Is anyone still using it? Is it still being developed? Etc. etc. etc.Any update will be appreciated
Full Version: Whatever happened to PGP
Yes, I've been wondering whatever happened to PGP? Is anyone still using it? Is it still being developed? Etc. etc. etc.
Any update will be appreciated
Is anyone still using it? Is it still being developed? Etc. etc. etc.Any update will be appreciated
PGP is commercial since 2002, openPGP is still in developement if you believe wiki
Many applications using OpenPGP are likely still in developement, for example GAIM (uses plug-ins, but there seem to be three different kinds of encryption, at least one OpenPGP).
I don't use PGP tough... never startet using it due to a lack of other PGP-users and a lack of mail-writing in general^^
QUOTE
OpenPGP is still under active developement and a follow-on to RFC 2440 is being actively finalized by the OpenPGP working group as of January 2006.
Many applications using OpenPGP are likely still in developement, for example GAIM (uses plug-ins, but there seem to be three different kinds of encryption, at least one OpenPGP).
I don't use PGP tough... never startet using it due to a lack of other PGP-users and a lack of mail-writing in general^^
Mozilla Thunderbird has a pretty good extention for openPGP called enigmail. It's still being used, after all, it caters to a need.
What happened to it? Idealists and criminals still use it, while most of the average users deem it too complicated or never heard of it, probably.
I think PGP is a great idea but since almost no one has a PGP public key, it's kind of useless to comunicate with average people using PGP encryption.
Anyway...I wouldn't encrypt around 99,9% of the emails I send.
Probably useful for scientists developing bleeding edge technolgies, managers, criminals and politicians.
I have PGP version 7.0.3 installed since ancient times, just in case. Developed in 2001.
Just searched for my old key (1999). Useless to post since it was revoked. Must get a new one
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP Key Server 0.9.6
mQGiBEUMvNQRBADmQLrcfLSikTitpCjGiDK8WZ/D/bEDa1ry/Z+KsMchQ8wtKome
pZpRG+BmJIvr9oE2I+VjJcqQuWBt6SFpsveUdMUOBuMOwd0A2TGeRduaiyCvs6yD
6y/4egiMxOd49ry6si0+ndB4HrKA+HH1t0cilXZruqyyBv1j5We04WcJFQCg/3Ma
mJk0d7W6RFb04vduVdKSFNcD/335dL7+tP/cSiI7/HubnzoPCQw8w98cetUAjXOy
xpdTkohEkGo7tJR1jVQduonU37gy+GwFf7qg94m6NEh9yQg1LM5A+rH9CLHNt4Zl
78pEt9zSsZIOHTR7wlD0pv+3gdfGwhhXCz1xezJDN4v3PUSCwAUjPTxVpCmTEUiJ
2kyZA/9wkPm2fVYjJqTfHmtnn3zvkVo7FbuWHimnJ8VEM/rhYQImq67X1FqDSCBK
vD84ZOKxVUWdFat3oorP7hzbE9F1mdwSbTjnz45oTMBxsDsTMCr0FDy/sXLrhqVb
dUqIS1H9CAtfK7XsaDLM1IarLWHgyAQQzRbuaQhaxFuh3+W0ALQmSm9yZ2UgRGFu
aWVsIE9saXZhIDxqZG9saXZhQGdtYWlsLmNvbT6JAF4EEBECAB4FAkUMvNQFCQvU
RYAICwMJCAcCAQoCGQEFGwMAAAAACgkQ5w2WnJXMlYrNOgCg+FLrfO/oWbACv15w
XZAdmlOp52oAoOIje5jP3MZge6VjAkpemVqPxvFjuQINBEUMvNUQCAD2Qle3CH8I
F3KiutapQvMF6PlTETlPtvFuuUs4INoBp1ajFOmPQFXz0AfGy0OplK33TGSGSfgM
g71l6RfUodNQ+PVZX9x2Uk89PY3bzpnhV5JZzf24rnRPxfx2vIPFRzBhznzJZv8V
+bv9kV7HAarTW56NoKVyOtQa8L9GAFgr5fSI/VhOSdvNILSd5JEHNmszbDgNRR0P
fIizHHxbLY7288kjwEPwpVsYjY67VYy4XTjTNP18F1dDox0YbN4zISy1Kv884bEp
QBgRjXyEpwpy1obEAxnIByl6ypUM2Zafq9AKUJsCRtMIPWakXUGfnHy9iUsiGSa6
q6Jew1XpMgs7AAICB/9xluuhnOBC7TDXtHkI8q2G0T5F0h50R4o9qZoVBmO040HU
fGHkFRLvcTn/FeuMkO/aETlmiHuDAqr/rZPg1XV01574pPHK7f1xlxLFHQifDXr0
1EO7BaaTOCqILh4CwPPPlsm7FJiMW3BNEXcvYLnHwUhUZ2SyMo2QLB/RGEkJUM77
ZsqSkjxIcUEs9Ikg0lpUZVI7lRD4YIsZONCsR1lDl8MRqBHLiSKCKbOxmJQHOHOX
Dm0JZo5n7B1bXM8Oz7+FhBr2lWw1lcPBcofvXu9lFwVerTp+VonJfRpEkcKJp2IN
PcLUWMBFShKu0+P0e5FeeF4E91qGBncO+ancV5Q1iQBSBBgRAgASBQJFDLzVBQkL
1EWABRsMAAAAAAoJEOcNlpyVzJWKk9IAnRMprknlbU9QzdLmG2rY8Q8z4n03AJwN
izNpALwWU6dJEWZjMAzcMfcEZQ==
=QXY+
-----END PGP PUBLIC KEY BLOCK-----
Done!
Anyway...I wouldn't encrypt around 99,9% of the emails I send.
Probably useful for scientists developing bleeding edge technolgies, managers, criminals and politicians
.I have PGP version 7.0.3 installed since ancient times, just in case. Developed in 2001.
Just searched for my old key (1999). Useless to post since it was revoked. Must get a new one
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP Key Server 0.9.6
mQGiBEUMvNQRBADmQLrcfLSikTitpCjGiDK8WZ/D/bEDa1ry/Z+KsMchQ8wtKome
pZpRG+BmJIvr9oE2I+VjJcqQuWBt6SFpsveUdMUOBuMOwd0A2TGeRduaiyCvs6yD
6y/4egiMxOd49ry6si0+ndB4HrKA+HH1t0cilXZruqyyBv1j5We04WcJFQCg/3Ma
mJk0d7W6RFb04vduVdKSFNcD/335dL7+tP/cSiI7/HubnzoPCQw8w98cetUAjXOy
xpdTkohEkGo7tJR1jVQduonU37gy+GwFf7qg94m6NEh9yQg1LM5A+rH9CLHNt4Zl
78pEt9zSsZIOHTR7wlD0pv+3gdfGwhhXCz1xezJDN4v3PUSCwAUjPTxVpCmTEUiJ
2kyZA/9wkPm2fVYjJqTfHmtnn3zvkVo7FbuWHimnJ8VEM/rhYQImq67X1FqDSCBK
vD84ZOKxVUWdFat3oorP7hzbE9F1mdwSbTjnz45oTMBxsDsTMCr0FDy/sXLrhqVb
dUqIS1H9CAtfK7XsaDLM1IarLWHgyAQQzRbuaQhaxFuh3+W0ALQmSm9yZ2UgRGFu
aWVsIE9saXZhIDxqZG9saXZhQGdtYWlsLmNvbT6JAF4EEBECAB4FAkUMvNQFCQvU
RYAICwMJCAcCAQoCGQEFGwMAAAAACgkQ5w2WnJXMlYrNOgCg+FLrfO/oWbACv15w
XZAdmlOp52oAoOIje5jP3MZge6VjAkpemVqPxvFjuQINBEUMvNUQCAD2Qle3CH8I
F3KiutapQvMF6PlTETlPtvFuuUs4INoBp1ajFOmPQFXz0AfGy0OplK33TGSGSfgM
g71l6RfUodNQ+PVZX9x2Uk89PY3bzpnhV5JZzf24rnRPxfx2vIPFRzBhznzJZv8V
+bv9kV7HAarTW56NoKVyOtQa8L9GAFgr5fSI/VhOSdvNILSd5JEHNmszbDgNRR0P
fIizHHxbLY7288kjwEPwpVsYjY67VYy4XTjTNP18F1dDox0YbN4zISy1Kv884bEp
QBgRjXyEpwpy1obEAxnIByl6ypUM2Zafq9AKUJsCRtMIPWakXUGfnHy9iUsiGSa6
q6Jew1XpMgs7AAICB/9xluuhnOBC7TDXtHkI8q2G0T5F0h50R4o9qZoVBmO040HU
fGHkFRLvcTn/FeuMkO/aETlmiHuDAqr/rZPg1XV01574pPHK7f1xlxLFHQifDXr0
1EO7BaaTOCqILh4CwPPPlsm7FJiMW3BNEXcvYLnHwUhUZ2SyMo2QLB/RGEkJUM77
ZsqSkjxIcUEs9Ikg0lpUZVI7lRD4YIsZONCsR1lDl8MRqBHLiSKCKbOxmJQHOHOX
Dm0JZo5n7B1bXM8Oz7+FhBr2lWw1lcPBcofvXu9lFwVerTp+VonJfRpEkcKJp2IN
PcLUWMBFShKu0+P0e5FeeF4E91qGBncO+ancV5Q1iQBSBBgRAgASBQJFDLzVBQkL
1EWABRsMAAAAAAoJEOcNlpyVzJWKk9IAnRMprknlbU9QzdLmG2rY8Q8z4n03AJwN
izNpALwWU6dJEWZjMAzcMfcEZQ==
=QXY+
-----END PGP PUBLIC KEY BLOCK-----
Done!
Well I'm not too keen on encryption... but I may have some need for authentication.
Regarding the users are criminals etc... Christian missionaries in my country used to use PGP for encrypting their emails, because there are elements of the majority religion who are... prejudiced & oppressive toward us. Not all of them, but the wacko's happen to be sitting on strategic positions...
Regarding the users are criminals etc... Christian missionaries in my country used to use PGP for encrypting their emails, because there are elements of the majority religion who are... prejudiced & oppressive toward us. Not all of them, but the wacko's happen to be sitting on strategic positions...
Thanks to the OpenPGP standard complying tools such as PGP and GnuPG are compatible with each other. I use GnuPG in conjunction with the EnigMail plugin for Thunderbird. Recent EnigMail versions include a nice key manager with a GUI. (GnuPG itself is command line only).
GnuPG + EnigMail is really usable for non-geeks, now. But you still have to understand basic cryptographic issues like what's "key trust", "owner trust", "certificate". That's IMHO the big problem. Most people just don't know about these things. (Find yourself a good tutorial!)
This might be interesting. It's an analysis of the "strong key set".
You can import my key from the keyservers. The KeyID is 0x2C46426D and the key's fingerprint is:
8FD0 EAE7 621C DD22 4331 9920 85CD 3657 2C46 426D
Cheers!
GnuPG + EnigMail is really usable for non-geeks, now. But you still have to understand basic cryptographic issues like what's "key trust", "owner trust", "certificate". That's IMHO the big problem. Most people just don't know about these things. (Find yourself a good tutorial!)
This might be interesting. It's an analysis of the "strong key set".
You can import my key from the keyservers. The KeyID is 0x2C46426D and the key's fingerprint is:
8FD0 EAE7 621C DD22 4331 9920 85CD 3657 2C46 426D
Cheers!
Thanks for the pointer SebastianG! Although I *have* downloaded Enigmail before you mentioned it 
Oh, BTW, here's my key ID: 0x837BC9D9
And the signature: 36BE 22A3 185E EAC8 C798 6DFE EFAD 28A9 837B C9D9
Thanks to Enigmail I can now annoy my friends with the PGP-related hoopla's in my email
PS: I've downloaded your public key.
Oh, BTW, here's my key ID: 0x837BC9D9
And the signature: 36BE 22A3 185E EAC8 C798 6DFE EFAD 28A9 837B C9D9
Thanks to Enigmail I can now annoy my friends with the PGP-related hoopla's in my email
PS: I've downloaded your public key.
QUOTE(pepoluan @ Sep 20 2006, 17:44) 
Oh, BTW, here's my key ID: 0x837BC9D9
And the signature: 36BE 22A3 185E EAC8 C798 6DFE EFAD 28A9 837B C9D9
cool!
The remaining problem is still: Can I be sure about that this key really is owned by "Pandu E Poluan"?
This is why keys can be signed and what the web of trust is all about. It may confuse newbies at first. Bit it's crucial to understand.
QUOTE(SebastianG @ Sep 21 2006, 17:18)
QUOTE(pepoluan @ Sep 20 2006, 17:44)
Oh, BTW, here's my key ID: 0x837BC9D9
And the signature: 36BE 22A3 185E EAC8 C798 6DFE EFAD 28A9 837B C9D9
cool!And the signature: 36BE 22A3 185E EAC8 C798 6DFE EFAD 28A9 837B C9D9
The remaining problem is still: Can I be sure about that this key really is owned by "Pandu E Poluan"?
This is why keys can be signed and what the web of trust is all about. It may confuse newbies at first. Bit it's crucial to understand.
Oh, BTW, I signed your key.
QUOTE(pepoluan @ Sep 22 2006, 18:00)
Okay, that's a good question... I think the best way is for you to send me a round-trip ticket to your town and me presenting the key on a flash disk
Don't forget to request an ID. Otherwise I could have faked the name.
QUOTE(pepoluan @ Sep 22 2006, 18:00)
Oh, BTW, I signed your key.
Thanks
... But you certified that the key is owned by someone named Sebastian Gesemann without knowing for sure. We shouldn't cross-sign our keys before we meet in person and see each other's ID.However, we could attend some key signing parties. Who knows, maybe after that there'll be a key trust chain between our keys with 5 hops or something.
Cheers!
QUOTE(SebastianG @ Sep 22 2006, 15:03)
However, we could attend some key signing parties. Who knows, maybe after that there'll be a key trust chain between our keys with 5 hops or something.
And with that, I must now interject and link to a recently slashdotted youtube video:
http://www.youtube.com/watch?v=-xEzGIuY7kw
(and yes I am making assumptions, hopefully this will be taken in the spirit of fun)
-brendan
That reminds me of the movie Office Space. It features some funny scenes with nerds behaving gangster-like (beating up a fax machine with a baseball bat, listening to gangster rap music in the car on the way to work). Man, I've got to see this movie again.
-S
-S
QUOTE(SebastianG @ Sep 23 2006, 02:03)
Thanks ... But you certified that the key is owned by someone named Sebastian Gesemann without knowing for sure. We shouldn't cross-sign our keys before we meet in person and see each other's ID.
Good point... so should I revoke my signature? ... But you certified that the key is owned by someone named Sebastian Gesemann without knowing for sure. We shouldn't cross-sign our keys before we meet in person and see each other's ID.QUOTE(SebastianG @ Sep 23 2006, 02:03)
However, we could attend some key signing parties.
I went to that page, and a page search for "babe", "chick", and "broad" turns up empty... (Well, actually "broad" returns some result... but the results are not what I had in mind
)QUOTE(pepoluan @ Sep 25 2006, 15:01)
Good point... so should I revoke my signature?
Heheh
This is up to you.Of course, I don't mind having your signature in my public key
But If you were known to sign keys without checking the identity no sane person would trust your signatures which would make them (the signatures) worthless.
I think it's worth mentioning what the meaning of "key trust" and "owner trust" is. I talked to quite some people about PGP and this was usually the biggest misunderstanding.
"key trust" tells you how authentic the key looks to you -- meaning how sure you are about the key owner being really the indicated person. This is computed via GnuPG (*). "owner trust" is a trust level you can select as a GnuPG user per key. This specifies how much you trust the key owner to appropriately sign keys (ie only when identity has been verified). When you publicly sign a key a signature along with a your answer to the question "How well have you checked the key's authenticity?" is published. The ower trust settings you make are never published. These settings are private and only affect the way GnuPG computes key trust levels for you and only you.
(*) Any key you signed or created is authentic to you. Any other key K that has been signed by some person S is authentic to you when both of the following conditions hold:
- S's key is authentic to you.
- You trust S to appropriately check the key's authenticity S signs.
Well, I trust your key since as far as I trust HA to not allow anyone hijack your identity
There are Windows front-ends for GnuPG (WinPT and GPA seem to be the two popular ones), and you can download them all from here: http://www.gpg4win.org/
It also includes applications to encryt files, and a stand-alone e-mail program.
pub 1024D/A8A2E975 9/13/2006 Avi <cascandidate@yahoo.com>
Primary key fingerprint: A829 A932 095F 08ED 6CE4 5690 AF6E B6C9 A8A2 E975
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.5 (MingW32)
mQGiBEUIyLsRBADTorUQqopx13+/vz6Sj0B+r+f4Ws1uJU6cSZOAH32eku/pb85c
VY0ufspmkZROnLObx+47bhZi706NGe1h3ler5ifMLezhV6wyYIl5roq/e+x+BL3V
IcwnbQjEna+yuxfWfILgx9mFJOM2UGyIs30RiedI7CWGvo5ZTMGO7AdexwCggWdM
Q75G5hGhrE0amVFFvliN75MD/jpnDkcpeVoixfX2ufuTuBtgnHLoRfg3bAQhPM3e
Mf/y9PHPTevgIHvj2/m6++akDoJ+1+tW0Z0EmoyXzCWi+b5eQxbzWCashMamInN1
hMEFIDOHKHMNJOuRQqFw9s0C3nrp8hQJeqjwSeGJJAPpaLG+yKPhjkVfvPRPR6Yi
dl3OA/47jwP14k7LTHSKCoDDesoUASIdMAIT+4JnmNdSlGZK3K1i7z2W2aVdcGxS
wKysfcTTn+Otv7e64oLMl3Puc8MD0b99ftPnBYb6hEpaCMAIIqTuC3sdPAEBV6W0
h8ETkww6sCl6+vsVzCcO8GCoP0OG4PA+ZAkO/AYPJEZrrSqgZrQcQXZpIDxjYXNj
YW5kaWRhdGVAeWFob28uY29tPohgBBMRAgAgBQJFCMi7AhsDBgsJCAcDAgQVAggD
BBYCAwECHgECF4AACgkQr262yaii6XV7JgCfaP0kUe+8u0Yi0xAIVsGdo78ZMRIA
nRZq71jPVwS0z/cbaUZlPhhaClSNuQQNBEUIyakQEADLjtHJehI0rMB2NzG9kGhw
qssaYmkmM3lHt2q5/TUVlCX5nk7mKc/puXs//cHBfCFuDKe4Lrnwn4MQn8/UdNU0
a2KWykM/ES2fzQ9uV2GbfQ0MtrT80dEfja9Q0jZfuRTqOz0ov2dkBL7Krv0YL0Qa
PUcfuRFUHTKsYsAeVWdVGHAP20l2KO/ExyHPdZwvjm8BQQX/Hj73h7w4wClH31Y+
QAWAUHXMPHHH+1YZs9I5zBhtFEswbuzKBCVKfvV5vJKHqlDFD1dtuk0BTEpgjAds
jZnuNbGhOXlxD0WmxMELZKNhlBR3uJx4PjGE9jYOyvVkcIQ2yv3xf3JzJByNFG1c
zFNUp7kyCuJ7kcreBFmCyG0ukNgWxR/E/5hPNNKa4xECGosqXAJmpIXnlVD83oH6
jIN2NTD0XXm3SH94omNq5CbAuvZMtSpkU028Js8PwUVYeRdErrLQBYqdjjvxvul5
h9McFozR2FedXVtRX4dr0MlFmFedEM/RB1yjv5yOuV6yVW+dCOnGV5pNs4KZ+aNO
3Vs/3hlgR8y8C2o3G6zsRfADMVYYhzGQ26lfA3VIf7ZS8O1cTh/g5+nQ5i7sfPHU
2j41dfvWWibCdmtwXGGGzbQMWHwy/nnCk/9tianqIjP5aHBGDbf+li8eA/L44655
qwliilyCr1EkJcssfxXADwAECxAAvveD/GJL1Xjozh4RV8eUgYA4c69C7oyLQnDW
ciQrV0he3yD3dWiOfIkGOALucgtFitCe1S5CBo3QeSqgNt9WSakWSbXn9oAb1xeI
cjVlUBsOuu6B5Ixk9w3AKgR6n9zvwqEjrmJjW8Cdfy/an4T4uAdQF2t4jkkOK86z
5RidKAhLkN2BcVlfq7IXWsxeeZCaSFadfYuXh84i8R0X3vaabg5gSzfDDi22fRkX
/TJiaVIaZH2HSKtEuhJWbCAYNRBns/Dm77y5M/fpKeg4O5A961MarXUXD2ZzLoHn
FbIETH6KUKJhesPJVt2ukNgH8zJxCnZe6/jMrUZhlVTJa3mTNACndwAqLYni2ljl
AjciJnEhZbAL5s7dxC61PMv+Jvc0ndUWJyy6vCHux8TZFmwFoW6QezSSJkhNURrZ
QhuhUYjRsGr76QWUgkheiX6HKP43e0ut96+QWJgzt2vqN7l9bYOxrtGHnemmwF79
1N/UG+BhWOJs7ZFiZmjIQ9kerjZb5dYtjbF3Aol7zxTQ0bv60rakQa3b9APzi41u
I6dRmcKSNPcWUTbuPEiCGcCDe+Xb39ZAlnyw/wICpCpxu/05mglOkkFoltjRjJk8
h6ekWHnRlrrpXvLE+Ofw69FC5uUpblpYSLD8POA7nIb0JKilf1BuzHfBA8JsSkzf
LhyL4KaISQQYEQIACQUCRQjJqQIbDAAKCRCvbrbJqKLpdc6MAJ425ndKljMU1THY
sqmR4+I13MzNdQCfR+7qkZAFWYj2D7Yj/xE7b7f9xAI=
=zfl3
-----END PGP PUBLIC KEY BLOCK-----
It also includes applications to encryt files, and a stand-alone e-mail program.
pub 1024D/A8A2E975 9/13/2006 Avi <cascandidate@yahoo.com>
Primary key fingerprint: A829 A932 095F 08ED 6CE4 5690 AF6E B6C9 A8A2 E975
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.5 (MingW32)
mQGiBEUIyLsRBADTorUQqopx13+/vz6Sj0B+r+f4Ws1uJU6cSZOAH32eku/pb85c
VY0ufspmkZROnLObx+47bhZi706NGe1h3ler5ifMLezhV6wyYIl5roq/e+x+BL3V
IcwnbQjEna+yuxfWfILgx9mFJOM2UGyIs30RiedI7CWGvo5ZTMGO7AdexwCggWdM
Q75G5hGhrE0amVFFvliN75MD/jpnDkcpeVoixfX2ufuTuBtgnHLoRfg3bAQhPM3e
Mf/y9PHPTevgIHvj2/m6++akDoJ+1+tW0Z0EmoyXzCWi+b5eQxbzWCashMamInN1
hMEFIDOHKHMNJOuRQqFw9s0C3nrp8hQJeqjwSeGJJAPpaLG+yKPhjkVfvPRPR6Yi
dl3OA/47jwP14k7LTHSKCoDDesoUASIdMAIT+4JnmNdSlGZK3K1i7z2W2aVdcGxS
wKysfcTTn+Otv7e64oLMl3Puc8MD0b99ftPnBYb6hEpaCMAIIqTuC3sdPAEBV6W0
h8ETkww6sCl6+vsVzCcO8GCoP0OG4PA+ZAkO/AYPJEZrrSqgZrQcQXZpIDxjYXNj
YW5kaWRhdGVAeWFob28uY29tPohgBBMRAgAgBQJFCMi7AhsDBgsJCAcDAgQVAggD
BBYCAwECHgECF4AACgkQr262yaii6XV7JgCfaP0kUe+8u0Yi0xAIVsGdo78ZMRIA
nRZq71jPVwS0z/cbaUZlPhhaClSNuQQNBEUIyakQEADLjtHJehI0rMB2NzG9kGhw
qssaYmkmM3lHt2q5/TUVlCX5nk7mKc/puXs//cHBfCFuDKe4Lrnwn4MQn8/UdNU0
a2KWykM/ES2fzQ9uV2GbfQ0MtrT80dEfja9Q0jZfuRTqOz0ov2dkBL7Krv0YL0Qa
PUcfuRFUHTKsYsAeVWdVGHAP20l2KO/ExyHPdZwvjm8BQQX/Hj73h7w4wClH31Y+
QAWAUHXMPHHH+1YZs9I5zBhtFEswbuzKBCVKfvV5vJKHqlDFD1dtuk0BTEpgjAds
jZnuNbGhOXlxD0WmxMELZKNhlBR3uJx4PjGE9jYOyvVkcIQ2yv3xf3JzJByNFG1c
zFNUp7kyCuJ7kcreBFmCyG0ukNgWxR/E/5hPNNKa4xECGosqXAJmpIXnlVD83oH6
jIN2NTD0XXm3SH94omNq5CbAuvZMtSpkU028Js8PwUVYeRdErrLQBYqdjjvxvul5
h9McFozR2FedXVtRX4dr0MlFmFedEM/RB1yjv5yOuV6yVW+dCOnGV5pNs4KZ+aNO
3Vs/3hlgR8y8C2o3G6zsRfADMVYYhzGQ26lfA3VIf7ZS8O1cTh/g5+nQ5i7sfPHU
2j41dfvWWibCdmtwXGGGzbQMWHwy/nnCk/9tianqIjP5aHBGDbf+li8eA/L44655
qwliilyCr1EkJcssfxXADwAECxAAvveD/GJL1Xjozh4RV8eUgYA4c69C7oyLQnDW
ciQrV0he3yD3dWiOfIkGOALucgtFitCe1S5CBo3QeSqgNt9WSakWSbXn9oAb1xeI
cjVlUBsOuu6B5Ixk9w3AKgR6n9zvwqEjrmJjW8Cdfy/an4T4uAdQF2t4jkkOK86z
5RidKAhLkN2BcVlfq7IXWsxeeZCaSFadfYuXh84i8R0X3vaabg5gSzfDDi22fRkX
/TJiaVIaZH2HSKtEuhJWbCAYNRBns/Dm77y5M/fpKeg4O5A961MarXUXD2ZzLoHn
FbIETH6KUKJhesPJVt2ukNgH8zJxCnZe6/jMrUZhlVTJa3mTNACndwAqLYni2ljl
AjciJnEhZbAL5s7dxC61PMv+Jvc0ndUWJyy6vCHux8TZFmwFoW6QezSSJkhNURrZ
QhuhUYjRsGr76QWUgkheiX6HKP43e0ut96+QWJgzt2vqN7l9bYOxrtGHnemmwF79
1N/UG+BhWOJs7ZFiZmjIQ9kerjZb5dYtjbF3Aol7zxTQ0bv60rakQa3b9APzi41u
I6dRmcKSNPcWUTbuPEiCGcCDe+Xb39ZAlnyw/wICpCpxu/05mglOkkFoltjRjJk8
h6ekWHnRlrrpXvLE+Ofw69FC5uUpblpYSLD8POA7nIb0JKilf1BuzHfBA8JsSkzf
LhyL4KaISQQYEQIACQUCRQjJqQIbDAAKCRCvbrbJqKLpdc6MAJ425ndKljMU1THY
sqmR4+I13MzNdQCfR+7qkZAFWYj2D7Yj/xE7b7f9xAI=
=zfl3
-----END PGP PUBLIC KEY BLOCK-----
QUOTE(SebastianG @ Sep 26 2006, 04:12)
Of course, I don't mind having your signature in my public key
But If you were known to sign keys without checking the identity no sane person would trust your signatures which would make them (the signatures) worthless.
But If you were known to sign keys without checking the identity no sane person would trust your signatures which would make them (the signatures) worthless.
Just as an aside, the signed key was not uploaded to a keyserver, so the copy of your key I imported still does not have pepoluan's signature on it
QUOTE(Avi @ Oct 5 2006, 09:54)
QUOTE(SebastianG @ Sep 26 2006, 04:12)
Of course, I don't mind having your signature in my public key
But If you were known to sign keys without checking the identity no sane person would trust your signatures which would make them (the signatures) worthless.
Just as an aside, the signed key was not uploaded to a keyserver, so the copy of your key I imported still does not have pepoluan's signature on it But If you were known to sign keys without checking the identity no sane person would trust your signatures which would make them (the signatures) worthless.
Hmm... could it be possible that the servers are not synchronizing with each other?
Losing track with encryption and hashing stuff, how is PGP compared to S/MIME encryption and signing using digital certificates? I am asking because I have a named thawte e-mail certificate.
QUOTE(pepoluan @ Oct 14 2006, 02:53)
QUOTE(Avi @ Oct 5 2006, 09:54)
QUOTE(SebastianG @ Sep 26 2006, 04:12)
Of course, I don't mind having your signature in my public key
But If you were known to sign keys without checking the identity no sane person would trust your signatures which would make them (the signatures) worthless.
Just as an aside, the signed key was not uploaded to a keyserver, so the copy of your key I imported still does not have pepoluan's signature on it But If you were known to sign keys without checking the identity no sane person would trust your signatures which would make them (the signatures) worthless.
Hmm... could it be possible that the servers are not synchronizing with each other?
Nope, I see why. In WinPT, if you do not have the key in your ring the signature does not show. In GPA, it will list the keyID's of sigs, even if they are not in your ring. No worries, you are there.
However, pepoluan, your key is not on the MIT keyserver, but it is on ninsky.surfnet.nl
QUOTE(Sebastian Mares @ Oct 14 2006, 03:10)
Losing track with encryption and hashing stuff, how is PGP compared to S/MIME encryption and signing using digital certificates? I am asking because I have a named thawte e-mail certificate.
This thread from 1997 discusses some of the (non)differences.
http://www.mhonarc.org/archive/html/ietf-o...2/msg00001.html
QUOTE(Sebastian Mares @ Oct 14 2006, 09:10)
Losing track with encryption and hashing stuff, how is PGP compared to S/MIME encryption and signing using digital certificates? I am asking because I have a named thawte e-mail certificate.
It's similar but OpenPGP (RFC 2440) uses its own packetized encoding scheme for all sorts of data (keys, key rings, signatures, encrypted data, ...) instead of those developed by the RSA laboratorries (PKCS #7, RFC 3852).
In addition of converting encrypted messages to gibberish ASCII text and/or include a signature as ASCII text in the main text bocy of EMails, most OpenPGP compliant applications (i.e. GnuPG + EnigMail) support OpenPGP-MIME (RFC2015) as well which sends encrypted data and/or signatures as separate attachments like it's done via S/MIME.
It looks like DVD+R versus DVD-R to me. I guess most applications will eventually support both variants in the future.
QUOTE(SebastianG @ Oct 19 2006, 06:01)
QUOTE(Sebastian Mares @ Oct 14 2006, 09:10)
Losing track with encryption and hashing stuff, how is PGP compared to S/MIME encryption and signing using digital certificates? I am asking because I have a named thawte e-mail certificate.
It's similar but OpenPGP (RFC 2440) uses its own packetized encoding scheme for all sorts of data (keys, key rings, signatures, encrypted data, ...) instead of those developed by the RSA laboratorries (PKCS #7, RFC 3852).
In addition of converting encrypted messages to gibberish ASCII text and/or include a signature as ASCII text in the main text bocy of EMails, most OpenPGP compliant applications (i.e. GnuPG + EnigMail) support OpenPGP-MIME (RFC2015) as well which sends encrypted data and/or signatures as separate attachments like it's done via S/MIME.
It looks like DVD+R versus DVD-R to me. I guess most applications will eventually support both variants in the future.
According to http://www.gnupg.org/ the development version of GPG (1.9 that will be released as 2.0; current stable is 1.4.5) will have S/MIME support built in, so you get the best of both worlds as freeware.
QUOTE(Avi @ Oct 16 2006, 10:59)
However, pepoluan, your key is not on the MIT keyserver, but it is on ninsky.surfnet.nl
Okay, can someone point me to a list of available public global keyservers?QUOTE(pepoluan @ Oct 20 2006, 17:40)
QUOTE(Avi @ Oct 16 2006, 10:59)
However, pepoluan, your key is not on the MIT keyserver, but it is on ninsky.surfnet.nl
Okay, can someone point me to a list of available public global keyservers?Here are some, but not all still work:
http://www.rossde.com/PGP/pgp_keyserv.html#pubserv
http://openpksd.org/kslist.html
http://keyserver.kjsl.com/~jharris/keyserver.html
Good Luck!
QUOTE(pepoluan @ Oct 20 2006, 15:40)
QUOTE(Avi @ Oct 16 2006, 10:59)
However, pepoluan, your key is not on the MIT keyserver, but it is on ninsky.surfnet.nl
Okay, can someone point me to a list of available public global keyservers?There is a list here:
http://www.rossde.com/PGP/pgp_keyserv.html
However, you'd be wasting your time uploading your key to all of them: as I understand it, it will propagate across them, or most of them, anyway. The Global directory seems to be an exception:
http://www.mccune.cc/PGPpage2.htm#Revoke
Of course, you may want to know the addresses of more than one in case the one you usually use is down.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.