>
    Thanks,<br>
    Kurt<br>
    -----BEGIN PGP SIGNATURE-----<br>
    Version: GnuPG v1.4.11 (GNU/Linux)<br>
    <br>
    iF4EAREIAAYFAk3ZGvsACgkQ0YjcTf9+fM3NtAD+LI/2pZ9v1uWRbUoT9XWXfyl7<br>
    6+zR9kSh0hZT0fITD+gA/RfweaUqCwYODY04G+zaNffWaCaCQxEU8JVrlDQbbJbo<br>
    =rgX9<br>
    -----END PGP SIGNATURE-----<br>
  </body>
</html>

Cheers,
Ugh. Let me try again... hold on.

Use my Trade Hill referral code: TH-R11519

Check out bitcoinity.org and Ripple.

Shameless display of my bitcoin address:
1Hio4bqPUZnhr2SWi4WgsnVU1ph3EkusvH
Ian Maxwell
Full Member
***
Offline Offline

Activity: 140



View Profile WWW
May 22, 2011, 02:34:57 PM
 #23

I'm using Thunderbird, if anyone has any tips on that.

1. Use plain text mode. This is good practice anyway since some people read all email as plain text as a matter of safety. It should be an option in Account Settings, if I remember correctly.

2. Get the Enigmail extension. It's by far the easiest way to encrypt or sign mail in Thunderbird.

Ian Maxwell
PGP key | WoT rating
FatherMcGruder
Sr. Member
****
Offline Offline

Activity: 322



View Profile WWW
May 22, 2011, 04:00:38 PM
 #24

2. Get the Enigmail extension. It's by far the easiest way to encrypt or sign mail in Thunderbird.
Yes I have Enigmail and it's worked well for signing and encrypting messages for me. However, when Thunderbird replies with a template, it doesn't sign it. When I sign a message in my text editor, and then paste it into a compose window, the PGP bits disappear leaving only the message. Not sure what's going on here.  Undecided

Use my Trade Hill referral code: TH-R11519

Check out bitcoinity.org and Ripple.

Shameless display of my bitcoin address:
1Hio4bqPUZnhr2SWi4WgsnVU1ph3EkusvH
Ryland R. Taylor-Almanza
Hero Member
*****
Offline Offline

Activity: 812



View Profile
May 24, 2011, 03:08:30 AM
 #25

Code:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I am the real Ryland Taylor-Almanza with public key fingerprint 8092 49F5 295C 9BB6 780E  6B23 F37B 04E9 CB0C 8D51, downloadable from <http://ryland.bit/>.

My key is only self-signed, but you can verify it by doing the following:

 · Send an email to email@rylandtaylor-almanza.com with subject line “F37B04E9CB0C8D51” and body text “GPGverify”.

 · I will respond with a signed message referencing this one.

If you do verify my identity, I ask that you sign my public key afterward.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJN2wjeAAoJEPN7BOnLDI1RTmQH/jTJKJHG+9+AnK01wYbhHP4S
FlaF4mKgdxQgKLzvsMLcwTMgeta39qhj9+x6ooiFuEEo74kQTHFWWkn2qTss2yUG
CEOu1qi8NOJfhRm9c8EZRqd5mLarPIYBqyWRcfpwUftnkwMewfkTH0BubwOUY9UM
j02o5k3xe7YIn4dSyJEPw4lyAsVvUlinNiRtuabPBPtvf3lkr6RK9tQqGKPwRWLG
PLkHspoEA+Xfu38Jwcutx9G9mx75bRDkirEQMXTXmSQzrVCyYSOXBdLSV3n6rAzn
81jpyG3r/jpC3iP9nFhmD2O4FmMus27gRJJGdq5mqxXdjq7NMfGC+21SVnmO51Y=
=Y9s1
-----END PGP SIGNATURE-----
Ryland R. Taylor-Almanza
Hero Member
*****
Offline Offline

Activity: 812



View Profile
May 24, 2011, 03:15:50 AM
 #26

I've signed everyones key here, by the way (Except I'm waiting for a reply from pgp-verify@bluematt.me.)

EDIT: Signed Matt's key.
kseistrup
Hero Member
*****
Offline Offline

Activity: 565


Unselfish actions pay back better


View Profile WWW
May 24, 2011, 06:25:19 AM
 #27

Ryland,

GPG won't verify your signature on the canned response, this is because Gmail breaks long lines.  If you make a hard linebreak between “fingerprint” and  “8092 49F5 […]” you should be cool.

Cheers,

Klaus Alexander Seistrup
http://about.me/kseistrup
Ryland R. Taylor-Almanza
Hero Member
*****
Offline Offline

Activity: 812



View Profile
May 24, 2011, 06:46:56 AM
 #28

Fixed. Thanks!
kseistrup
Hero Member
*****
Offline Offline

Activity: 565


Unselfish actions pay back better


View Profile WWW
May 24, 2011, 06:58:45 AM
 #29


Fixed. Thanks!

Signed your key…

Cheers,

Klaus Alexander Seistrup
http://about.me/kseistrup
FatherMcGruder
Sr. Member
****
Offline Offline

Activity: 322



View Profile WWW
May 24, 2011, 11:24:31 PM
 #30

Trying this again with the canned response feature from Google. I even added my own line breaks where necessary. It should work now, but I'm sure I'll find out if it doesn't.

Use my Trade Hill referral code: TH-R11519

Check out bitcoinity.org and Ripple.

Shameless display of my bitcoin address:
1Hio4bqPUZnhr2SWi4WgsnVU1ph3EkusvH
Jason Keith
Newbie
*
Offline Offline

Activity: 24


View Profile
May 29, 2011, 04:40:48 PM
 #31

I have a couple of really basic questions. First, I'm no longer sure what it means to "sign" someone else's key. After verifying an email address like Ian's for example and then verifying the signature sent from that address, should I really just copy everything from

-----BEGIN PGP SIGNATURE-----
to
-----END PGP SIGNATURE-----

and sign it the same way I would use my own signature to sign a message of my own? And if I do, what then? How does that indicate my acceptance of the other person's claims?

Second, when I look at my own key in GPA, it says;

The key has both a private and a public part
The key can be used for certification and signing, but not for encryption.


So if it has a public part, why can't it be used for encryption?

https://secure.bitcoinid.com?i=b595fe5a22bfd11ca49758f96b54998fed300820d43534ed84b22042 (https://secure.bitcoinid.com?i=b595fe5a22bfd11ca49758f96b54998fed300820d43534ed84b22042)
Ian Maxwell
Full Member
***
Offline Offline

Activity: 140



View Profile WWW
May 29, 2011, 04:53:33 PM
 #32

Jason: What software are you using? If you use the command-line GPG, by default it will generate keys that can be used for encryption. But if you're using Cryptophane for example, by default it generates signature-only keys. Unfortunately I haven't found the perfect Windows GUI frontend for GPG yet.

You need a public and private part for signatures as well as encryption---a private part you use to sign, and a public part others use to verify the signature.

Anyway, if you have my public key, in most software signing it will mean right-clicking it and clicking "Sign". Then at some point you'd re-upload the key to the server, with your signature on it. By doing this you're vouching that that the name and email address attached to the key are accurate. (I haven't actually proven that the name is accurate, but if you really wanted I could try and scan an ID or something.)

Ian Maxwell
PGP key | WoT rating
Jason Keith
Newbie
*
Offline Offline

Activity: 24


View Profile
May 29, 2011, 05:16:55 PM
 #33

Jason: What software are you using? If you use the command-line GPG, by default it will generate keys that can be used for encryption. But if you're using Cryptophane for example, by default it generates signature-only keys. Unfortunately I haven't found the perfect Windows GUI frontend for GPG yet.
I used GPG from the command line on OSX to generate the keys. Since then, I've installed Thunderbird and Enigmail on Ubuntu and I've finally gotten Penango to work with Firefox on OSX.

You need a public and private part for signatures as well as encryption---a private part you use to sign, and a public part others use to verify the signature.
OK, so if it turns out my key can't be used for encryption, should I revoke it and start again or can I edit encryption ability into the keys I have now?

Anyway, if you have my public key, in most software signing it will mean right-clicking it and clicking "Sign". Then at some point you'd re-upload the key to the server, with your signature on it. By doing this you're vouching that that the name and email address attached to the key are accurate.
So I understand how to sign it but how do I upload it to the server?

(I haven't actually proven that the name is accurate, but if you really wanted I could try and scan an ID or something.)
No, you're cool man. What you've done so far is good enough for me if that's what everybody else has been OK with. Thanks for the reply.

https://secure.bitcoinid.com?i=b595fe5a22bfd11ca49758f96b54998fed300820d43534ed84b22042 (https://secure.bitcoinid.com?i=b595fe5a22bfd11ca49758f96b54998fed300820d43534ed84b22042)
kseistrup
Hero Member
*****
Offline Offline

Activity: 565


Unselfish actions pay back better


View Profile WWW
May 29, 2011, 05:24:47 PM
 #34


So I understand how to sign it but how do I upload it to the server?

Code:

$ gpg --keyserver pgp.mit.edu --send-keys 0x12345678


Subsitute 0x12345678 with keyid for actual key you wish to send.
Subsitute pgp.mit.edu with keyserver you wish to use.  Other possibilities are e.g.:
  • subkeys.pgp.net
  • pool.sks-keyservers.net
  • keys.gnupg.net
  • pgp.surfnet.nl

Cheers,

Klaus Alexander Seistrup
http://about.me/kseistrup
kseistrup
Hero Member
*****
Offline Offline

Activity: 565


Unselfish actions pay back better


View Profile WWW
May 29, 2011, 05:32:52 PM
 #35


By [signing someone's public key this way] you're vouching that that the name and email address attached to the key are accurate. (I haven't actually proven that the name is accurate, but if you really wanted I could try and scan an ID or something.)

Some nerds at IRL keysigning parties demand that you show photo id (e.g., passport or driver's license).  IMHO that means that they're verifying the person's identity.  However, for me person != email address, so I'm happy to know that the key is associated with the email address it claims to represent.  This is what we're doing here.

Cheers,

Klaus Alexander Seistrup
http://about.me/kseistrup
kseistrup
Hero Member
*****
Offline Offline

Activity: 565


Unselfish actions pay back better


View Profile WWW
May 29, 2011, 05:33:48 PM
 #36

P.S.: Jason, once you're ready, please tell us how we can verify your key…

Klaus Alexander Seistrup
http://about.me/kseistrup
Jason Keith
Newbie
*
Offline Offline

Activity: 24


View Profile
May 29, 2011, 05:48:35 PM
 #37

Sure. Thanks for the help guys. Penango on Firefox seems to be missing some features and Ian is right when he says the easiest way to use Enigmail with TB. I signed his key and uploaded it to a server as I will with others' here.

https://secure.bitcoinid.com?i=b595fe5a22bfd11ca49758f96b54998fed300820d43534ed84b22042 (https://secure.bitcoinid.com?i=b595fe5a22bfd11ca49758f96b54998fed300820d43534ed84b22042)
Jason Keith
Newbie
*
Offline Offline

Activity: 24


View Profile
May 29, 2011, 05:59:00 PM
 #38

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'm Jason Keith. One of many it seems and although you won't find me on the first couple of
pages of a Google search, you can reach me at jasonkeith@gmail.com. My fingerprint is
E936 B8CB 8537 02A1 144E  FFB0 BBF5 676B 15DD FC58 Send me an email with
15DDFC58 and Bitcoin in the subject and I'll get back to you.
 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)

iQIcBAEBAgAGBQJN4ojuAAoJELv1Z2sV3fxYDwQP/2jwS3bBv0+wvP68EK5zXwvK
g9kjBBmkDBbl48unsUGOShzQcfB/Tt724BiBe8AXAHrYBpFO+SCIpQ7h5emncJXP
fg74ux231lrnq+fq0xkTL0mjj04yXUEg8vVjIvKyXE0nw4cR3PY0cibiwzZWS0pP
9iR6gQZGJtvn9nIQJIqW/LTkUGRXRoEDZByqllLM3icWHhX3E8ilrw9MtsLqQtJW
4Zye5vpJlBcPMStIknikZ9OShW/h3H/9exVjZxpo0ZJiTv57mCWWvx4UBnVzVyAT
bJV7aNQjkUvneMNTaxwH5tQfbDkwGkEpKt8iFza2yBPzhIovFAU6ePim0qnPop4m
W43JqfA/QlIQM8FjH2BtBegT7/7rI3Eg97fNLYbW0qxDs57HZZlHtyF4fJZh7Yed
R4bRHJS7iXrX/YIoDiWO+giamc1ZjABOI0GFoHUmtPxOcBXVR3ITkthiy6SjqESW
ACunjQYKI1MeWjtYSqZjbFxUahkJArWd3Hjph3OAiQMscw59cQV0P5NXKNQWrxaL
k96PNuhOin/qRKXWXN9NNqXlRNfqZCNAXVlijgZGkI4Sewh++BIma+e0LIfahzYo
yd+TmXE3rzFFrF6Vv016mcpf2d3ZyWoAYgrAc8zuTb/WOTiDsj7TqJSEpmoC/rZY
MzQ+pegx7DBdhUmT7fvo
=/+pd
-----END PGP SIGNATURE-----

https://secure.bitcoinid.com?i=b595fe5a22bfd11ca49758f96b54998fed300820d43534ed84b22042 (https://secure.bitcoinid.com?i=b595fe5a22bfd11ca49758f96b54998fed300820d43534ed84b22042)
kseistrup
Hero Member
*****
Offline Offline

Activity: 565


Unselfish actions pay back better


View Profile WWW
May 29, 2011, 06:08:53 PM
 #39


[…] and I'll get back to you.

Tip:  You can set up a canned response so that a signed email pointing to e.g. your instruction message in this thread is returned automagically to those who send en email with this in the subject and that in the body.

Cheers,

Klaus Alexander Seistrup
http://about.me/kseistrup
Jason Keith
Newbie
*
Offline Offline

Activity: 24


View Profile
May 29, 2011, 06:30:44 PM
 #40

Thanks Klaus. I realised that just as I looked back over what everybody else in the thread seems to have done. Grin
It's 3:30 in the morning here now and I'm gonna get some sleep before I come back and make a bigger fool of myself. Thanks again for the help all.
BTW Klaus, I verified and signed your key as well. I"ll get around to everybody else tomorrow.

https://secure.bitcoinid.com?i=b595fe5a22bfd11ca49758f96b54998fed300820d43534ed84b22042 (https://secure.bitcoinid.com?i=b595fe5a22bfd11ca49758f96b54998fed300820d43534ed84b22042)
Pages: « 1 [2] 3 4 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!