|
FatherMcGruder
|
 |
May 22, 2011, 02:28:54 PM |
|
To verify my public key, please send an e-mail to kurt dot padilla at gmail dot com with "FF7E7CCD" in the subject and "bitcoin" in the body text. You'll then receive a signed response referring to this post.
I've received a few responses referring to this post, but all of them were unsigned… I've now received a bunch of signed messages. The showstopper now is that they've been converted to HTML after signing: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
</head>
<body bgcolor="#ffffff" text="#000000">
-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA256<br>
<br>
Hi,<br>
<br>
You've received this message because you followed the instructions
in this forum post:
<a class="moz-txt-link-freetext" href="http://forum.bitcoin.org/index.php?topic=9251.msg134453#msg134453">http://forum.bitcoin.org/index.php?topic=9251.msg134453#msg134453</a><br>
<br>
In it, I stated that I am Kurt Padilla and that my public key
fingerprint is 5D67 9B6C 3A35 D9B5 5A76 42F9 D188 DC4D FF7E 7CCD. As
such, you can verify my identity, or at least that I own both
<a class="moz-txt-link-abbreviated" href="mailto:kurt{dot}padilla{at}gmail{dot}com">kurt{dot}padilla{at}gmail{dot}com</a> and FatherMcGruder on the Bitcoin.org forums.<br>
<br>
Once you do, please sign my key.<br>
<br>
Thanks,<br>
Kurt<br>
-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v1.4.11 (GNU/Linux)<br>
<br>
iF4EAREIAAYFAk3ZGvsACgkQ0YjcTf9+fM3NtAD+LI/2pZ9v1uWRbUoT9XWXfyl7<br>
6+zR9kSh0hZT0fITD+gA/RfweaUqCwYODY04G+zaNffWaCaCQxEU8JVrlDQbbJbo<br>
=rgX9<br>
-----END PGP SIGNATURE-----<br>
</body>
</html>
Cheers, Ugh. Let me try again... hold on. |
Use my Trade Hill referral code: TH-R11519 Check out bitcoinity.org and Ripple. Shameless display of my bitcoin address: 1Hio4bqPUZnhr2SWi4WgsnVU1ph3EkusvH |
|
|
|
|
|
|
|
|
|
|
|
The forum was founded in 2009 by Satoshi and Sirius. It replaced a
SourceForge forum.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
Ian Maxwell (OP)
|
|
May 22, 2011, 02:34:57 PM |
|
I'm using Thunderbird, if anyone has any tips on that.
1. Use plain text mode. This is good practice anyway since some people read all email as plain text as a matter of safety. It should be an option in Account Settings, if I remember correctly. 2. Get the Enigmail extension. It's by far the easiest way to encrypt or sign mail in Thunderbird. |
|
|
|
|
FatherMcGruder
|
|
May 22, 2011, 04:00:38 PM |
|
2. Get the Enigmail extension. It's by far the easiest way to encrypt or sign mail in Thunderbird.
Yes I have Enigmail and it's worked well for signing and encrypting messages for me. However, when Thunderbird replies with a template, it doesn't sign it. When I sign a message in my text editor, and then paste it into a compose window, the PGP bits disappear leaving only the message. Not sure what's going on here.  |
Use my Trade Hill referral code: TH-R11519 Check out bitcoinity.org and Ripple. Shameless display of my bitcoin address: 1Hio4bqPUZnhr2SWi4WgsnVU1ph3EkusvH |
|
|
Ryland R. Taylor-Almanza
Legendary
 Offline
Activity: 882
Merit: 1001
|
|
May 24, 2011, 03:08:30 AM |
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I am the real Ryland Taylor-Almanza with public key fingerprint 8092 49F5 295C 9BB6 780E 6B23 F37B 04E9 CB0C 8D51, downloadable from <http://ryland.bit/>.
My key is only self-signed, but you can verify it by doing the following:
· Send an email to email@rylandtaylor-almanza.com with subject line “F37B04E9CB0C8D51” and body text “GPGverify”.
· I will respond with a signed message referencing this one.
If you do verify my identity, I ask that you sign my public key afterward.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJN2wjeAAoJEPN7BOnLDI1RTmQH/jTJKJHG+9+AnK01wYbhHP4S
FlaF4mKgdxQgKLzvsMLcwTMgeta39qhj9+x6ooiFuEEo74kQTHFWWkn2qTss2yUG
CEOu1qi8NOJfhRm9c8EZRqd5mLarPIYBqyWRcfpwUftnkwMewfkTH0BubwOUY9UM
j02o5k3xe7YIn4dSyJEPw4lyAsVvUlinNiRtuabPBPtvf3lkr6RK9tQqGKPwRWLG
PLkHspoEA+Xfu38Jwcutx9G9mx75bRDkirEQMXTXmSQzrVCyYSOXBdLSV3n6rAzn
81jpyG3r/jpC3iP9nFhmD2O4FmMus27gRJJGdq5mqxXdjq7NMfGC+21SVnmO51Y=
=Y9s1
-----END PGP SIGNATURE----- |
|
|
|
|
|
| .BITSLER. | ▄███
▄████▀
▄████▀
▄████▀ ▄██▄
▄████▀ ▀████▄
▄████▀ ▀████▄
▄████▀ ▀████▄
▄████▀ ▀████▄
▄████▀ ▄████▄ ▄████▄ ▀████▄
█████ ██████ ██████ █████
▀████▄ ▀████▀ ▀████▀ ▄████▀
▀████▄ ▄████▀
▀████▄ ▄████▀
▀████▄ ▄████▀
▀████▄ ▄████▀
▀████▄▄████▀
▀██████▀
▀▀▀▀ | | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
▄▄▄▄▀▀▀▀ ▄▄█▄▄ ▀▀▄
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█ ▀▄▄ ▀█▀▀ ▄ ▀████ ▀▀▄
█ █▄ ▀▄ ▀████ ▀▀ ▄██▄ ▀▀▄
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
█ ▀▀ ▀▄▄ ▀████ ▄▄▄▀▀▀ █
█ ▄ ▀▄ ▄▄▄▀▀▀ ▄▄ █
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
█ ▄▄ ███ ▀██ █ ▀▀ █
█ ███ ▀██ █ ▄▄ █
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
▀▄ █ ▀▀ █
▀▀▄ ███▄ █ ▄▄ █
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
▀▀▄ █ ▀▀▄▄▄▀▀▀
▄▄▄▄▄▄▄▄▄▄▄█▄▄▀▀▀▀ | | | | ▄▄▄██████▄▄▄
▄▄████████████████▄▄
▄██████▀▀▀▀▀▀▀▀▀▀██████▄
▄ ▄█████▀ ▀█████▄
██▄▄ █████▀ ▄ ▀█████
████████ ▄██ █████
████████▄ ███▀ ████▄
█████████▀▀ ▄███▀ █████
█▀▀▀ █████ █████
▄▄▄ ████ █████
█████ ▀▀ ████▀
█████ █████
█████▄ ▄█████
▀█████▄ ▄█████▀
▀██████▄▄▄▄▄▄▄▄▄▄██████▀
▀▀████████████████▀▀
▀▀▀██████▀▀▀ | | | | ▄▄▄███████▄▄▄
▄█▀▀▀ ▄▄▄▄▄▄▄ ▀▀▀█▄
█▀▀ ▄█████████████▄ ▀▀█
█▀▀ ███████████████████ ▀▀█
█▀ ███████████████████████ ▀█
█▀ ███████████████▀▀ ███████ ▀█
▄█▀ ██████████████▀ ▀█████ ▀█▄
███ ███████████▀▀ ▀▀██ ███
███ ███████▀▀ ███
███ ▀▀▀▀ ███
▀██▄ ▄██▀
▀█▄ ▀▀
█▄ █▄▄▄▄▄▄▄▄▄█
█▄ ▀█████████▀
▀█▄ ▀▀▀▀▀▀▀
▀▀█▄▄ ▄▄▄
▀▀█████ | | | [ | | ] |
|
|
|
Ryland R. Taylor-Almanza
Legendary
Offline
Activity: 882
Merit: 1001
|
|
May 24, 2011, 03:15:50 AM
Last edit: May 24, 2011, 03:38:26 AM by RylandAlmanza |
|
I've signed everyones key here, by the way (Except I'm waiting for a reply from pgp-verify@bluematt.me.)
EDIT: Signed Matt's key.
|
|
|
|
|
|
| .BITSLER. | ▄███
▄████▀
▄████▀
▄████▀ ▄██▄
▄████▀ ▀████▄
▄████▀ ▀████▄
▄████▀ ▀████▄
▄████▀ ▀████▄
▄████▀ ▄████▄ ▄████▄ ▀████▄
█████ ██████ ██████ █████
▀████▄ ▀████▀ ▀████▀ ▄████▀
▀████▄ ▄████▀
▀████▄ ▄████▀
▀████▄ ▄████▀
▀████▄ ▄████▀
▀████▄▄████▀
▀██████▀
▀▀▀▀ | | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
▄▄▄▄▀▀▀▀ ▄▄█▄▄ ▀▀▄
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█ ▀▄▄ ▀█▀▀ ▄ ▀████ ▀▀▄
█ █▄ ▀▄ ▀████ ▀▀ ▄██▄ ▀▀▄
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
█ ▀▀ ▀▄▄ ▀████ ▄▄▄▀▀▀ █
█ ▄ ▀▄ ▄▄▄▀▀▀ ▄▄ █
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
█ ▄▄ ███ ▀██ █ ▀▀ █
█ ███ ▀██ █ ▄▄ █
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
▀▄ █ ▀▀ █
▀▀▄ ███▄ █ ▄▄ █
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
▀▀▄ █ ▀▀▄▄▄▀▀▀
▄▄▄▄▄▄▄▄▄▄▄█▄▄▀▀▀▀ | | | | ▄▄▄██████▄▄▄
▄▄████████████████▄▄
▄██████▀▀▀▀▀▀▀▀▀▀██████▄
▄ ▄█████▀ ▀█████▄
██▄▄ █████▀ ▄ ▀█████
████████ ▄██ █████
████████▄ ███▀ ████▄
█████████▀▀ ▄███▀ █████
█▀▀▀ █████ █████
▄▄▄ ████ █████
█████ ▀▀ ████▀
█████ █████
█████▄ ▄█████
▀█████▄ ▄█████▀
▀██████▄▄▄▄▄▄▄▄▄▄██████▀
▀▀████████████████▀▀
▀▀▀██████▀▀▀ | | | | ▄▄▄███████▄▄▄
▄█▀▀▀ ▄▄▄▄▄▄▄ ▀▀▀█▄
█▀▀ ▄█████████████▄ ▀▀█
█▀▀ ███████████████████ ▀▀█
█▀ ███████████████████████ ▀█
█▀ ███████████████▀▀ ███████ ▀█
▄█▀ ██████████████▀ ▀█████ ▀█▄
███ ███████████▀▀ ▀▀██ ███
███ ███████▀▀ ███
███ ▀▀▀▀ ███
▀██▄ ▄██▀
▀█▄ ▀▀
█▄ █▄▄▄▄▄▄▄▄▄█
█▄ ▀█████████▀
▀█▄ ▀▀▀▀▀▀▀
▀▀█▄▄ ▄▄▄
▀▀█████ | | | [ | | ] |
|
|
|
|
kseistrup
|
|
May 24, 2011, 06:25:19 AM |
|
Ryland,
GPG won't verify your signature on the canned response, this is because Gmail breaks long lines. If you make a hard linebreak between “fingerprint” and “8092 49F5 […]” you should be cool.
Cheers,
|
Klaus Alexander Seistrup
|
|
|
|
|
|
kseistrup
|
|
May 24, 2011, 06:58:45 AM |
|
Fixed. Thanks!
Signed your key… Cheers, |
Klaus Alexander Seistrup
|
|
|
|
FatherMcGruder
|
|
May 24, 2011, 11:24:31 PM |
|
Trying this again with the canned response feature from Google. I even added my own line breaks where necessary. It should work now, but I'm sure I'll find out if it doesn't.
|
Use my Trade Hill referral code: TH-R11519 Check out bitcoinity.org and Ripple. Shameless display of my bitcoin address: 1Hio4bqPUZnhr2SWi4WgsnVU1ph3EkusvH |
|
|
Jason Keith
Newbie
Offline
Activity: 24
Merit: 0
|
|
May 29, 2011, 04:40:48 PM |
|
I have a couple of really basic questions. First, I'm no longer sure what it means to "sign" someone else's key. After verifying an email address like Ian's for example and then verifying the signature sent from that address, should I really just copy everything from
-----BEGIN PGP SIGNATURE-----
to
-----END PGP SIGNATURE-----
and sign it the same way I would use my own signature to sign a message of my own? And if I do, what then? How does that indicate my acceptance of the other person's claims?
Second, when I look at my own key in GPA, it says;
The key has both a private and a public part
The key can be used for certification and signing, but not for encryption.
So if it has a public part, why can't it be used for encryption?
|
|
|
|
|
|
Ian Maxwell (OP)
|
|
May 29, 2011, 04:53:33 PM |
|
Jason: What software are you using? If you use the command-line GPG, by default it will generate keys that can be used for encryption. But if you're using Cryptophane for example, by default it generates signature-only keys. Unfortunately I haven't found the perfect Windows GUI frontend for GPG yet.
You need a public and private part for signatures as well as encryption---a private part you use to sign, and a public part others use to verify the signature.
Anyway, if you have my public key, in most software signing it will mean right-clicking it and clicking "Sign". Then at some point you'd re-upload the key to the server, with your signature on it. By doing this you're vouching that that the name and email address attached to the key are accurate. (I haven't actually proven that the name is accurate, but if you really wanted I could try and scan an ID or something.)
|
|
|
|
Jason Keith
Newbie
Offline
Activity: 24
Merit: 0
|
|
May 29, 2011, 05:16:55 PM |
|
Jason: What software are you using? If you use the command-line GPG, by default it will generate keys that can be used for encryption. But if you're using Cryptophane for example, by default it generates signature-only keys. Unfortunately I haven't found the perfect Windows GUI frontend for GPG yet. I used GPG from the command line on OSX to generate the keys. Since then, I've installed Thunderbird and Enigmail on Ubuntu and I've finally gotten Penango to work with Firefox on OSX. You need a public and private part for signatures as well as encryption---a private part you use to sign, and a public part others use to verify the signature. OK, so if it turns out my key can't be used for encryption, should I revoke it and start again or can I edit encryption ability into the keys I have now? Anyway, if you have my public key, in most software signing it will mean right-clicking it and clicking "Sign". Then at some point you'd re-upload the key to the server, with your signature on it. By doing this you're vouching that that the name and email address attached to the key are accurate. So I understand how to sign it but how do I upload it to the server? (I haven't actually proven that the name is accurate, but if you really wanted I could try and scan an ID or something.) No, you're cool man. What you've done so far is good enough for me if that's what everybody else has been OK with. Thanks for the reply. |
|
|
|
|
|
kseistrup
|
|
May 29, 2011, 05:24:47 PM |
|
So I understand how to sign it but how do I upload it to the server?
$ gpg --keyserver pgp.mit.edu --send-keys 0x12345678
Subsitute 0x12345678 with keyid for actual key you wish to send. Subsitute pgp.mit.edu with keyserver you wish to use. Other possibilities are e.g.: - subkeys.pgp.net
- pool.sks-keyservers.net
- keys.gnupg.net
- pgp.surfnet.nl
Cheers, |
Klaus Alexander Seistrup
|
|
|
|
kseistrup
|
|
May 29, 2011, 05:32:52 PM |
|
By [signing someone's public key this way] you're vouching that that the name and email address attached to the key are accurate. (I haven't actually proven that the name is accurate, but if you really wanted I could try and scan an ID or something.)
Some nerds at IRL keysigning parties demand that you show photo id (e.g., passport or driver's license). IMHO that means that they're verifying the person's identity. However, for me person != email address, so I'm happy to know that the key is associated with the email address it claims to represent. This is what we're doing here. Cheers, |
Klaus Alexander Seistrup
|
|
|
|
kseistrup
|
|
May 29, 2011, 05:33:48 PM |
|
P.S.: Jason, once you're ready, please tell us how we can verify your key…
|
Klaus Alexander Seistrup
|
|
|
Jason Keith
Newbie
Offline
Activity: 24
Merit: 0
|
|
May 29, 2011, 05:48:35 PM |
|
Sure. Thanks for the help guys. Penango on Firefox seems to be missing some features and Ian is right when he says the easiest way to use Enigmail with TB. I signed his key and uploaded it to a server as I will with others' here.
|
|
|
|
|
Jason Keith
Newbie
Offline
Activity: 24
Merit: 0
|
|
May 29, 2011, 05:59:00 PM |
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'm Jason Keith. One of many it seems and although you won't find me on the first couple of pages of a Google search, you can reach me at jasonkeith@gmail.com. My fingerprint is E936 B8CB 8537 02A1 144E FFB0 BBF5 676B 15DD FC58 Send me an email with 15DDFC58 and Bitcoin in the subject and I'll get back to you. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) iQIcBAEBAgAGBQJN4ojuAAoJELv1Z2sV3fxYDwQP/2jwS3bBv0+wvP68EK5zXwvK g9kjBBmkDBbl48unsUGOShzQcfB/Tt724BiBe8AXAHrYBpFO+SCIpQ7h5emncJXP fg74ux231lrnq+fq0xkTL0mjj04yXUEg8vVjIvKyXE0nw4cR3PY0cibiwzZWS0pP 9iR6gQZGJtvn9nIQJIqW/LTkUGRXRoEDZByqllLM3icWHhX3E8ilrw9MtsLqQtJW 4Zye5vpJlBcPMStIknikZ9OShW/h3H/9exVjZxpo0ZJiTv57mCWWvx4UBnVzVyAT bJV7aNQjkUvneMNTaxwH5tQfbDkwGkEpKt8iFza2yBPzhIovFAU6ePim0qnPop4m W43JqfA/QlIQM8FjH2BtBegT7/7rI3Eg97fNLYbW0qxDs57HZZlHtyF4fJZh7Yed R4bRHJS7iXrX/YIoDiWO+giamc1ZjABOI0GFoHUmtPxOcBXVR3ITkthiy6SjqESW ACunjQYKI1MeWjtYSqZjbFxUahkJArWd3Hjph3OAiQMscw59cQV0P5NXKNQWrxaL k96PNuhOin/qRKXWXN9NNqXlRNfqZCNAXVlijgZGkI4Sewh++BIma+e0LIfahzYo yd+TmXE3rzFFrF6Vv016mcpf2d3ZyWoAYgrAc8zuTb/WOTiDsj7TqJSEpmoC/rZY MzQ+pegx7DBdhUmT7fvo =/+pd -----END PGP SIGNATURE----- |
|
|
|
|
|
kseistrup
|
|
May 29, 2011, 06:08:53 PM |
|
[…] and I'll get back to you.
Tip: You can set up a canned response so that a signed email pointing to e.g. your instruction message in this thread is returned automagically to those who send en email with this in the subject and that in the body. Cheers, |
Klaus Alexander Seistrup
|
|
|
Jason Keith
Newbie
Offline
Activity: 24
Merit: 0
|
|
May 29, 2011, 06:30:44 PM |
|
Thanks Klaus. I realised that just as I looked back over what everybody else in the thread seems to have done.  It's 3:30 in the morning here now and I'm gonna get some sleep before I come back and make a bigger fool of myself. Thanks again for the help all. BTW Klaus, I verified and signed your key as well. I"ll get around to everybody else tomorrow. |
|
|
|
|
|
kseistrup
|
|
May 29, 2011, 06:33:31 PM |
|
It's 3:30 in the morning here now and I'm gonna get some sleep before I come back and make a bigger fool of myself.
Hehe, sleep well. 
BTW Klaus, I verified and signed your key as well. I"ll get around to everybody else tomorrow.
Thanks, Jason. Did you upload it as well? I can't seem to find the key with your signature on it… Cheers, |
Klaus Alexander Seistrup
|
|
|
|
