• test

    From August Abolins@2:221/360 to All on Thu Jan 2 02:27:10 2020
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    test

    -----BEGIN PGP SIGNATURE-----
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

    iQEzBAEBCAAdFiEE0OsqKVIE8xZ+slA87w6JZVeJWJsFAl4NONkACgkQ7w6JZVeJ WJuM6Qf/SH2d3WYB4KfzXqoZAAa5cf/pzSKl40f7s2jPs9rnw57HOYb8SLAG+ttx 5fpBLO2V3BWyYUXn2bY6KKIiI9gmjXuC9FP2JtkXPeV39LR8yeu2Ea1iWS/AI7jF GPNocdfYGbeOHSsDW/82HYygiT69DbLPUXGLn4ujAzpiHgbRDNqEidtJQdKfEG3z UZfw3L71uZCAK2tnaPTBsBle0y1r1cO+ZzMcBEU3SAOA2MekrJDrpWq1q67Z0ymq UfrN6PtrPlSOjpGg+8Jh1BMr4xXCQwYeTPiZrEO6lduKO2cyIOimlOXO8nJK1vUi U1l/zoz/KMbROMTYeJfdcc0FpWGLaA==
    =8I23
    -----END PGP SIGNATURE-----

    --- Thunderbird 2.0.0.24 (Windows/20100228)
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From Wilfred van Velzen@2:280/464 to August Abolins on Fri Jan 3 12:52:36 2020
    Hi August,

    On 2020-01-02 02:27:10, you wrote to All:

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    test

    -----BEGIN PGP SIGNATURE-----
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

    iQEzBAEBCAAdFiEE0OsqKVIE8xZ+slA87w6JZVeJWJsFAl4NONkACgkQ7w6JZVeJ WJuM6Qf/SH2d3WYB4KfzXqoZAAa5cf/pzSKl40f7s2jPs9rnw57HOYb8SLAG+ttx 5fpBLO2V3BWyYUXn2bY6KKIiI9gmjXuC9FP2JtkXPeV39LR8yeu2Ea1iWS/AI7jF GPNocdfYGbeOHSsDW/82HYygiT69DbLPUXGLn4ujAzpiHgbRDNqEidtJQdKfEG3z UZfw3L71uZCAK2tnaPTBsBle0y1r1cO+ZzMcBEU3SAOA2MekrJDrpWq1q67Z0ymq UfrN6PtrPlSOjpGg+8Jh1BMr4xXCQwYeTPiZrEO6lduKO2cyIOimlOXO8nJK1vUi U1l/zoz/KMbROMTYeJfdcc0FpWGLaA==
    =8I23
    -----END PGP SIGNATURE-----

    wilfred@wilnux5:~/tmp> gpg --verify aug.msg
    gpg: Signature made do 02 jan 2020 01:27:05 CET using RSA key ID 5789589B
    gpg: Can't check signature: No public key

    wilfred@wilnux5:~/tmp> gpg --recv-keys 5789589B
    gpg: requesting key 5789589B from hkp server keys.gnupg.net
    gpgkeys: key 5789589B not found on keyserver
    gpg: no valid OpenPGP data found.
    gpg: Total number processed: 0

    So where can we get your key?

    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From August Abolins@2:221/360 to Wilfred van Velzen on Fri Jan 3 16:07:45 2020
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    On 1/3/2020 6:52 AM, between "Wilfred van Velzen : August Abolins":

    Hello Wilfred!

    wilfred@wilnux5:~/tmp> gpg --verify aug.msg
    gpg: Signature made do 02 jan 2020 01:27:05 CET using RSA key ID 5789589B gpg: Can't check signature: No public key

    wilfred@wilnux5:~/tmp> gpg --recv-keys 5789589B
    gpg: requesting key 5789589B from hkp server keys.gnupg.net
    gpgkeys: key 5789589B not found on keyserver
    gpg: no valid OpenPGP data found.
    gpg: Total number processed: 0

    So where can we get your key?

    I just got started with this. I am not completely familiar how to use OpenPGP/Enigmail.

    The following should be the right key for ID 5789589B

    - -----BEGIN PGP PUBLIC KEY BLOCK-----

    mQENBF4NOFYBCADa6gPUjpNmqWt5V5JehfGduti7TXWtfijFPrxYudCE1jleIlUw vThPsd6pX3o2KR/JkZEHpP9e1tkoUwNdOPUe1+OSkQAnr4BGbquMqE5Y79keRvAE y8CD/CzmioEZ9ij60lcu41ug3BfdDXMfubeld5dLFjsK9QySgjtztPN2m4cTpuuU 9m5bTIS5fhiHimivNgKSK2G1MAJdoR06oSEQ2SGNA8oJHeVuGMCvw/PpexzGUyeP rgmXiTvoTacX59ZuJIybNL/orUSdZmLDXGQWQ4lwmysITEOaJY5jHl3PU6+iNSF4 9L/FNQAYsOTDytzYwTwAxD77/CQI09QK1lrvABEBAAG0LEF1Z3VzdCBBYm9saW5z IDxhdWd1c3RAUl9FX01fT19WX0Vrb2xpY28uY2E+iQFUBBMBCAA+FiEE0OsqKVIE 8xZ+slA87w6JZVeJWJsFAl4NOFYCGyMFCQlmAYAFCwkIBwIGFQoJCAsCBBYCAwEC HgECF4AACgkQ7w6JZVeJWJucNwf+LmtJMmG5KFbB41k6hLXMSAQw0CFD+RFCsOyB HneBQ4cU8wFYSDZPha4giP/TbbiC1WzutO2/C+rfy3k6N1yeFla2/mVY+xGlC9x5 dkHvfkwEKfrAt4OMIAf/5Qrq/t6wjiguYRpDA6hsniDetTxjcvJJLjG4o8DgjkNx fnx4TXLVMosYELZJvEHkdUJwaU8iGZ9Pz9Z9Wpt7aewTV56cPm7tQTIQbEYOq1W8 YS1ASlfvRW0qoofZG7FH62WoCSV10I83QTilEAjtVsw/0chqrpHk1cH/u38xZYAh jGY4ocbCPilxw3mbGYBFScfBWRYYyCpFjkS/tg4QiI5e6G5aprkBDQReDThWAQgA 0kNKgT7LsfDHn7d8Ai599CvunawaEDQHCNXIEdTT0qrnyFmzV4NT2gm+G8rLbhAB wayXgO73LC+03tikuZhR2HFnrkgprP2ZmjZRyaqB4nC7SC9YRm5EwJ//HrYPL7Kz uChT2r0F38cViZxSZFLG8PCwn3P6mIUZrZfhQx3EE2B8sIUlv4b8VMgCp+rKo0aM s1VyBhuieRmChYbH/w1UxFJrdCD0h5mTpIoUgxGVaV/6x23DnAtq+EpKj6n17cdU zpEOMh9a6O5xCpzmBcH9fv0IuKIHI575ktJTIm4Dx4Y/6lEZ+X3QilGXErjDFGjz QRJ6uW5XmUJ0RtmcsmWVWQARAQABiQE8BBgBCAAmFiEE0OsqKVIE8xZ+slA87w6J ZVeJWJsFAl4NOFYCGwwFCQlmAYAACgkQ7w6JZVeJWJtEfwgAr6j/kJsuhJgpO0q+ DZPnrD3wfX97UHsJP3wNvRm0YiZKlNxYOBoUjop1fdyxIDGMAhuHi9WgN208LaAi diEZLaUJtiU+BfewkLjZV4xmt/GHP2TrMUogsrXP1jhkotWEH/TBReNYe+cJ4fcx C3xxheldYbSN9Jf01aowtjXb/7Lbw6RFk1m8tNDS1DDAzthmxBZ1z0PwCRKVho29 3lFvyMCesmbZgYROluCunYHgFQt2Bw4PPodWiHlrdqt4uA0Ptneiy/5Qb1t9qtdc yap1//5Omg+OKAjZJS8sSM40k1M23rKQ+jadqOOLSBAJ/hwXcKtnhWRSDxdw4k8w
    YjG6yA==
    =fbxl
    - -----END PGP PUBLIC KEY BLOCK-----
    -----BEGIN PGP SIGNATURE-----
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

    iQEzBAEBCAAdFiEE0OsqKVIE8xZ+slA87w6JZVeJWJsFAl4PSqoACgkQ7w6JZVeJ WJtviQgAziOcU9rSwJ7L36pN59reZbMfdWLegV5AP4uAxN4c5yie8E2qMXWiGMfl d1MuwlAeTkckRsLE8iNpWx5kfzUICbTUqzCHqaKrc8iT1AnVI6Naen1ZkNEuQcNy xdBvU1uEJfnRkxNJ8Pna4YQI1Mehat2pmyDv/TWGNylfTUhEsumNzTIVPozZnzM7 VUtDpl/KEaU3yIO3vmTHZ+FrRDgJ8MYWbbb/LdWqzN/GgF6QCZheA5XP92vmtmS0 8yjaXwixd8ITOQg0xxV4dj/d8qcQwb9L6IE+RjqLosiynt2fbPuRWZA60K8ZRyOG LSTtElqg3/yY9SvaLUpDRynqN4iPOA==
    =mgJh
    -----END PGP SIGNATURE-----

    --- Thunderbird 2.0.0.24 (Windows/20100228)
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From Wilfred van Velzen@2:280/464 to August Abolins on Fri Jan 3 16:02:18 2020
    Hi August,

    On 2020-01-03 16:07:45, you wrote to me:

    So where can we get your key?

    I just got started with this. I am not completely familiar how to use OpenPGP/Enigmail.

    The following should be the right key for ID 5789589B

    - -----BEGIN PGP PUBLIC KEY BLOCK-----

    I can now verify your message had a correct signature made with this key:

    wilfred@wilnux5:~/tmp> gpg --import aug.key
    gpg: key 5789589B: public key "August Abolins <august@R_E_M_O_V_Ekolico.ca>" imported
    gpg: Total number processed: 1
    gpg: imported: 1 (RSA: 1)
    wilfred@wilnux5:~/tmp> gpg --verify aug.msg
    gpg: Signature made vr 03 jan 2020 15:07:38 CET using RSA key ID 5789589B
    gpg: Good signature from "August Abolins <august@R_E_M_O_V_Ekolico.ca>" [unknown]
    gpg: WARNING: This key is not certified with a trusted signature!
    gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: D0EB 2A29 5204 F316 7EB2 503C EF0E 8965 5789 589B

    The trust thing is sort of an issue. I can't just sign your key (technically I could of course), because I can't verify it's really you. Anyone could login to
    Tommy's nntp server as 'August Abolins'. and "fake" email addresses are also easy to create/get. And since you are not a node we can't even exchange some crash netmails...


    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From August Abolins@2:221/360 to Wilfred van Velzen on Fri Jan 3 18:20:39 2020
    On 03/01/2020 10:02 a.m., Wilfred van Velzen : August Abolins wrote:

    Hello Wilfred!

    I can now verify your message had a correct signature made with
    this key:

    wilfred@wilnux5: ~/tmp> gpg -- import aug.key gpg: key
    5789589B: public key "August Abolins
    <august@R_E_M_O_V_Ekolico.ca>" imported gpg: Total number
    processed: 1 gpg: imported: 1 (RSA: 1) wilfred@wilnux5

    Cool! I still have to learn how to do that here.

    I have used the pgp signing process in the long ago past, but now and I am rusty and have only begun figuring out "the process" to use in this new environment.

    I like the Enigmail/OpenPGP integration in Thunderbird.

    When pgp first came out found, I found it fascinating. I immediately wondered why *wouldn't* anyone want to use it on a regular basic for email exchanges. But at that time, using it required complex extra manual steps - especially for
    decrypting. Looks like this TB/OpenPGP/Enigmail integration can decrypt automatically.

    But email became a horrible monster filled with html codes, graphics, and many fancy things that people have been mesmerized with. It would be too inconvenient to decrypt that each and every time, I guess.

    I think my old public key is still out there. (I have not really looked for it though. I don't remember the servers I used.) The private key is probably still
    on a 3½ diskette, somewhere.


    The trust thing is sort of an issue. I can't just sign your key (technically I could of course), because I can't verify it's
    really you. Anyone could login to Tommy's nntp server
    as 'August Abolins'. and "fake" email addresses are also easy
    to create/get. And since you are not a node we can't even
    exchange some crash netmails...

    Well.. there *is* the email clue above. ;) A few email exchanges, and the analysis of the headers could be one way to get confidence whether the email I claim to use above is really me or suspicious.

    There is still a trust issue in this whole process for sure. At least one other
    person who could actually vouch that I am who I am would be needed.

    W.r.t nntp, another "August Abolins" could come from many different outside systems. True. But since registering on Tommi's system requires human intervention, I don't think he would permit another me to register on his system with exactly the same FN LN. So, technically you could be confident that
    once you grab my public key from here, future correspondences are from "the August Abolins originally seen on Tommi's system." ? :)

    As a minimum, if Tommi were to sign my key, (since my messages are originating on *his* system, and we can be sure that he's the *real deal* operating his *own* system, and I had to be registered manually to have access) then that would be a nice vote of confidence.

    There is another verification process I can suggest. I'll cover that later. And maybe I'll encrypt that message! <G>

    Cheers!
    ../|ug

    --- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From Wilfred van Velzen@2:280/464 to August Abolins on Fri Jan 3 18:27:28 2020
    Hi August,

    On 2020-01-03 18:20:39, you wrote to me:

    I can now verify your message had a correct signature made with
    this key:

    wilfred@wilnux5: ~/tmp> gpg -- import aug.key gpg: key
    5789589B: public key "August Abolins
    <august@R_E_M_O_V_Ekolico.ca>" imported gpg: Total number
    processed: 1 gpg: imported: 1 (RSA: 1) wilfred@wilnux5

    Cool! I still have to learn how to do that here.

    This was done by hand. I exported the message from golded to a file. Imported the key from it, and then did the verify as the commands show...

    I have used the pgp signing process in the long ago past, but now and
    I am rusty and have only begun figuring out "the process" to use in
    this new environment.

    There are configuration lines in my golded config to do gpg/pgp functions, but I can't remember when I last used them. Maybe never...

    I like the Enigmail/OpenPGP integration in Thunderbird.

    When pgp first came out found, I found it fascinating.

    Me too.

    I immediately wondered why *wouldn't* anyone want to use it on a
    regular basic for email exchanges.

    And in fidonet some systems wouldn't allow encrypted routed netmail messages to
    pass their systems... I remember there was a lot of discussion going on about that at the time.

    I think my old public key is still out there. (I have not really
    looked for it though. I don't remember the servers I used.)

    Afaik most key-servers are connected to each other these days, and exchange keys on a regular basis. So if your key is out there, it might be "everywhere".
    ;)

    When I search for "abolins" on my (default) key-server it finds 27 keys as old as from 1994. But none include a mention of "august".

    The private key is probably still on a 3½ diskette, somewhere.

    I have a lot of them still around (mainly Amiga formatted). Haven't tried them in a few decades, and it would surprise me if they are still readable. ;)

    The trust thing is sort of an issue. I can't just sign your key
    (technically I could of course), because I can't verify it's
    really you. Anyone could login to Tommy's nntp server
    as 'August Abolins'. and "fake" email addresses are also easy
    to create/get. And since you are not a node we can't even
    exchange some crash netmails...

    Well.. there *is* the email clue above. ;) A few email exchanges, and
    the
    analysis of the headers could be one way to get confidence whether the email I claim to use above is really me or suspicious.

    It would establish some trust I suppose. ;)

    It would have helped if we already had email exchanges before this conversation
    about keys though! ;)

    There is still a trust issue in this whole process for sure. At least
    one other person who could actually vouch that I am who I am would be needed.

    That would help!

    W.r.t nntp, another "August Abolins" could come from many different outside systems. True. But since registering on Tommi's system
    requires human intervention, I don't think he would permit another me
    to register on his system with exactly the same FN LN. So, technically
    you could be confident that once you grab my public key from here,
    future correspondences are from "the August Abolins originally seen on Tommi's system." ? :)

    As a minimum, if Tommi were to sign my key, (since my messages are originating on *his* system, and we can be sure that he's the *real deal* operating his *own* system, and I had to be registered manually to have access) then that would be a nice vote of confidence.

    That would help. I already have Tommi's key(s):

    wilfred@wilnux5:~/tmp> gpg -kv koivula
    gpg: using PGP trust model
    gpg: NOTE: signature key 2442E762 expired di 03 dec 2019 11:00:00 CET
    gpg: NOTE: signature key 2442E762 expired di 03 dec 2019 11:00:00 CET
    gpg: NOTE: signature key 2442E762 expired di 03 dec 2019 11:00:00 CET
    pub 1024R/2442E762 2015-11-20 [revoked: 2019-12-02]
    uid [ revoked] Tommi Koivula <sysop@f10.n221.z2.fidonet.fi>
    uid [ revoked] Tommi Koivula <sysop@rbb.bbs.fi>
    uid [ revoked] Tommi Koivula <root@tkk.iki.fi>
    sub 1024R/B8627807 2015-11-20 [revoked: 2019-12-02]

    gpg: can't handle public key algorithm 22
    gpg: can't handle public key algorithm 18
    pub 4096R/56CDF35B 2017-10-27 [revoked: 2019-12-29]
    uid [ revoked] Tommi Koivula <tommi@rbb.fidonet.fi>
    uid [ revoked] Tommi Koivula <tommi@fidonet.fi>
    uid [ revoked] Tommi Koivula <tommi.koivula@f10.n221.z2.fidonet.fi>
    sub 4096R/3ECEC94C 2017-10-27 [revoked: 2019-12-29]

    pub 4096R/B1F9FF53 2017-06-16 [expires: 2023-09-10]
    uid [ unknown] Tommi Koivula <0405009611@koivula.iki.fi>
    uid [ revoked] Tommi Koivula <tommi@koivula.iki.fi>
    uid [ unknown] Tommi Koivula <root@koivula.iki.fi>
    uid [ unknown] Tommi Koivula <0407680500@koivula.iki.fi>
    uid [ revoked] Tommi Koivula <o4o5oo9611@elisanet.fi>
    sub 4096R/7289F937 2017-06-16 [expires: 2023-09-10]

    And I can already exchange (crash) netmail with him on a secure binkp connection (we have a link).

    There is another verification process I can suggest. I'll cover that later. And maybe I'll encrypt that message! <G>

    Cliffhanger! ;)

    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From August Abolins@2:221/360 to Wilfred van Velzen on Fri Jan 3 22:02:34 2020
    On 03/01/2020 12:27 p.m., Wilfred van Velzen : August Abolins wrote:

    I think my old public key is still out there. (I have not
    really looked for it though. I don't remember the servers I
    used.)

    The one at MIT (which sounds like where I would have submitted my key) but fails with this:

    --[begin]--
    Proxy Error

    The proxy server received an invalid response from an upstream server.
    The proxy server could not handle the request GET /pks/lookup.

    Reason: Error reading from remote server
    --[end]--

    I didn't expect that from the great MIT.


    Afaik most key-servers are connected to each other these days,
    and exchange keys on a regular basis. So if your key is out
    there, it might be "everywhere".

    Yes.. I notice that keys are now pooled and distributed to other servers. Things have certainly changed since I first started with PGP in the 90's.

    I looked with a few listed here: https://sks-keyservers.net/status/


    When I search for "abolins" on my (default) key-server it finds
    27 keys as old as from 1994. But none include a mention
    of "august".

    Are they *all* from 1994? 1994 sounds about right when I actually submitted to a server. I found about the same number of references to abolins as you at a few random servers from the sks link above. I am surprised that I wouldn't have included my FN. I wonder if the last entry in one of those searches could be it!

    pub 512R/246249F7 1994-02-16

    The DATE and bit size certainly looks right. 1994 is about the last time I actually used pgp. And, I am pretty sure the key signature was small before I learned about the benefits of larger ones.


    The private key is probably still on a 3S diskette, somewhere.

    I have a lot of them still around (mainly Amiga formatted).
    Haven't tried them in a few decades, and it would surprise me
    if they are still readable.


    This is what I did with a bunch of 3 1/2 diskettes a few years ago:

    http://kolico.ca/fidonet/echos/win95/index.html#diskettes



    As an aside: I like the "status" page at https://sks-keyservers.net/status/

    It would be fun to see a similar live version of something like that for the modest 900 IP nodes. ..But I digress.

    Cheers!
    ../|ug

    --- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From Tommi Koivula@2:221/360 to Wilfred van Velzen on Fri Jan 3 22:12:32 2020
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256


    Hi Wilfred.

    03 Jan 20 18:27:28, you wrote to August Abolins:

    There are configuration lines in my golded config to do gpg/pgp functions, but I can't remember when I last used them. Maybe never...

    I have (S)ign function set up in my GoldED. Nothing else. :)

    I like the Enigmail/OpenPGP integration in Thunderbird.

    As August said, Enigmail in Thunderbird is quite nice.

    And in fidonet some systems wouldn't allow encrypted routed netmail messages to pass their systems... I remember there was a lot of discussion going on about that at the time.

    Yes, there was a lot discussion in finnish echos too.

    ,U,ENC. :)

    As a minimum, if Tommi were to sign my key, (since my messages are

    I just signed the key of August. :)

    'Tommi



    -----BEGIN PGP SIGNATURE-----

    iQJFBAEBCAAvFiEESUTEY3HGTj5gd0IrNqcDHlbN81sFAl4PodQRHHRvbW1pQGZp ZG9uZXQuZmkACgkQNqcDHlbN81sjIQ/+PWiGAlGDFMcqXrm7mg51fs3kNEBQ4Pvq KwPuCMLod78kLkJzxtN2NNaYUDrwy89E+4dX+tjRn3Qb4Zcpg5CmbRPaG/EYm2pI /2+3zJxTecVQ99PvYDD7yOc+yPWXxtG01uoLeBoKc++270oZVIyRUlid/ChK4P4j 5h1l+BTWLO6IZrDoPngqLu+M5ZwS3ox9g+TbDD5J2sga5swFKPP6gV9Mg4fv65iT caHQjRNhdUG1+8v5W51qkM1wkBnP5/gkH4s5EpPOS2KhPurx3DYGc+1DdVFwU7Pp Vl9rjVCQMWBUIFTTsapwNIFEox32qSi6wsVW88MSGAvz6qPm9jZRnbBCEoC+VDg1 Hbt0RRLK7V5kuZrSK4R3Ja2YYqg8QIfHG6tVUlPYy+hZbIXB7d6FUJjE4VhHWAB0 5oOz9RuHg0XGbm1PSSTueOL2+tkzRkp9AF3YBA+BztByEzGmJUhovkcCD7/AShQJ DBl95YMMKmEfKsXWNf9XfGDD++ojXZn9Sfy75e7IcPN7a7qA5armenPSxfnq8cMh OtxLYnjGKRxWb0Sh0XkYu2I5fZdexQHdeCm4faxtmpDztrxza6usJ4cPjGv+YQWA +pK8s+/PMNPGLzM3OR+daTWQZsC0IvNXP9iRaHEUv8VhfYHnt8Zd6BnacacrtWmI
    ufoJKqsPeY8=
    =k731
    -----END PGP SIGNATURE-----
    ---
    * Origin: - rbb.fidonet.fi - Finland - (2:221/360)
  • From Wilfred van Velzen@2:280/464 to August Abolins on Fri Jan 3 22:05:57 2020
    Hi August,

    On 2020-01-03 22:02:34, you wrote to me:

    The one at MIT (which sounds like where I would have submitted my key)
    but fails with this:

    --[begin]--
    Proxy Error

    The proxy server received an invalid response from an upstream server.
    The proxy server could not handle the request GET /pks/lookup.

    Reason: Error reading from remote server
    --[end]--

    I didn't expect that from the great MIT.

    I get the same error there...

    Afaik most key-servers are connected to each other these days,
    and exchange keys on a regular basis. So if your key is out
    there, it might be "everywhere".

    Yes.. I notice that keys are now pooled and distributed to other servers. Things have certainly changed since I first started with PGP in the 90's.

    I looked with a few listed here: https://sks-keyservers.net/status/

    You probably got the same results everywhere, because they are all synced. ;)

    When I search for "abolins" on my (default) key-server it finds
    27 keys as old as from 1994. But none include a mention
    of "august".

    Are they *all* from 1994?

    Nope, only the last one.

    This is the list I get:

    https://pgp.surfnet.nl/pks/lookup?search=abolins&fingerprint=on&op=index

    1994 sounds about right when I actually submitted to a server. I
    found about the same number of references to abolins as you at a few random servers from the sks link above. I am surprised that I wouldn't have included my FN. I wonder if the last entry in one of those
    searches could be it!

    pub 512R/246249F7 1994-02-16

    The DATE and bit size certainly looks right. 1994 is about the last time
    I
    actually used pgp. And, I am pretty sure the key signature was small
    before
    I learned about the benefits of larger ones.

    I get that same one in my list, but I don't think it's compatible with modern gpg2 that I use.
    I can import it from the keyserver:

    wilfred@wilnux5:~/tmp> gpg --recv-keys 246249F7
    gpg: requesting key 246249F7 from hkp server keys.gnupg.net
    gpg: key 246249F7: no user ID
    gpg: Total number processed: 1

    But afterwards it can't be listed:

    wilfred@wilnux5:~/tmp> gpg -kv 246249F7
    gpg: using PGP trust model
    gpg: can't handle public key algorithm 22
    gpg: can't handle public key algorithm 18
    gpg: error reading key: No public key

    This is what I did with a bunch of 3 1/2 diskettes a few years ago:

    http://kolico.ca/fidonet/echos/win95/index.html#diskettes

    You have too much time! ;)

    As an aside: I like the "status" page at https://sks-keyservers.net/status/

    It would be fun to see a similar live version of something like that
    for the modest 900 IP nodes. ..But I digress.

    Fun for some, but painfull for others: It would embarrass a lot of hosts, because it would show how bad their segments are maintained in the nodelist...


    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From Wilfred van Velzen@2:280/464 to Tommi Koivula on Fri Jan 3 22:15:16 2020
    Hi Tommi,

    On 2020-01-03 22:12:32, you wrote to me:

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    There are configuration lines in my golded config to do gpg/pgp
    functions, but I can't remember when I last used them. Maybe never...

    I have (S)ign function set up in my GoldED. Nothing else. :)

    You will have to fix that though, because I get:

    wilfred@wilnux5:~/tmp> gpg --verify tommi.msg
    gpg: Signature made vr 03 jan 2020 21:19:32 CET using RSA key ID 56CDF35B
    gpg: Good signature from "Tommi Koivula <tommi@rbb.fidonet.fi>" [unknown]
    gpg: aka "Tommi Koivula <tommi@fidonet.fi>" [unknown]
    gpg: aka "Tommi Koivula <tommi.koivula@f10.n221.z2.fidonet.fi>"
    [unknown]
    gpg: WARNING: This key has been revoked by its owner!
    gpg: This could mean that the signature is forged.
    gpg: reason for revocation: No reason specified
    gpg: WARNING: This key is not certified with a trusted signature!
    gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 4944 C463 71C6 4E3E 6077 422B 36A7 031E 56CD F35B

    ... on this message. So you are using a revoked key!?

    I just signed the key of August. :)

    And where is it? If it's only in your keyring, it's not very usefull for the rest of the world, that you signed it. ;)

    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From Tommi Koivula@2:221/360 to Wilfred van Velzen on Fri Jan 3 23:45:16 2020
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256


    gpg: WARNING: This key has been revoked by its owner!
    gpg: This could mean that the signature is forged.
    gpg: reason for revocation: No reason specified
    gpg: WARNING: This key is not certified with a trusted signature!
    gpg: There is no indication that the signature belongs to the owner.
    Primary key fingerprint: 4944 C463 71C6 4E3E 6077 422B 36A7 031E 56CD F35B

    ... on this message. So you are using a revoked key!?

    Interesting.. Why is GPG using the revoked one, when there is a working one available... Hmm...

    I just signed the key of August. :)

    And where is it? If it's only in your keyring, it's not very usefull
    for the rest of
    the world, that you signed it. ;)

    It should have been uploaded to the keyserver.

    'Tommi

    -----BEGIN PGP SIGNATURE-----

    iQFFBAEBCAAvFiEEQTJnraOsQBoYwCPS0ikymSpvgioFAl4PtiARHHRvbW1pQHJi Yi5iYnMuZmkACgkQ0ikymSpvgipG3gf7BX0gxT/n+klaHU3/Q7wlr6rdPULfwwYH s5UjuMXNY+eudix4C3nR4V9g7vaIOdkPJbLmkwl9P7sNMTUULXhLd/aK0WlHaQr6 11U9RYyQHxhjx7dhxENtDqmUMXAizCwO/YTukK1PjxItz6rsLKKpoJKO6KqcMFGD ZvlFvtMFFCkzBGYk23T+lx5fmYoG4CGpMGhpN6GBsJUtGkwLRWavXwBHfRg32L8s 1lhGmoO4lbG/CBO8q5o9G0eJia8+nddMYQR0Al2FJndwT7oqGrDbji0Y/K3Wtf1t RiKB4x1o6WSfLAbOxcd+x0uJ8UbZ79xTnCL+KJD65nW00q924zl8wQ==
    =kktI
    -----END PGP SIGNATURE-----
    ---
    * Origin: - rbb.fidonet.fi - Finland - (2:221/360)
  • From Wilfred van Velzen@2:280/464 to Tommi Koivula on Fri Jan 3 23:40:34 2020
    Hi Tommi,

    On 2020-01-03 23:45:16, you wrote to me:

    gpg: WARNING: This key has been revoked by its owner!
    gpg: This could mean that the signature is forged.
    gpg: reason for revocation: No reason specified
    gpg: WARNING: This key is not certified with a trusted signature!
    gpg: There is no indication that the signature belongs to the
    owner.
    Primary key fingerprint: 4944 C463 71C6 4E3E 6077 422B 36A7 031E 56CD
    F35B

    ... on this message. So you are using a revoked key!?

    Interesting.. Why is GPG using the revoked one, when there is a working
    one
    available... Hmm...

    I don't know. Maybe it's the default? (Can you set a default key?)

    This one had a valid signature from a valid key.

    I just signed the key of August. :)

    And where is it? If it's only in your keyring, it's not very usefull
    for the rest of
    the world, that you signed it. ;)

    It should have been uploaded to the keyserver.

    Of course! Got it... ;)

    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From August Abolins@2:221/360 to Tommi Koivula on Sat Jan 4 01:58:21 2020
    On 1/3/2020 3:12 PM, between "Tommi Koivula : Wilfred van Velzen":

    And in fidonet some systems wouldn't allow encrypted routed
    netmail messages to pass their systems... I remember there
    was a lot of discussion going on about that at the time.

    Yes, there was a lot discussion in finnish echos too.

    , U, ENC. :)

    How is that supposed to be interpreted? The nodelist just says "node
    accepts inbound encrypted mail". And, is encrypted mail only supported *between* nodes that _both_ have ENC specified?


    As a minimum, if Tommi were to sign my key..
    I just signed the key of August. :)

    Cool. Thanks.

    ../|ug

    --- Thunderbird 2.0.0.24 (Windows/20100228)
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From August Abolins@2:221/360 to Wilfred van Velzen on Sat Jan 4 03:17:03 2020
    On 1/3/2020 4:05 PM, between "Wilfred van Velzen : August Abolins":

    This is the list I get:


    https://pgp.surfnet.nl/pks/lookup?search=abolins&fingerprint=on&op=index

    Thank you for that. Yes, that list looks the same at the other servers
    that I tried. Syncing is working!


    I get that same one in my list, ..
    ..I can import it from the keyserver: ..
    But afterwards it can't be listed: ..

    If my original key has either expired or is no longer compatible with
    the newer PGP since then, that is probably a good thing.


    This is what I did with a bunch of 3 1/2 diskettes a few
    years ago: ..

    You have too much time! ;)

    It was something one could do rather mindlessly while watching TV. I
    actually had another pair of hands helping me. We went through that
    cubic foot of diskettes in less than 3 hours.


    As an aside: I like the "status" page at
    https://sks-keyservers.net/status/

    It would be fun to see a similar live version of something
    like that for the modest 900 IP nodes...But I digress.

    Fun for some, but painfull for others: It would embarrass a
    lot of hosts, because it would show how bad their segments
    are maintained in the nodelist...

    The squeaky wheel gets the grease. <g>

    There is another one that I first mentioned in FUTURE4FIDO in April:

    https://fido.net.wisc.edu/

    A version for Fidonet IP/BBS network status would be very cool. But I digress..

    ../|ug

    --- Thunderbird 2.0.0.24 (Windows/20100228)
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From August Abolins@2:221/1.58 to Wilfred van Velzen on Sat Jan 4 00:45:00 2020
    Hello Wilfred!

    ** 03.01.20 - 16:07, August Abolins wrote to Wilfred van Velzen:

    wilfred@wilnux5:~/tmp> gpg --verify aug.msg
    gpg: Signature made do 02 jan 2020 01:27:05 CET using RSA key ID 5789589B
    gpg: Can't check signature: No public key

    The following should be the right key for ID 5789589B

    - -----BEGIN PGP PUBLIC KEY BLOCK-----

    mQENBF4NOFYBCADa6gPUjpNmqWt5V5JehfGduti7TXWtfijFPrxYudCE1jleIlUw
    vThPsd6pX3o2KR/JkZEHpP9e1tkoUwNdOPUe1+OSkQAnr4BGbquMqE5Y79keRvAE


    I am going to have to scrap the key for ID 5789589B above. I did not realize that the email address that I needed to configure in OpenPGP
    should not be padded like I had it done as "august@R_E_M_O_V_Ekolico.ca"

    When I tried to actually send a message, Thunderbird was looking for a matching "august@R_E_M_O_V_Ekolico.ca" account.

    What a friggin learning curve.


    ../|ug

    --- OpenXP 5.0.42
    * Origin: /|ug's Point, Ont. CANADA (2:221/1.58)
  • From Tommi Koivula@2:221/360 to Wilfred van Velzen on Sat Jan 4 10:04:46 2020
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256


    On 04.01.2020 0:40, Wilfred van Velzen wrote:

    ... on this message. So you are using a revoked key!?

    Interesting.. Why is GPG using the revoked one, when there is a working
    one
    available... Hmm...

    I don't know. Maybe it's the default? (Can you set a default key?)

    In Golded setup I could use the exact fingerprint to choose the key instead of using the email address. "gpg.exe -o @file -u "tommi@fidonet.fi" --clearsign @tmpfile" apparently picked up the first one in the ring. The revoked one.

    This one had a valid signature from a valid key.

    Good.

    I just signed the key of August. :)

    And where is it? If it's only in your keyring, it's not very usefull
    for the rest of the world, that you signed it. ;)

    It should have been uploaded to the keyserver.

    Of course! Got it... ;)

    :)

    'Tommi


    -----BEGIN PGP SIGNATURE-----

    iQEzBAEBCAAdFiEE+hnho0Ro0laqZGpRFRvBesy+vdcFAl4QRx8ACgkQFRvBesy+ vdfR2gf/d7VV+DW/FbiyMyc7ZwPalNVUNzxj6n3MZ36qN6nZ43H6jisU156ofzQr rx9S6F9gM37D1qBax7DKY5UAXW5+iXbO14fnnKkZ84BuvVPhnDx+I4MO+xS/TB9n 1ZcjvP7IeCpj3Q4xHCVKTo9JdagDgdgBxyLqEWhLt3zRdtXrK+eb4el5EjQmXlau 7wF0yCFjVemvtlTsHksIm5qPqtkp2f4sf7MtWNy7Iuka+6EboCpYxICoCZe4IYMw X7SF053tn6206w4APjwUlRXI6zjFivukGCxQUHNLyC2Hjwd827Hvp7M9i6GQajUG B5s548qnJ84nbqGjHBq3SmQ792Da3A==
    =/0jo
    -----END PGP SIGNATURE-----

    --- Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:68.0) Gecko/20100101 Thunderbird/68.3.1
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From Tommi Koivula@2:221/360 to August Abolins on Sat Jan 4 10:15:34 2020
    On 04.01.2020 1:58, August Abolins : Tommi Koivula :

    And in fidonet some systems wouldn't allow encrypted routed
    netmail messages to pass their systems... I remember there
    was a lot of discussion going on about that at the time.

    Yes, there was a lot discussion in finnish echos too.

    ,U,ENC. :)

    How is that supposed to be interpreted? The nodelist just says "node
    accepts inbound encrypted mail". And, is encrypted mail only supported *between* nodes that _both_ have ENC specified?

    There is no nodelist flag that tells NOT to accept encrypted mail.

    So my node will accept encrypted mail and will forward it but you cannot know how the next hop treats it.

    Please test. :D

    'Tommi

    --- Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:68.0) Gecko/20100101 Thunderbird/68.3.1
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From August Abolins@2:221/360 to Wilfred van Velzen on Sat Jan 4 18:08:53 2020
    On 03/01/2020 10:02 a.m., Wilfred van Velzen : August Abolins wrote:

    Hello Wilfred,

    The following should be the right key for ID 5789589B

    I am going to have to scrap the key for ID 5789589B above. I did
    not realize that the email address that I needed to configure in
    OpenPGP should not be padded like I had it done
    as "august@R_E_M_O_V_Ekolico.ca"

    Actually, since the key is signed now, it could still serve a purpose. I also noticed that it was published on one of the servers. I found it in at pgpkeys.co.uk. Since it bears Tommi's validation, I'll keep it, add a non-padded version of my email, see how to work this whole thing.

    --- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From Wilfred van Velzen@2:280/464 to August Abolins on Sat Jan 4 17:26:19 2020
    Hi August,

    On 2020-01-04 03:17:03, you wrote to me:

    If my original key has either expired or is no longer compatible with
    the newer PGP since then, that is probably a good thing.

    Yep.

    Btw: I'm using 'gpg' (2), which I think is more or less the standard software on linux to do (open)pgp stuff with.

    There is another one that I first mentioned in FUTURE4FIDO in April:

    https://fido.net.wisc.edu/

    What is that supposed to show? It seems like a bunch of random "info" to me...


    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From Wilfred van Velzen@2:280/464 to August Abolins on Sat Jan 4 17:31:04 2020
    Hi August,

    On 2020-01-04 00:45:00, you wrote to me:

    The following should be the right key for ID 5789589B

    I am going to have to scrap the key for ID 5789589B above. I did not realize that the email address that I needed to configure in OpenPGP should not be padded like I had it done as
    "august@R_E_M_O_V_Ekolico.ca"

    It's not necessary to "scrap" a key, just because the "uid" (user ID) is no longer relevant.

    You can add additional (new) uid's, you can delete uid's (but that won't remove
    them from keys on keyservers), and you can revoke uid's.

    For instance my 9611AC4F key (which is on the keyservers), has 3 active uid's (with current email addresses), and 3 revoked uid's (with email address I no longer use)...

    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From August Abolins@2:221/360 to Wilfred van Velzen on Sat Jan 4 19:37:35 2020
    On 04/01/2020 11:31 a.m., Wilfred van Velzen : August Abolins wrote:


    It's not necessary to "scrap" a key, just because the "uid"
    (user ID) is no longer relevant.

    You can add additional (new) uid's, you can delete uid's (but
    that won't remove them from keys on keyservers), and you can
    revoke uid's.

    I am not sure I can tie a proper (non-padded) email address to the one I
    messed up with the program I am using. I'm pretty new to the process. I
    have to figure out the right rhythm and steps.

    If you were to create an email to me using my current key, would you
    have to remove the R_E_M_O_V_E part manually each and every time?


    For instance my 9611AC4F key (which is on the keyservers), has
    3 active uid's (with current email addresses), and 3 revoked
    uid's (with email address I no longer use)...

    Yes, I pulled that one down. It has 5 "Also known as" email addresses.

    Key management could be a nightmare across multiple devices.

    It's pretty neat that I can look up old friends and check the properties
    of the keys.

    --- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From August Abolins@2:221/360 to Wilfred van Velzen on Sat Jan 4 20:08:43 2020
    On 04/01/2020 11:26 a.m., Wilfred van Velzen : August Abolins wrote:

    Btw: I'm using 'gpg' (2), which I think is more or less the
    standard software on linux to do (open)pgp stuff with.

    Hello Wilfred!

    It is a very smart inclusion in linux. But I'll stick with a Windows
    offering. The Enigmail version, as an Add-On for Thunderbird, seems to
    be a smooth integration. The only thing I can't seem to check is which
    PGP version my Enigmail/GnuPG-generated key is using. But the linux
    tool can do that.

    I first installed Enigmail on an XP pc with an older Thunderbird v24.
    The default server searches don't seem to work. But it looks like I can
    pick different ones.

    I just installed Enigmail on my Win7 pc (from which this message
    originates). The default server options for searches are different, but
    one of them works! I'll have to see if I can use the same server on the
    other pc.


    https://fido.net.wisc.edu/

    What is that supposed to show? It seems like a bunch of
    random "info" to me...

    Oh no! They removed the dog with the wagging tail! :(

    It reports the status of various IP devices, computers, alarms, and
    sensors all over their campus in real time.

    --- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From Wilfred van Velzen@2:280/464 to Tommi Koivula on Sat Jan 4 18:47:11 2020
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Hi Tommi,

    On 2020-01-04 10:04:46, you wrote to me:

    I don't know. Maybe it's the default? (Can you set a default key?)

    In Golded setup I could use the exact fingerprint to choose the key instead of using the email address. "gpg.exe -o @file -u "tommi@fidonet.fi" --clearsign @tmpfile" apparently picked up the first one in the ring. The revoked one.

    This one had a valid signature from a valid key.

    Good.

    Checking if my golded signing configuration works... ;)

    Bye, Wilfred.

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2

    iQIcBAEBAgAGBQJeEM+bAAoJEDuzfahKl5MrlYAQAI7o25SMQd5kVh3uz1UEpl1n kwt6S18ic4WHMN9b3gd+U9PdCTcKvOOuxgl/LoAfw1Re3ECfn+9GGXjj/ABDaZAS 8V5cJfsDmw5mxf/7TGk1N087FFeA09/Pd83RRPUQibI+JE8ZfSq60I0D0yURTm9J iDiR8SV+ZJQ2JALOh/GiQLZwtau18/uHCUSIRxCEQ7zTJOq9rpPPggiHV8vK0plG +eGAwo0Oij73MK+039f6sBjlmCIBU90JFedEEZQiWbGWUHAmhEiVMp+ZZmc0/9mg WEU7KmYEPw11AzHRFxTnQzIn73iPpCpIVOUcAw1EWhoav1dfvHywbYU+rtcDwuyP i2j9+sewN/uwjyyJLeWvFP4xtJm6roAsEpjvilUhyX7q3vvaO+R0ZiBjS68Jxh2Y N37sNjb7VhONhvBe478+YAmjZCeW9oUoaA1kjAoZQZ6sVnAHbuhxzL4KJgxuYspO fvu1f034Ys1B7QXV8Kknzgi8mT433kmYr2q+5M5ranR7ajS+oOWEq5jCzvg6MPUA qvC7HfoRX2qFwYcUuxR3Iniy3hbHZdeTA/ZsV6AJ9aCNb0u2ZjGAaEiKZuTVaejB 8U1XRYehQHsSk+XJn6msqxEKag3ycc7kqWD7QOAjtyrv8soYLxs0g48KE3TEtMzw LSdVYNM7ahTN7XMVWsT6
    =uWMu
    -----END PGP SIGNATURE-----
    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From Wilfred van Velzen@2:280/464 to Tommi Koivula on Sat Jan 4 19:11:35 2020
    Hi Tommi,

    On 2020-01-04 10:04:46, you wrote to me:

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    I'm wondering why yours uses SHA256 and mine uses SHA1. SHA1 is the more compatibel one with older versions, but is less secure...

    I don't know. Maybe it's the default? (Can you set a default key?)

    In Golded setup I could use the exact fingerprint to choose the key
    instead
    of using the email address. "gpg.exe -o @file -u "tommi@fidonet.fi" --clearsign @tmpfile" apparently picked up the first one in the ring. The revoked one.

    Just found the --default-key option. ;)

    I have this in my ~/.gnupg/gpg.conf file:

    # If you have more than 1 secret key in your keyring, you may want to
    # uncomment the following option and set your preferred keyid.

    default-key 3BB37DA84A97932B

    The man page says this:

    --default-key name
    Use name as the default key to sign with. If this option is not used, the default key is the first key found in the secret keyring. Note
    that -u or --local-user overrides this option.


    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From Wilfred van Velzen@2:280/464 to August Abolins on Sat Jan 4 19:30:15 2020
    Hi August,

    On 2020-01-04 19:37:35, you wrote to me:

    It's not necessary to "scrap" a key, just because the "uid"
    (user ID) is no longer relevant.

    You can add additional (new) uid's, you can delete uid's (but
    that won't remove them from keys on keyservers), and you can
    revoke uid's.

    I am not sure I can tie a proper (non-padded) email address to the one I messed up with the program I am using.

    What program are you using?

    And you should be able to! ;)

    I'm pretty new to the process. I have to figure out the right rhythm
    and steps.

    If you were to create an email to me using my current key, would you
    have to remove the R_E_M_O_V_E part manually each and every time?

    I have no clue, I have never tried sending an encrypted email. ;)

    For instance my 9611AC4F key (which is on the keyservers), has
    3 active uid's (with current email addresses), and 3 revoked
    uid's (with email address I no longer use)...

    Yes, I pulled that one down. It has 5 "Also known as" email addresses.

    Key management could be a nightmare across multiple devices.

    It shouldn't. Just publish your keys to a key-server, and pull in what you need
    on other devices... Although private keys of course can't be pushed to a key-server and will have to be exchanged using whatever suites you...

    It's pretty neat that I can look up old friends and check the
    properties of the keys.

    Indeed. ;)

    But are those older keys still usable? I have two keys from 1993, I no longer remember the passwords for. :-(
    But they aren't on the keyservers afaik, so nobody will be tempted to use them.
    ;)

    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From Tommi Koivula@2:221/360 to Wilfred van Velzen on Sat Jan 4 22:16:54 2020
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256


    On 04.01.2020 19:47, Wilfred van Velzen : Tommi Koivula wrote:

    Checking if my golded signing configuration works... ;)

    Works ok! However, using Thunderbird as a fidonet client does not show
    your from: name as it should. But it works. ;)

    'Tommi



    -----BEGIN PGP SIGNATURE-----

    iQEzBAEBCAAdFiEEQTJnraOsQBoYwCPS0ikymSpvgioFAl4Q8rEACgkQ0ikymSpv giruOwf/cWXutYJ3K3UVfQ3YSxgOTcE91rXATYTm4Mbgm6wdkaJNnDyg8S7rwtf4 anF6l7IExq89aYVi0qMgyunFHWfLTUCwl6dvxwZOIQ0tXR+cXoxmatF320vwpc51 2y7iSNaBmgal+xfuGHgrVPiMnjzBrKW8o5l5cGCpHaTxlUtDiQpXRA6lQYTcz9H3 kJ0EGAm2VW6XepDMdLHxG3Kw6VrNLKRjpry36PrDGhpDVrgyjEj5Qf0MGaCLpCys LC4WcQZxMDM3rjqqV61NDXfM20No8QfnFFZCQSBmateXHG8Ug6kIkTg2ZsKssrfu W6vVeZ7Cj86/RU9JLClPr0V6bZkJ7w==
    =YB70
    -----END PGP SIGNATURE-----

    --- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.3.1
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From Tommi Koivula@2:221/360 to Wilfred van Velzen on Sat Jan 4 22:22:45 2020
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256


    On 04.01.2020 20:11, Wilfred van Velzen : Tommi Koivula wrote:

    -----BEGIN PGP SIGNED MESSAGE----- TK> Hash: SHA256

    I'm wondering why yours uses SHA256 and mine uses SHA1. SHA1 is the
    more compatibel one with older versions, but is less secure...

    Hmm.. No idea..

    Just found the --default-key option. ;)

    I did it too!

    I have this in my ~/.gnupg/gpg.conf file:

    Googled also this one. :)

    The "--default-key" way works better in my Win/OS2 LAN, where I can
    access the same Golded from different workstations.

    Next I need to set it up in my Ubuntu system. ;)

    'Tommi


    -----BEGIN PGP SIGNATURE-----

    iQEzBAEBCAAdFiEEQTJnraOsQBoYwCPS0ikymSpvgioFAl4Q9BAACgkQ0ikymSpv gipNNwf+JP4m9tX8hUNACVBttVj6Ely1Ov625g4zUwrN/8g1nITYXMbJOhnRspJM X7oNyxlsyG7otWEBrqisbND3CBqak1o2Yh5pIREXEgzkUGex+FjGQgBLJ56tk+8X Uy0mRVGVnY79von2tNVOnQibuDwrHaGOdWSkfU8QiYM9pgm2vSrUHUpo48WZeGhF lAjl8OU+snTFWyN/DgLbh8l1JLsPxvGXiZz+Dy8HxBfJjhwqp6G66g3mTEgSfwe4 QhqQ3XtMHkOe8MVWrPmOkhnt4qWrxj5H9s+dZOUsUXchSWtSnpWVJt2BfwushCov R1zkVt33spUZit8ofd96knxA9QrBtw==
    =zMwa
    -----END PGP SIGNATURE-----

    --- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.3.1
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From Tommi Koivula@2:221/360 to August Abolins on Sat Jan 4 22:27:55 2020
    On 04.01.2020 19:37, August Abolins : Wilfred van Velzen :

    Key management could be a nightmare across multiple devices.

    I export my secret keys to a "home" directory in my LAN, and then I can
    import them to any workstation.

    Enigmail is a nice tool, as well as kleopatra of gpg4win package.

    'Tommi

    --- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.3.1
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From Wilfred van Velzen@2:280/464 to August Abolins on Sat Jan 4 21:57:12 2020
    Hi August,

    On 2020-01-04 20:08:43, you wrote to me:

    Btw: I'm using 'gpg' (2), which I think is more or less the
    standard software on linux to do (open)pgp stuff with.

    It is a very smart inclusion in linux. But I'll stick with a Windows offering. The Enigmail version, as an Add-On for Thunderbird, seems
    to be a smooth integration. The only thing I can't seem to check is
    which PGP version my Enigmail/GnuPG-generated key is using. But the
    linux tool can do that.

    You could for instance add: https://www.gpg4win.org/ to your windows setup, so you have a decent key management tool...

    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From Wilfred van Velzen@2:280/464 to Tommi Koivula on Sat Jan 4 21:58:53 2020
    Hi Tommi,

    On 2020-01-04 22:16:54, you wrote to me:

    Checking if my golded signing configuration works... ;)

    Works ok! However, using Thunderbird as a fidonet client does not show your from: name as it should. But it works. ;)

    Cool!

    Good to know it works. (But I won't be signing every message by default ;))

    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From Wilfred van Velzen@2:280/464 to Tommi Koivula on Sat Jan 4 22:00:27 2020
    Hi Tommi,

    On 2020-01-04 22:22:45, you wrote to me:

    -----BEGIN PGP SIGNED MESSAGE----- TK> Hash: SHA256

    I'm wondering why yours uses SHA256 and mine uses SHA1. SHA1 is the
    more compatibel one with older versions, but is less secure...

    Hmm.. No idea..

    You don't have anything in you gpg.conf ? Maybe thunderbird forces it?

    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From August Abolins@2:221/360 to Tommi Koivula on Sat Jan 4 23:09:17 2020
    On 04/01/2020 3:27 p.m., Tommi Koivula : August Abolins wrote:

    Key management could be a nightmare across multiple devices.

    I export my secret keys to a "home" directory in my LAN, and
    then I can import them to any workstation.

    I might like to use it from a laptop that I carry around, and from a
    desktop at another location. I guess I can delegate the laptop as my
    "home". I usually have the laptop with me wherever I go anyway.

    I wouldn't want to store keys on a USB though. I lost a USB (fell off my keychain!) last year. Among other files, I had an MS Access database
    copy on it, and lo an behold, a resourceful person actually explored the details and extracted credit card info from the .accdb file. I noticed
    the unusual charges pretty much right away, but all was taken care of well.

    Meanwhile, I found a PGP app for my Blackberry. Getting the secret keys
    to it in a secure way are a bit tricky though. But once done, I should
    be fine for several years.


    Enigmail is a nice tool, as well as kleopatra of gpg4win
    package.

    It is absolutely amazing that a simple add-on can introduce a nice new
    feature to TB.

    I am having trouble signing this message! Enigmail is sending me in a loop!

    ../|ug

    --- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From Tommi Koivula@2:221/1 to Wilfred van Velzen on Sat Jan 4 23:08:50 2020
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256


    04 Jan 20 22:00, Wilfred van Velzen wrote to Tommi Koivula:

    Hi Tommi,

    On 2020-01-04 22:22:45, you wrote to me:

    -----BEGIN PGP SIGNED MESSAGE----- TK> Hash: SHA256

    I'm wondering why yours uses SHA256 and mine uses SHA1. SHA1 is the
    more compatibel one with older versions, but is less secure...

    Hmm.. No idea..

    You don't have anything in you gpg.conf ?

    Nope. Maybe it is how the key was initially created?

    Maybe thunderbird forces it?

    I don't think so...

    I'll sign this one with Golded.

    'Tommi


    -----BEGIN PGP SIGNATURE-----

    iQFFBAEBCAAvFiEEQTJnraOsQBoYwCPS0ikymSpvgioFAl4Q/0oRHHRvbW1pQHJi Yi5iYnMuZmkACgkQ0ikymSpvgiqwUAgAmjRIGH7yG4TrQCDafDksLeMVe0Xm/YyW VmGN5LIJ42znECV6RLsxo+JuxFqbOxru+QTstqUzjIkuNWKvSpNkOVx+pMN+BSXz kAfy1WTbr7jmA+i1k9wnWyAbMobPffpgIK4TGRi2MGqRFEBzFOXNH2tVAhDVSXe3 y3yIMw7EkHnMFv39S8RBdVyJZ/5N2WPCMd6T5ub+TeAVudOqn8OThw9R04AkMBsx HgddGQIdJt4GSWCWeWyRAItENfKV1QmiaX89dAWQCs8xggwrXew75OvGEKk+yffT tfdEFmcwKBo/u7VzvWQc8jbwiez2+tHi6mNXwdcLM+2GkY1ZR6xywA==
    =lvUq
    -----END PGP SIGNATURE-----
    ---
    * Origin: 2001:470:1f15:cb0:f1d0:2:221:1 (2:221/1)
  • From August Abolins@2:221/360 to Tommi Koivula on Sat Jan 4 23:28:04 2020
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256


    I'll sign this one with Golded.

    'Tommi

    Hi Tommi, Enigmail is reporting the following for your previous message:

    Enigmail Security Info Part of the message signed Unverified signature
    Public key D22932992A6F822A used to verify signature BAD signature
    from Tommi Koivula <tommi@fidonet.fi>

    Why would it be BAD?






    -----BEGIN PGP SIGNATURE-----

    iQEzBAEBCAAdFiEE0OsqKVIE8xZ+slA87w6JZVeJWJsFAl4RA14ACgkQ7w6JZVeJ WJv41wf/fOkkUiiP+5Ef6VoeCnnj7DkyeXO+jXZpUjbDzP0oA2TpFV6c8RSuaGwx p5NEKp23LEpLsfZur0A6LugGM2XrvH512kDViNre4MHz4xskTbioLiMV9FDefdxP jIcy8letr5RQB73XP/+lNkmnFO7Sqgrij3OLDdLIvL+ElElVr4/7SB5oBHjXDszQ Q8joYb1H1gFAtXdkI4DIHforpTnUA90NTZ5UJh88dnA3Sp/OStUA5CkfCrOy7Bia ZpEUea0FIUxH+DJJnhROjDV2JyGEBCPu68jMBHN6AM//d0Yo85ny0Ikb/x8xOBNU qD9A0oKMWrhFBg2kNo/X7BHmqAA/Qw==
    =RG4n
    -----END PGP SIGNATURE-----

    --- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From Tommi Koivula@2:221/360 to August Abolins on Sat Jan 4 23:36:29 2020

    On 4.1.2020 23:28, August Abolins : Tommi Koivula wrote:

    I'll sign this one with Golded.

    'Tommi

    Hi Tommi, Enigmail is reporting the following for your previous message:

    Enigmail Security Info Part of the message signed Unverified signature
    Public key D22932992A6F822A used to verify signature BAD signature
    from Tommi Koivula <tommi@fidonet.fi>

    Why would it be BAD?

    I'm not sure but it may be because of the way how JamNNTPd shows the
    From: field.

    'Tommi

    --- Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:68.0) Gecko/20100101 Thunderbird/68.3.1
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From August Abolins@2:221/360 to Tommi Koivula on Sat Jan 4 23:51:53 2020
    On 04/01/2020 4:36 p.m., Tommi Koivula : August Abolins wrote:

    Enigmail Security Info Part of the message signed Unverified signature
    Public key D22932992A6F822A used to verify signature BAD signature
    from Tommi Koivula <tommi@fidonet.fi>

    Why would it be BAD?

    I'm not sure but it may be because of the way how JamNNTPd shows the
    From: field.

    Looking at your key, it is not signed by anyone else. Could that be
    what is meant by unverified?

    Did my recent nntp signed messages verify at your side?

    ../|ug

    --- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From August Abolins@2:221/360 to Tommi Koivula on Sun Jan 5 00:12:58 2020
    On 04/01/2020 4:36 p.m., Tommi Koivula : August Abolins wrote:

    Enigmail Security Info Part of the message signed Unverified signature
    Public key D22932992A6F822A used to verify signature BAD signature
    from Tommi Koivula <tommi@fidonet.fi>

    Why would it be BAD?

    I'm not sure but it may be because of the way how JamNNTPd shows the
    From: field.

    More info:

    This message that you wrote here..

    X-JAM-From: Tommi Koivula <2:221/360.0>
    X-JAM-To: Wilfred van Velzen
    X-JAM-MSGID: 2:221/360.0 5e10f2b2
    X-JAM-REPLYID: 2:280/464 5e10cfa1
    --- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101
    Thunderbird/68.3.1
    + Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

    ...reports GOOD:

    Enigmail Security Info Part of the message signed Good signature from
    Tommi Koivula <tommi@fidonet.fi> Key ID: 0x413267ADA3AC401A18C023D2D22932992A6F822A / Signed on: 01/04/20, 3:16
    PM Key fingerprint: 4132 67AD A3AC 401A 18C0 23D2 D229 3299 2A6F 822A
    Used Algorithms: RSA and SHA256

    But, you used a different system and editor for the one that reports BAD:

    + Origin: 2001:470:1f15:cb0:f1d0:2:221:1 (2:221/1)
    ..using GoldED


    Maybe that is a clue.

    --- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From Wilfred van Velzen@2:280/464 to August Abolins on Sat Jan 4 23:42:24 2020
    Hi August,

    On 2020-01-04 23:09:17, you wrote to Tommi Koivula:

    Meanwhile, I found a PGP app for my Blackberry. Getting the secret
    keys to it in a secure way are a bit tricky though.

    If you used decent passwords for the secret keys, it doesn't matter if the files fall in the wrong hands...

    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From Wilfred van Velzen@2:280/464 to Tommi Koivula on Sat Jan 4 23:45:05 2020
    Hi Tommi,

    On 2020-01-04 23:08:50, you wrote to me:

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    You don't have anything in you gpg.conf ?

    Nope. Maybe it is how the key was initially created?

    I don't think the hash used has anything to do with your key.

    Maybe thunderbird forces it?

    I don't think so...

    I'll sign this one with Golded.

    Still SHA256. It might have to do with the gpg version you are using. Mine is somewhat older:

    # gpg --version
    gpg (GnuPG) 2.0.24
    libgcrypt 1.6.1
    ...

    Maybe the default hash algorithme has change in newer versions?

    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From Wilfred van Velzen@2:280/464 to August Abolins on Sat Jan 4 23:51:46 2020
    Hi August,

    On 2020-01-04 23:28:04, you wrote to Tommi Koivula:

    I'll sign this one with Golded.

    'Tommi

    Hi Tommi, Enigmail is reporting the following for your previous message:

    Enigmail Security Info Part of the message signed Unverified signature Public key D22932992A6F822A used to verify signature BAD signature
    from Tommi Koivula <tommi@fidonet.fi>

    Why would it be BAD?

    I'm getting a good signature on Tommy's message:

    gpg: Signature made za 04 jan 2020 22:10:34 CET using RSA key ID 2A6F822A
    gpg: Good signature from "Tommi Koivula <tommi@rbb.fidonet.fi>" [unknown]
    gpg: aka "Tommi Koivula <tommi@fidonet.fi>" [unknown]
    gpg: aka "Tommi Koivula <tommi@rbb.bbs.fi>" [unknown]
    gpg: aka "Tommi Koivula <tommi.koivula@p1.f1.n221.z2.fidonet.fi>" [unknown]
    gpg: WARNING: This key is not certified with a trusted signature!
    gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 4132 67AD A3AC 401A 18C0 23D2 D229 3299 2A6F 822A


    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From Tommi Koivula@2:221/360 to Wilfred van Velzen on Sun Jan 5 00:56:06 2020
    Hi Wilfred.

    04 Jan 20 23:45:04, you wrote to me:

    I'll sign this one with Golded.

    Still SHA256. It might have to do with the gpg version you are using. Mine
    is
    somewhat older:

    # gpg --version
    gpg (GnuPG) 2.0.24
    libgcrypt 1.6.1
    ...

    Maybe the default hash algorithme has change in newer versions?

    Perhaps.. In this Windows I'm using :

    === Cut ===

    gpg --version

    gpg (GnuPG) 2.2.19
    libgcrypt 1.8.5
    Copyright (C) 2019 Free Software Foundation, Inc.
    License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it.
    There is NO WARRANTY, to the extent permitted by law.

    Home: C:/Users/root/AppData/Roaming/gnupg
    Tuetut algoritmit:
    JulkAvain: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
    Salaus: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
    CAMELLIA128, CAMELLIA192, CAMELLIA256
    Tiiviste: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
    Pakkaus: pakkaamaton, ZIP, ZLIB, BZIP2
    === Cut ===

    'Tommi

    PS. I hate when programs speak finnish, even if I have an english OS... :)

    ---
    * Origin: - rbb.fidonet.fi - Finland - (2:221/360)
  • From August Abolins@2:221/360 to Wilfred van Velzen on Sun Jan 5 02:14:47 2020
    On 1/4/2020 12:47 PM, between "Wilfred van Velzen : Tommi Koivula":

    Hi Wilfred,

    The message I am replying to in this message gave me this report:

    Error - signature verification failed

    gpg command line and output:
    C:\Program Files\gnupg\bin\gpg.exe
    gpg: Signature made 01/04/20 12:47:07 Eastern Standard Time
    gpg: using RSA key 3BB37DA84A97932B
    gpg: BAD signature from "Wilfred van Velzen <wvvelzen@gmail.com>"
    [unknown]


    It's the one you wrote to Tommi with:

    WvV> -----BEGIN PGP SIGNED MESSAGE-----
    WvV> Hash: SHA1

    --- Thunderbird 2.0.0.24 (Windows/20100228)
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From August Abolins@2:221/360 to Wilfred van Velzen on Sun Jan 5 02:30:00 2020
    On 1/4/2020 1:30 PM, between "Wilfred van Velzen : August Abolins":

    I am not sure I can tie a proper (non-padded) email address
    to the one I messed up with the program I am using.

    What program are you using?
    And you should be able to! ;)

    Enigmail. It integrates GnuPG into Thunderbird as an add-on so that it
    looks and operates as if were part of Thunderbird.

    Apparently, I haven't fully explored its full configuration options.
    There are so many. I saw a setting on my other pc where I could "assign"
    other identities to the existing ones. Maybe that is the answer.


    If you were to create an email to me using my current key,
    would you have to remove the R_E_M_O_V_E part manually each
    and every time?

    I have no clue, I have never tried sending an encrypted
    email. ;)

    Next to being able to sign messages in echomail/newsgroups, fully
    encrypted messages only make sense in email - direct to a specific
    individual.


    It's pretty neat that I can look up old friends and check
    the properties of the keys.

    Indeed. ;)

    But are those older keys still usable? I have two keys from
    1993, I no longer remember the passwords for. :-( But they
    aren't on the keyservers afaik, so nobody will be tempted
    to use them. ;)

    That's the beauty of pulling down the keys and checking their
    properties. The properties will reveal creation dates, expiry dates, revocations,etc. It would be relatively easy to just pick the most
    recent date, and send a brief hello message with a CC: and see which
    ones reach their target.

    --- Thunderbird 2.0.0.24 (Windows/20100228)
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From August Abolins@2:221/360 to Wilfred van Velzen on Sun Jan 5 02:38:00 2020
    On 1/4/2020 3:57 PM, between "Wilfred van Velzen : August Abolins":

    You could for instance add: https://www.gpg4win.org/ to
    your Windows setup, so you have a decent key management tool...

    I noticed that one too. Enigmail is not bad, except the version
    designed for TB 24, XP, is probably a bit outdated considering there are
    newer versions for more recent versions of TB. But I will soon be
    migrating my files to a newer latop with Win7. There, I should be able
    to have smoother operations with a more recent Enigmail.

    --- Thunderbird 2.0.0.24 (Windows/20100228)
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From August Abolins@2:221/360 to Wilfred van Velzen on Sun Jan 5 03:08:42 2020
    On 1/4/2020 3:58 PM, between "Wilfred van Velzen : Tommi Koivula":


    Good to know it works. (But I won't be signing every
    message by default ;))

    Signing probably makes most sense for official content that contains
    specific data, dates, to register an official vote, etc.

    The technology was probably only intended to be used in direct 1 to 1
    exchanges like email.

    Sometimes I get requests from vendors via email that require a
    confirmation for a particular agreement. There is a document that they
    request be signed. In the not too distant past, I would print the doc,
    add my signature, scan it, print it and fax it. Very time consuming.

    When the fax device died (pc usb type), I would take a pictures of the
    signed doc, copy the pic to the network and email the pic.

    Since then, I've learned to sign the pdf version of the doc and email it
    back.

    But a pgp signature would be even simpler and faster.


    ../|ug

    --- Thunderbird 2.0.0.24 (Windows/20100228)
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From August Abolins@2:221/360 to Wilfred van Velzen on Sun Jan 5 03:21:24 2020
    On 1/4/2020 5:42 PM, between "Wilfred van Velzen : August Abolins":

    Meanwhile, I found a PGP app for my Blackberry. Getting the
    secret keys to it in a secure way are a bit tricky though.

    If you used decent passwords for the secret keys, it
    doesn't matter if the files fall in the wrong hands...

    I could email the secret keys between my devices, but I don't like the
    idea that email in general is in the clear and the isp/systems enroute
    can cache and record anything.

    The passphrase is fairly decent. I am confident that no one would be
    able to guess it.

    --- Thunderbird 2.0.0.24 (Windows/20100228)
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From August Abolins@2:221/360 to Wilfred van Velzen on Sun Jan 5 03:34:10 2020
    On 1/4/2020 5:51 PM, between "Wilfred van Velzen : August Abolins":


    Enigmail Security Info Part of the message signed Unverified signature Public key D22932992A6F822A used to verify signature BAD signature
    from Tommi Koivula <tommi@fidonet.fi>

    Why would it be BAD?

    I'm getting a good signature on Tommy's message:

    gpg: Signature made za 04 jan 2020 22:10:34 CET using RSA key ID 2A6F822A gpg: Good signature from "Tommi Koivula <tommi@rbb.fidonet.fi>" [unknown] gpg: aka "Tommi Koivula <tommi@fidonet.fi>" [unknown]
    gpg: aka "Tommi Koivula <tommi@rbb.bbs.fi>" [unknown]
    gpg: aka "Tommi Koivula <tommi.koivula@p1.f1.n221.z2.fidonet.fi>" [unknown]
    gpg: WARNING: This key is not certified with a trusted signature!
    gpg: There is no indication that the signature belongs to the
    owner.
    Primary key fingerprint: 4132 67AD A3AC 401A 18C0 23D2 D229 3299 2A6F 822A

    I think it has to do with whether he is using GoldED or Thunderbird.

    My keys with his ID 2A6F822A do not have the long
    p1.f1.n221.z2.fidonet.fi address in the list. And my Enigmail reports a different fingerprint.

    --- Thunderbird 2.0.0.24 (Windows/20100228)
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From August Abolins@2:221/1.58 to Tommi Koivula on Sat Jan 4 21:40:00 2020
    Hello Tommi!

    ** 04.01.20 - 10:15, Tommi Koivula wrote to August Abolins:

    There is no nodelist flag that tells NOT to accept encrypted mail.

    So my node will accept encrypted mail and will forward it but you
    cannot know how the next hop treats it.

    Please test. :D

    To me, if the original concensus was "no enrypted mail in fidonet" then
    the nodelist U,ENC only covers the exceptions. ?

    In that setting U,ENC only makes sense for netmail exchanges between users
    of that same host. (If only the documentations could say it as simple as that!)

    Further, since there is no way for a user to know in advance how one U,ENC system routes their mail, and since there is no guarante what happens if a packet reaches a non-U,ENC system, there is no point in taking chances and causing annoyance. :(

    Pooh.

    But kudos to those systems that accomidate U,ENC without flinching!

    Meanhile, email is probably a more reliable option for really private messaging anyway.



    ../|ug

    --- OpenXP 5.0.42
    * Origin: /|ug's Point, Ont. CANADA (2:221/1.58)
  • From Tommi Koivula@2:221/360 to August Abolins on Sun Jan 5 13:13:55 2020
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512



    Meanhile, email is probably a more reliable option for really
    private messaging anyway.


    As long as you dont use Gmail. ;)

    'Tommi



    -----BEGIN PGP SIGNATURE-----

    iQEzBAEBCgAdFiEEQTJnraOsQBoYwCPS0ikymSpvgioFAl4RxPQACgkQ0ikymSpv giqNlQf+LbMwBq2IlR9H2fsNJPuW7wZJpqZD3rIGveY2t+fRH+gsEwPhbcQJjlDf ZLIUl8KkjnIUErc7E8o4Gm78mLt/m1YQjXJaSHwHHBXU5+3+1riCkZQFDhLAIpWy tdYmyaqJwETk3HJhiuA++cMkg/Nur2QiFYMo1/qy4DPRGTeqSQvRSdXw8iiq4H0y heRIzYhgIggCVLTTnjZqNkPoSyWSHYLXOsQeb7qENs9ZX82UIe9jnpXlq0DVhTxE M6n2UkjVf5ZBSz37tuFPsXb2bFeFHDJz+yGGS0v9BzWX9jHcpsi/XTDJDhILRdOc xHrghBv1Ey19SijGaPzU21Kqlb8KmA==
    =0ILC
    -----END PGP SIGNATURE-----

    --- Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.2.2
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From Wilfred van Velzen@2:280/464 to Tommi Koivula on Sun Jan 5 12:56:51 2020
    Hi Tommi,

    On 2020-01-05 00:56:06, you wrote to me:

    Maybe the default hash algorithme has change in newer versions?

    Perhaps.. In this Windows I'm using :

    Tuetut algoritmit:
    JulkAvain: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
    Salaus: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
    CAMELLIA128, CAMELLIA192, CAMELLIA256
    Tiiviste: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
    Pakkaus: pakkaamaton, ZIP, ZLIB, BZIP2

    There are some differences in my versions algorithms:

    Supported algorithms:
    Pubkey: RSA, ELG, DSA
    Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
    CAMELLIA128, CAMELLIA192, CAMELLIA256
    Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
    Compression: Uncompressed, ZIP, ZLIB, BZIP2

    But that doesn't show, what the defaults are, under what circumstances.

    PS. I hate when programs speak finnish, even if I have an english
    OS... :)

    Same here with Dutch! ;)

    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From Wilfred van Velzen@2:280/464 to August Abolins on Sun Jan 5 13:01:06 2020
    Hi August,

    On 2020-01-05 02:14:47, you wrote to me:

    The message I am replying to in this message gave me this report:

    Error - signature verification failed

    gpg command line and output:
    C:\Program Files\gnupg\bin\gpg.exe
    gpg: Signature made 01/04/20 12:47:07 Eastern Standard Time
    gpg: using RSA key 3BB37DA84A97932B
    gpg: BAD signature from "Wilfred van Velzen <wvvelzen@gmail.com>" [unknown]

    It's the one you wrote to Tommi with:

    So you don't have the key I used there?


    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From Wilfred van Velzen@2:280/464 to August Abolins on Sun Jan 5 13:03:31 2020
    Hi August,

    On 2020-01-05 02:30:00, you wrote to me:

    Apparently, I haven't fully explored its full configuration options.
    There are so many. I saw a setting on my other pc where I could
    "assign" other identities to the existing ones. Maybe that is the
    answer.

    Probably!

    Next to being able to sign messages in echomail/newsgroups, fully encrypted messages only make sense in email - direct to a specific individual.

    Or routed netmail!

    But are those older keys still usable? I have two keys from
    1993, I no longer remember the passwords for. :-( But they
    aren't on the keyservers afaik, so nobody will be tempted
    to use them. ;)

    That's the beauty of pulling down the keys and checking their
    properties. The properties will reveal creation dates, expiry dates, revocations,etc. It would be relatively easy to just pick the most
    recent date, and send a brief hello message with a CC: and see which
    ones reach their target.

    If there are multiple keys to choose from...

    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From Wilfred van Velzen@2:280/464 to August Abolins on Sun Jan 5 13:11:57 2020
    Hi August,

    On 2020-01-05 03:08:42, you wrote to me:

    Good to know it works. (But I won't be signing every
    message by default ;))

    Signing probably makes most sense for official content that contains specific data, dates, to register an official vote, etc.

    Yes, it doesn't add too much in the mostly casual communication that goes on in
    fidonet...

    The technology was probably only intended to be used in direct 1 to 1 exchanges like email.

    I don't think so. It also has it's function in public forums like fido's echomail...

    Sometimes I get requests from vendors via email that require a confirmation for a particular agreement. There is a document that they request be signed. In the not too distant past, I would print the doc, add my signature, scan it, print it and fax it. Very time consuming.

    When the fax device died (pc usb type), I would take a pictures of the signed doc, copy the pic to the network and email the pic.

    Since then, I've learned to sign the pdf version of the doc and email it back.

    But a pgp signature would be even simpler and faster.

    If they can verify the signature is really made by who you claim you are! It would be even better, because it's easier to create a false hand written signature.

    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From Wilfred van Velzen@2:280/464 to August Abolins on Sun Jan 5 13:12:53 2020
    Hi August,

    On 2020-01-05 03:21:24, you wrote to me:

    If you used decent passwords for the secret keys, it
    doesn't matter if the files fall in the wrong hands...

    I could email the secret keys between my devices, but I don't like the idea that email in general is in the clear and the isp/systems enroute
    can cache and record anything.

    You can use a common storage place, either on your own network or external lile
    dropbox. If that's an encrypted place (I don't know if dropbox is by default?) that would be even better.

    The passphrase is fairly decent. I am confident that no one would be
    able to guess it.

    Than it doesn't matter too much what you use to exchange the secret key files.

    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From Wilfred van Velzen@2:280/464 to August Abolins on Sun Jan 5 13:21:22 2020
    Hi August,

    On 2020-01-05 03:34:10, you wrote to me:

    Enigmail Security Info Part of the message signed Unverified
    signature
    Public key D22932992A6F822A used to verify signature BAD signature
    from Tommi Koivula <tommi@fidonet.fi>

    Why would it be BAD?

    I'm getting a good signature on Tommy's message:

    gpg: Signature made za 04 jan 2020 22:10:34 CET using RSA key ID 2A6F822A
    gpg: Good signature from "Tommi Koivula <tommi@rbb.fidonet.fi>" [unknown]
    gpg: aka "Tommi Koivula <tommi@fidonet.fi>" [unknown]
    gpg: aka "Tommi Koivula <tommi@rbb.bbs.fi>" [unknown]
    gpg: aka "Tommi Koivula
    <tommi.koivula@p1.f1.n221.z2.fidonet.fi>" [unknown]
    gpg: WARNING: This key is not certified with a trusted signature!
    gpg: There is no indication that the signature belongs to the
    owner.
    Primary key fingerprint: 4132 67AD A3AC 401A 18C0 23D2 D229 3299 2A6F
    822A

    I think it has to do with whether he is using GoldED or Thunderbird.

    I don't think that matters. It's what happens between him and the receivers system to the contents of the message, before the verify...

    My keys with his ID 2A6F822A do not have the long
    p1.f1.n221.z2.fidonet.fi address in the list. And my Enigmail reports a different fingerprint.

    Then you should update the key from a keyserver...

    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From Wilfred van Velzen@2:280/464 to August Abolins on Sun Jan 5 13:25:22 2020
    Hi August,

    On 2020-01-04 21:40:00, you wrote to Tommi Koivula:

    Further, since there is no way for a user to know in advance how one
    U,ENC system routes their mail, and since there is no guarante what happens if a packet reaches a non-U,ENC system, there is no point in taking chances and causing annoyance. :(

    The worlds view/commonsense on transporting encrypted content has changed in the few decades since the discussion in fidonet about this! If it didn't internet banking wouldn't be possible for instance! ;-)

    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From mark lewis@1:3634/12 to August Abolins on Sun Jan 5 07:46:03 2020
    Re: Key management could be a nightmare
    By: August Abolins to Wilfred van Velzen on Sun Jan 05 2020 03:21:24


    I could email the secret keys between my devices, but I don't like the
    idea that email in general is in the clear and the isp/systems enroute
    can cache and record anything.

    use pgp/gpg to encrypt it, then email it, and decrypt it on the other end...


    )\/(ark
    --- SBBSecho 3.10-Linux
    * Origin: SouthEast Star Mail HUB - SESTAR (1:3634/12)
  • From August Abolins@2:221/1.58 to mark lewis on Sun Jan 5 09:10:00 2020
    Hello mark!

    ** 05.01.20 - 07:46, mark lewis wrote to August Abolins:

    Re: Key management could be a nightmare
    By: August Abolins to Wilfred van Velzen on Sun Jan 05 2020 03:21:24

    I could email the secret keys between my devices, but I don't like
    the idea that email in general is in the clear and the isp/systems
    enroute can cache and record anything.

    use pgp/gpg to encrypt it, then email it, and decrypt it on the other
    end...


    Still working through the morning coffee? <BWG>

    I need that key on the other end *before* I can decrypt anything.

    ;)




    ../|ug

    --- OpenXP 5.0.42
    * Origin: /|ug's Point, Ont. CANADA (2:221/1.58)
  • From August Abolins@2:221/360 to Tommi Koivula on Sun Jan 5 17:17:01 2020
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    On 1/5/2020 6:13 AM, between "Tommi Koivula : August Abolins":

    AA >> Meanhile, email is probably a more reliable option for
    AA >> really private messaging anyway.

    As long as you dont use Gmail. ;)


    https://support.google.com/mail/answer/6330403?hl=en

    So, maybe there is progress in that direction.

    If people did start using their S/MIME support (uses certificates? not
    keys?) they'd probably want to control or track the usage and sell the info/stats in order to monetize it.

    BTW.. I am really liking the Enigmail/GnuPG add-on for TB. The
    decrypting is automatic and the inline sig key blocks are "hidden" to
    provide a very clean reading/replying experience.


    ../|ug
    -----BEGIN PGP SIGNATURE-----
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

    iQEzBAEBCAAdFiEE0OsqKVIE8xZ+slA87w6JZVeJWJsFAl4R/ecACgkQ7w6JZVeJ WJuszggAu7do1rceBlMup6HQRZQgc8fg0UcfbAEB//QWBH9o5UlfdfCK93WxrFoG JJbfWX0/G+GF1RL/MGyvx+ggTEv+ByKbVP2xft+mNPs9Z3heJdeXgkFMaOQosmrj pcx2B9p7SYzrrkV9Z0VZQefvTqFD7gcuQsoWV7tgBiFYu8SCkPl3qvKrahB/bKBT 8bQU7+I05D5fQIjTp9aFa3brlUbJsg/m59+Lg6yyAw4uRWjVgci5OyFDZ2Ev779w OZl+dqKmpr6c1HDOPAjETlrigWvepmNHWPtbhl6m2eYEu5d7TdurCoyJUVOJF3KO Ugr/8aFWoBZnLqWo8BWL5dsV9iNFNw==
    =+553
    -----END PGP SIGNATURE-----

    --- Thunderbird 2.0.0.24 (Windows/20100228)
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From August Abolins@2:221/360 to Wilfred van Velzen on Sun Jan 5 17:29:37 2020
    On 1/5/2020 7:01 AM, between "Wilfred van Velzen : August Abolins":

    Error - signature verification failed

    gpg command line and output: C: \Program
    Files\gnupg\bin\gpg.exe gpg: Signature made 01/04/20
    12:47:07 Eastern Standard Time gpg: using RSA key
    3BB37DA84A97932B gpg: BAD signature from "Wilfred van
    Velzen <wvvelzen@gmail.com>" [unknown]

    It's the one you wrote to Tommi with:

    So you don't have the key I used there?


    Hello Wilfred,

    Send me the fingerprint of the keys I should be using, and I'll grab
    them from a server.

    BTW, is it this one:

    keys.openpgp.org

    https://keys.openpgp.org/vks/v1/by-fingerprint/D50ECD4F514B75DC0A064F893BB37DA84A97932B



    ../|ug

    --- Thunderbird 2.0.0.24 (Windows/20100228)
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From August Abolins@2:221/360 to Wilfred van Velzen on Sun Jan 5 17:46:25 2020
    On 1/5/2020 7:03 AM, between "Wilfred van Velzen : August Abolins":

    Next to being able to sign messages in echomail/newsgroups,
    fully encrypted messages only make sense in email - direct
    to a specific individual.

    Or routed netmail!

    But we really don't know the exact route a netmail will take.

    For a user, unless they analyze the nodelist or confirm things with
    their sysop, netmail is unreliable.

    I also use point-software (OpenXP) which allows sending crash mail. With
    that, I could crash my encrypted netmail to its final destination with confidence to any system that flies the U,ENC flags.


    That's the beauty of pulling down the keys and checking
    their properties. The properties will reveal creation
    dates, expiry dates, revocations, etc. It would be
    relatively easy to just pick the most recent date, and send
    a brief hello message with a CC: and see which ones reach
    their target.

    If there are multiple keys to choose from...

    Yeah, tracking people down from the past that have only one email addy
    listed on the servers with an expired key could be a challenge.

    ../|ug

    --- Thunderbird 2.0.0.24 (Windows/20100228)
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From August Abolins@2:221/360 to Wilfred van Velzen on Sun Jan 5 17:54:41 2020
    On 1/5/2020 7:11 AM, between "Wilfred van Velzen : August Abolins":

    Good to know it works. (But I won't be signing every
    message by default ;))

    Signing probably makes most sense for official content that
    contains specific data, dates, to register an official
    vote, etc.

    Yes, it doesn't add too much in the mostly casual
    communication that goes on in fidonet...

    Hello Wilfred!

    I haven't seen PGP signing used very much in the echos (or at least not
    in the few and active ones that I read). Where else do you see it used?


    Since then, I've learned to sign the pdf version of the doc
    and email it back.

    But a pgp signature would be even simpler and faster.

    If they can verify the signature is really made by who you
    claim you are! It would be even better, because it's easier
    to create a false hand written signature.

    I don't think they would lack any confidence in an email that they use
    to send me reminders of an overdue invoice, with my ACK. <G> And..
    many vendors keep a record of email addys after a phone call with me
    giving them a specific addy.

    Yep. PGP signing would be a very convenient solution for signing
    agreements with on-sale dates that I have to acknowledge.

    ../|ug

    --- Thunderbird 2.0.0.24 (Windows/20100228)
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From August Abolins@2:221/360 to Wilfred van Velzen on Sun Jan 5 18:04:26 2020
    On 1/5/2020 7:12 AM, between "Wilfred van Velzen : August Abolins":

    I could email the secret keys between my devices, but I
    don't like the idea that email in general is in the clear
    and the isp/systems enroute can cache and record anything.

    You can use a common storage place, either on your own
    network or external lile dropbox. If that's an encrypted
    place (I don't know if dropbox is by default?) that would
    be even better.

    Hello Wilfred!

    I have an option for my Blackberry. I can send it through my own wi-fi connections to a file directory on the device. But I have to do it from
    my Win7 pc desktop which is at a remote location. :(


    The passphrase is fairly decent. I am confident that no one
    would be able to guess it.

    Than it doesn't matter too much what you use to exchange
    the secret key files.

    Nah.. Even if the secret key were sent with Gmail for example, its copy
    would be grabbed and stored in the cloud forever. The "they" people
    could then feed the key to their petra flop computers to try and crack it.

    I think it is absolutely imperative to never transfer a secret key
    through a transfer mechanism that I don't have exclusive control over.

    ../|ug

    --- Thunderbird 2.0.0.24 (Windows/20100228)
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From August Abolins@2:221/360 to Wilfred van Velzen on Sun Jan 5 18:14:02 2020
    On 1/5/2020 7:21 AM, between "Wilfred van Velzen : August Abolins":

    My keys with his ID 2A6F822A do not have the long
    p1.f1.n221.z2.fidonet.fi address in the list. And my
    Enigmail reports a different fingerprint.

    Then you should update the key from a keyserver...

    I just did. Looks good now.

    The key management in Enigmail for TB 24 does not do the updates
    automatically, but Enigmail for TB 68 and up does. Looking forward to
    possibly only use a newer TB.

    --- Thunderbird 2.0.0.24 (Windows/20100228)
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From Wilfred van Velzen@2:280/464 to August Abolins on Sun Jan 5 17:08:40 2020
    Hi August,

    On 2020-01-05 17:29:37, you wrote to me:

    gpg command line and output: C: \Program
    Files\gnupg\bin\gpg.exe gpg: Signature made 01/04/20
    12:47:07 Eastern Standard Time gpg: using RSA key
    3BB37DA84A97932B gpg: BAD signature from "Wilfred van
    Velzen <wvvelzen@gmail.com>" [unknown]

    It's the one you wrote to Tommi with:

    So you don't have the key I used there?


    Hello Wilfred,

    Send me the fingerprint of the keys I should be using, and I'll grab
    them from a server.

    BTW, is it this one:

    keys.openpgp.org

    https://keys.openpgp.org/vks/v1/by-fingerprint/D50ECD4F514B75DC0A064F893BB3
    7DA84A97932B

    Yes that looks like it. The ID that's quoted above is enough to search for it! ;)

    wilfred@wilnux5:~> gpg --fingerprint -k 4A97932B
    pub 4096R/4A97932B 2017-10-25 [expires: 2023-01-01]
    Key fingerprint = D50E CD4F 514B 75DC 0A06 4F89 3BB3 7DA8 4A97 932B
    uid [ultimate] Wilfred van Velzen <wvvelzen@gmail.com>
    uid [ultimate] Wilfred van Velzen <wilfred@vvlzn.nl>
    uid [ultimate] [jpeg image of size 5943]
    sub 4096R/2D3482F3 2017-10-25


    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From Wilfred van Velzen@2:280/464 to August Abolins on Sun Jan 5 17:27:07 2020
    Hi August,

    On 2020-01-05 17:46:25, you wrote to me:

    Next to being able to sign messages in echomail/newsgroups,
    fully encrypted messages only make sense in email - direct
    to a specific individual.

    Or routed netmail!

    But we really don't know the exact route a netmail will take.

    Nope.

    For a user, unless they analyze the nodelist or confirm things with
    their sysop, netmail is unreliable.

    Indeed. But I doubt many systems still filter-out/bounce netmail with encrypted
    content.

    I also use point-software (OpenXP) which allows sending crash mail.
    With that, I could crash my encrypted netmail to its final destination with confidence to any system that flies the U,ENC flags.

    And in case of a point as destination of which the boss has the ENC flag. You can crash the encrypted netmail at the boss's system...


    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From Wilfred van Velzen@2:280/464 to August Abolins on Sun Jan 5 17:21:01 2020
    Hi August,

    On 2020-01-05 17:54:41, you wrote to me:

    I haven't seen PGP signing used very much in the echos (or at least
    not in the few and active ones that I read). Where else do you see it used?

    Well lately I've seen it in this area and FIDOTEST. ;)
    But I wasn't paying attention before. ;)

    Outside of fidonet. I see it sometimes in newsgroups. And I know the (open)suse, software distribution system makes use of gpg keys to sign the distributed software.

    But a pgp signature would be even simpler and faster.

    If they can verify the signature is really made by who you
    claim you are! It would be even better, because it's easier
    to create a false hand written signature.

    I don't think they would lack any confidence in an email that they use
    to send me reminders of an overdue invoice, with my ACK. <G> And..
    many vendors keep a record of email addys after a phone call with me giving them a specific addy.

    Yep. PGP signing would be a very convenient solution for signing agreements with on-sale dates that I have to acknowledge.

    I don't think "they" are going to trust it, untill there will be a government key signing authority, that can "properly" verify your identity.

    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From mark lewis@1:3634/12 to August Abolins on Sun Jan 5 13:10:43 2020
    Re: Key management could be a nightmare
    By: August Abolins to mark lewis on Sun Jan 05 2020 09:10:00


    use pgp/gpg to encrypt it, then email it, and decrypt it on the other
    end...

    Still working through the morning coffee? <BWG>

    nope, not when i wrote that...

    I need that key on the other end *before* I can decrypt anything.

    are you saying that you cannot simply encrypt some text and decrypt it? i don't
    mean to encrypt it to a specific individual... just general encryption with a phrase... pgp used to do that and i used it numerous times to send stuff to others with no keys involved...


    )\/(ark
    --- SBBSecho 3.10-Linux
    * Origin: SouthEast Star Mail HUB - SESTAR (1:3634/12)
  • From August Abolins@2:221/360 to Wilfred van Velzen on Sun Jan 5 20:20:57 2020
    On 05/01/2020 7:11 a.m., Wilfred van Velzen : August Abolins wrote:

    If they can verify the signature is really made by who you
    claim you are! It would be even better, because it's easier to
    create a false hand written signature.

    Written signatures (that are not witnessed) are useless really. When my
    debit machine spews out a receipt with "Signature required", the person
    can easily put anything there. Often I just get a scribble.

    However, I think the understanding in the industry is that for starters,
    I wouldn't have that debit machine unless my true identity was verified.
    And since I am a "registered" operator of the device, and rule is if I
    give the receipt to the buyer to sign, then I did exactly that - as me
    as a witness, and that my claim to authenticity trumps the buyer's claim
    should they decide to deny they signed it.

    Also, I should be probably checking that the scribble they put on the
    receipt matches the scribble they have on the back of the card.

    But sometimes, there is no sig on the card, or the user refuses to hand
    it over, or they tell me it's a family card, or.. whatever.

    For now, the sig on receipt requirement is only for foreign buyers. <G>

    PIN enabled or Contact-less enabled cards are gaining usage.


    .../|ug

    --- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From August Abolins@2:221/360 to Wilfred van Velzen on Sun Jan 5 20:28:30 2020
    On 05/01/2020 11:08 a.m., Wilfred van Velzen : August Abolins wrote:

    gpg command line and output: C: \Program
    Files\gnupg\bin\gpg.exe gpg: Signature made 01/04/20 12:47:07
    Eastern Standard Time gpg: using RSA key 3BB37DA84A97932B
    gpg: BAD signature from "Wilfred van Velzen
    <wvvelzen@gmail.com>" [unknown]

    BTW, is it this one:

    keys.openpgp.org

    https://keys.openpgp.org/vks/v1/by-fingerprint/D50ECD4F514B75DC0A064F893BB3
    7DA84A97932B

    Yes that looks like it. The ID that's quoted above is enough to
    search for it!

    I found out that is not always the case. It seems to depend on the
    server. For example, I used your RSA key 3BB37DA84A97932B as above, but
    the server at keys.openpgp.org reported that they do not support
    abbreviated keys.

    wilfred@wilnux5: ~> gpg -- fingerprint - k 4A97932B pub
    4096R/4A97932B 2017-10-25 [expires: 2023-01-01] Key
    fingerprint = D50E CD4F 514B 75DC 0A06 4F89 3BB3 7DA8 4A97 932B
    uid [ultimate] Wilfred van Velzen <wvvelzen@gmail.com> uid
    [ultimate] Wilfred van Velzen <wilfred@vvlzn.nl> uid [ultimate]
    [jpeg image of size 5943] sub 4096R/2D3482F3 2017-10-25

    What is interesting, I just fetched your updated keys from the *same*
    server that I used on my lessor TB 2.0.0.24 pc, but this time on my TB
    60 there was no photo offered or recorded. :(

    I wonder why the difference.

    --- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From August Abolins@2:221/360 to Wilfred van Velzen on Sun Jan 5 20:41:53 2020
    On 05/01/2020 11:21 a.m., Wilfred van Velzen : August Abolins wrote:

    I haven't seen PGP signing used very much in the echos (or at
    least not in the few and active ones that I read). Where else
    do you see it used?

    Well lately I've seen it in this area and FIDOTEST.

    I think that's about it! LOL


    Outside of fidonet. I see it sometimes in newsgroups. And I
    know the (open)suse, software distribution system makes use of
    gpg keys to sign the distributed software.

    According to the info at https://sks-keyservers.net/status/

    Max keys: 5964828

    That's really not a whole lot in the internet collective.


    Yep. PGP signing would be a very convenient solution for
    signing agreements with on-sale dates that I have to
    acknowledge.

    I don't think "they" are going to trust it, untill there will
    be a government key signing authority, that can "properly"
    verify your identity.

    Why not? There is a vast pre-history of email exchange between me and
    the vendor with many emails that include my customer/account number with
    them. And my cheques even include the same customer/account number. So,
    they ought have great confidence that next time they send me something
    to the same email address to sign, then my PGP-signed reply was done by me.

    ../|ug

    --- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From August Abolins@2:221/360 to Wilfred van Velzen on Sun Jan 5 20:51:01 2020
    On 05/01/2020 11:27 a.m., Wilfred van Velzen : August Abolins wrote:


    For a user, unless they analyze the nodelist or confirm things
    with their sysop, netmail is unreliable.

    Indeed. But I doubt many systems still filter-out/bounce
    netmail with encrypted content.

    Now that you let the cat out of the bag, so to speak.. sysops may be
    interested to add such filters to find out! LOL


    And in case of a point as destination of which the boss has the
    ENC flag. You can crash the encrypted netmail at the boss's
    system...

    Exactly. The ENC flag is usually flown by the boss. It's a
    bonus/incentive if that system supports point users.

    ../|ug

    --- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From August Abolins@2:221/360 to mark lewis on Sun Jan 5 21:02:29 2020
    On 05/01/2020 1:10 p.m., mark lewis : August Abolins wrote:

    Still working through the morning coffee? <BWG>

    nope, not when i wrote that...

    No offense meant.

    I need that key on the other end *before* I can decrypt
    anything.

    are you saying that you cannot simply encrypt some text and
    decrypt it? i don't mean to encrypt it to a specific
    individual... just general encryption with a phrase... pgp used
    to do that and i used it numerous times to send stuff to others
    with no keys involved...

    Thank you for mentioning just plain encryption (without keys). I hadn't
    thought of that. Apparently, *I* hadn't finished *my* morning coffee.

    WRT to my Blackberry, where I need to send the keys, I am not aware of
    away to decrypt a message that I simply encrypted somewhere else.

    The pgp app on the Blackberry only operates with established keys.

    --- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From Wilfred van Velzen@2:280/464 to August Abolins on Sun Jan 5 20:25:45 2020
    Hi August,

    On 2020-01-05 20:28:30, you wrote to me:

    https://keys.openpgp.org/vks/v1/by-fingerprint/D50ECD4F514B75DC0A064F8 93BB37DA84A97932B

    Yes that looks like it. The ID that's quoted above is enough to
    search for it!

    I found out that is not always the case. It seems to depend on the
    server. For example, I used your RSA key 3BB37DA84A97932B as above, but the server at keys.openpgp.org reported that they do not support abbreviated keys.

    Strange. Why wouldn't they support it? What would be the benefit of that?

    wilfred@wilnux5: ~> gpg -- fingerprint - k 4A97932B pub
    4096R/4A97932B 2017-10-25 [expires: 2023-01-01] Key
    fingerprint = D50E CD4F 514B 75DC 0A06 4F89 3BB3 7DA8 4A97 932B
    uid [ultimate] Wilfred van Velzen <wvvelzen@gmail.com> uid
    [ultimate] Wilfred van Velzen <wilfred@vvlzn.nl> uid [ultimate]
    [jpeg image of size 5943] sub 4096R/2D3482F3 2017-10-25

    What is interesting, I just fetched your updated keys from the *same* server that I used on my lessor TB 2.0.0.24 pc, but this time on my TB
    60 there was no photo offered or recorded. :(

    I wonder why the difference.

    When I export the key to the server, I have the option not to export attributes
    (photo ID). Maybe it's optional on importing to, but the option isn't given to you?

    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From Wilfred van Velzen@2:280/464 to August Abolins on Sun Jan 5 20:29:34 2020
    Hi August,

    On 2020-01-05 20:41:53, you wrote to me:

    Outside of fidonet. I see it sometimes in newsgroups. And I
    know the (open)suse, software distribution system makes use of
    gpg keys to sign the distributed software.

    According to the info at https://sks-keyservers.net/status/

    Max keys: 5964828

    That's really not a whole lot in the internet collective.

    I wouldn't want to import them all to my keyring file! ;-)

    I don't think "they" are going to trust it, untill there will
    be a government key signing authority, that can "properly"
    verify your identity.

    Why not? There is a vast pre-history of email exchange between me and
    the vendor with many emails that include my customer/account number with them. And my cheques even include the same customer/account number. So, they ought have great confidence that next time they send me something
    to the same email address to sign, then my PGP-signed reply was done by
    me.

    That requires some human employer to check this, and would make the company responsible in case a human mistake was made. They want that to be an external risk, not theirs...

    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From Wilfred van Velzen@2:280/464 to August Abolins on Sun Jan 5 20:33:40 2020
    Hi August,

    On 2020-01-05 20:51:01, you wrote to me:

    For a user, unless they analyze the nodelist or confirm things
    with their sysop, netmail is unreliable.

    Indeed. But I doubt many systems still filter-out/bounce
    netmail with encrypted content.

    Now that you let the cat out of the bag, so to speak.. sysops may be interested to add such filters to find out! LOL

    I don't think our audience is that big. ;)

    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From August Abolins@2:221/360 to Tommi Koivula on Sun Jan 5 22:04:55 2020
    On 04/01/2020 3:27 p.m., Tommi Koivula : August Abolins wrote:


    Enigmail is a nice tool, as well as kleopatra of gpg4win package.

    Hmmm..

    Apparently, I had kleopatra (via gpg4win) already on the pc that I use
    for TB 60.

    Very nice. It seems to tie in to the existing gpg package that the
    Enigmail installation created, and they use the same local database for
    the keys.

    Even searching for keys is more responsive with the default server(s).

    Thanks for mentioning kleopatra.

    Now I wonder if kleopatra would solve the server access problem in the
    older Enigmail/TB 2.0.0.24 combo on my XP pc.

    ../|ug

    --- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From August Abolins@2:221/360 to Wilfred van Velzen on Sun Jan 5 22:12:20 2020
    On 05/01/2020 2:25 p.m., Wilfred van Velzen : August Abolins wrote:

    I found out that is not always the case. It seems to depend on
    the server. For example, I used your RSA key 3BB37DA84A97932B
    as above, but the server at keys.openpgp.org reported that they
    do not support abbreviated keys.

    Strange. Why wouldn't they support it? What would be the
    benefit of that?

    Clarification: When I use the keys.openpgp.org website directly, it
    reports that SEARCHES do not support short IDs.

    That probably explains why using that server in Enigmail searching with
    the short ID fails also.


    When I export the key to the server, I have the option not to
    export attributes (photo ID). Maybe it's optional on importing
    to, but the option isn't given to you?

    I dunno. The default config in the Enigmail version for TB 2.0.0.24
    imported the image, no problem. If I have to enable it in the Enigmail
    version for TB 60, I haven't looked. I just assumed it ought to work
    like the other Enigmail.

    --- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From August Abolins@2:221/360 to Wilfred van Velzen on Sun Jan 5 22:55:14 2020
    On 05/01/2020 2:29 p.m., Wilfred van Velzen : August Abolins wrote:

    According to the info at https://sks-keyservers.net/status/
    Max keys: 5964828
    That's really not a whole lot in the internet collective.

    I wouldn't want to import them all to my keyring file!

    I was just pointing out that globally, there is a relatively small
    number of people posting their keys.

    ............................. So, they ought have great
    confidence that next time they send me something to the same
    email address to sign, then my PGP-signed reply was done by me.

    That requires some human employer to check this, and would make
    the company responsible in case a human mistake was made. They
    want that to be an external risk, not theirs...

    Maybe true re external risk. But if we are just talking about a
    signature for a release-date acknowledgement, all "they" have to do is
    pull my public key to verify that the pgp-signed message with "I agree"
    was indeed penned by me.

    Some aspects of business-2-business are ripe for pgp.

    ../|ug

    --- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From August Abolins@2:221/360 to Wilfred van Velzen on Sun Jan 5 22:58:39 2020
    On 05/01/2020 2:33 p.m., Wilfred van Velzen : August Abolins wrote:

    Now that you let the cat out of the bag, so to speak.. sysops
    may be interested to add such filters to find out! LOL

    I don't think our audience is that big.

    Unless there are publicly disclosed traffic stats on netmail flowing
    through fidonet, we'll never quite know.

    ../|ug

    --- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From Wilfred van Velzen@2:280/464 to August Abolins on Mon Jan 6 18:14:11 2020
    Hi August,

    On 2020-01-05 22:55:14, you wrote to me:

    According to the info at https://sks-keyservers.net/status/
    Max keys: 5964828
    That's really not a whole lot in the internet collective.

    I wouldn't want to import them all to my keyring file!

    I was just pointing out that globally, there is a relatively small
    number of people posting their keys.

    I think almost 6 million isn't a small number. Almost 1 in every 1000 earth human has one. ;)

    On the other hand. Almost every one with a key has more than 1. (Like Tommy's 18 ;))

    That requires some human employer to check this, and would make
    the company responsible in case a human mistake was made. They
    want that to be an external risk, not theirs...

    Maybe true re external risk. But if we are just talking about a
    signature for a release-date acknowledgement, all "they" have to do is pull my public key to verify that the pgp-signed message with "I agree" was indeed penned by me.

    Some aspects of business-2-business are ripe for pgp.

    You don't have to convince me. ;)

    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From Wilfred van Velzen@2:280/464 to August Abolins on Mon Jan 6 18:23:00 2020
    Hi August,

    On 2020-01-05 22:58:39, you wrote to me:

    Now that you let the cat out of the bag, so to speak.. sysops
    may be interested to add such filters to find out! LOL

    I don't think our audience is that big.

    Unless there are publicly disclosed traffic stats on netmail flowing through fidonet, we'll never quite know.

    You could do some tests, sending encrypted and non-encrypted routed netmails through the net. But you will have to find volunteer destinations in all far away corners of the nodelist. ;)

    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From Tommi Koivula@2:221/360 to Wilfred van Velzen on Mon Jan 6 20:56:00 2020
    On 06.01.2020 19:14, Wilfred van Velzen : August Abolins :

    On the other hand. Almost every one with a key has more than 1. (Like Tommy's
    18 ;))

    Yeah, I didn't understand the whole shit once. And created new keys instead of adding into one. ;)

    'Tommi

    --- Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:68.0) Gecko/20100101 Thunderbird/68.3.1
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From Tommi Koivula@2:221/360 to Wilfred van Velzen on Mon Jan 6 21:01:13 2020
    On 06.01.2020 19:23, Wilfred van Velzen : August Abolins :

    You could do some tests, sending encrypted and non-encrypted routed
    netmails through the net. But you will have to find volunteer
    destinations in all far away corners of the nodelist. ;)
    I may need to set up my Golded to send encrypted netmail, Thunderbird does not allow encrypted mail to "news" netmail...

    'Tommi

    --- Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:68.0) Gecko/20100101 Thunderbird/68.3.1
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From Wilfred van Velzen@2:280/464 to Tommi Koivula on Mon Jan 6 20:52:13 2020
    Hi Tommi,

    On 2020-01-06 20:56:00, you wrote to me:

    On the other hand. Almost every one with a key has more than 1. (Like
    Tommy's 18 ;))

    Yeah, I didn't understand the whole shit once. And created new keys
    instead
    of adding into one. ;)

    Maybe you should revoke a bunch, so it's clear to people what the prefered one is? ;)

    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From August Abolins@2:221/360 to Wilfred van Velzen on Tue Jan 7 01:38:14 2020
    On 1/6/2020 12:23 PM, between "Wilfred van Velzen : August Abolins":

    You could do some tests, sending encrypted and non-
    encrypted routed netmails through the net. But you will
    have to find volunteer destinations in all far away corners
    of the nodelist. ;)

    For starters, the ENC flag seems to be flown in Z2 systems only. So, it
    is unlikely that anyone in Z1 would like to participate. But it could
    be interesting which non-ENC systems let the messages pass through.

    Nah.. best to stick with known systems that show ENC.

    --- Thunderbird 2.0.0.24 (Windows/20100228)
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From August Abolins@2:221/1.58 to Wilfred van Velzen on Mon Jan 6 18:51:00 2020
    Hello Wilfred!

    ** 06.01.20 - 20:52, Wilfred van Velzen wrote to Tommi Koivula:

    On the other hand. Almost every one with a key has more than 1. (Like
    Tommy's 18 ;))

    Yeah, I didn't understand the whole shit once. And created new keys
    instead of adding into one. ;)

    Maybe you should revoke a bunch, so it's clear to people what the
    prefered one is? ;)


    Or.. just keep a couple. I only have 2 of Tommi's: 0e6b3c81 and 2a6f822a

    The former has 2 added email akas, and the latter has 3.

    Those seemed to be the most recent ones anyway.



    ../|ug

    --- OpenXP 5.0.42
    * Origin: /|ug's Point, Ont. CANADA (2:221/1.58)
  • From August Abolins@2:221/1.58 to Tommi Koivula on Mon Jan 6 19:02:00 2020
    Hello Tommi!

    ** 06.01.20 - 20:56, Tommi Koivula wrote to Wilfred van Velzen:

    Yeah, I didn't understand the whole shit once. And created new keys
    instead of adding into one. ;)


    Do you mean the process they call adding "user IDs" that shows up as "Also known as.." into an existing key?

    There is still a whole pile of other shit to understand in the management
    of keys.

    The GUI tools are a great bonus.


    ../|ug

    --- OpenXP 5.0.42
    * Origin: /|ug's Point, Ont. CANADA (2:221/1.58)
  • From August Abolins@2:221/1.58 to Wilfred van Velzen on Mon Jan 6 19:13:00 2020
    Hello Wilfred!

    ** 06.01.20 - 18:14, Wilfred van Velzen wrote to August Abolins:

    Max keys: 5964828
    That's really not a whole lot in the internet collective.

    I think almost 6 million isn't a small number. Almost 1 in every 1000
    earth human has one. ;)

    On the other hand. Almost every one with a key has more than 1. (Like
    Tommy's 18 ;))

    Right, so that reduces the estimate a bit. And if you factor in the keys that are expired or revoked, the number may be significantly less.


    Some aspects of business-2-business are ripe for pgp.

    You don't have to convince me. ;)

    I'v read about S/MIME type encryption methods that use certificates. And these certificates are created and registered with an "authority". When I
    was looking for something to use with MS Outlook for business, I only came across solutions that required payment.

    Maybe big-business environments use the above solution.

    But PGP management is much simpler and gives total angency to the user.

    I am a little surprised pgp is not more ubiquitous as it *should* be.

    What type of business is/was your involvement?


    ../|ug

    --- OpenXP 5.0.42
    * Origin: /|ug's Point, Ont. CANADA (2:221/1.58)
  • From August Abolins@2:221/360 to Tommi Koivula on Tue Jan 7 04:05:02 2020
    On 1/6/2020 2:01 PM, between "Tommi Koivula : Wilfred van Velzen":

    Hi Tommi,

    I may need to set up my Golded to send encrypted netmail,
    Thunderbird does not allow encrypted mail to "news"
    netmail...

    Actually, there *may* be a way to do that entirely within TB.

    I posted two test replies in the pkey_drop. One to Wilfred, and one to
    you.

    Let me know if it worked or not.

    ../|ug

    --- Thunderbird 2.0.0.24 (Windows/20100228)
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From Tommi Koivula@2:221/360 to August Abolins on Tue Jan 7 09:33:16 2020
    I posted two test replies in the pkey_drop. One to Wilfred, and one
    to you.

    The one to me was encrypted only for youself. Very secret. :)

    --- Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:68.0) Gecko/20100101 Thunderbird/68.3.1
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From Wilfred van Velzen@2:280/464 to August Abolins on Tue Jan 7 10:38:44 2020
    Hi August,

    On 2020-01-07 01:38:14, you wrote to me:

    You could do some tests, sending encrypted and non-
    encrypted routed netmails through the net. But you will
    have to find volunteer destinations in all far away corners
    of the nodelist. ;)

    For starters, the ENC flag seems to be flown in Z2 systems only.

    Your right. Strange... Maybe they are filtered from the segments before they make it in the published nodelist?

    So, it is unlikely that anyone in Z1 would like to participate.

    I wouldn't draw that conclusion just from what is in the nodelist. ;)

    But it could be interesting which non-ENC systems let the messages
    pass through.

    That's the whole purpose of the test: Find out which systems on "all" possible routes still filter/bounce encrypted netmail.

    Nah.. best to stick with known systems that show ENC.

    It isn't the destinations we are testing but the systems along the routes...

    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From Wilfred van Velzen@2:280/464 to August Abolins on Tue Jan 7 11:29:08 2020
    Hi August,

    On 2020-01-06 18:51:00, you wrote to me:

    Maybe you should revoke a bunch, so it's clear to people what the
    prefered one is? ;)

    Or.. just keep a couple.

    That's the same thing, as you can't delete keys from keyservers, you have to revoke them, and send the updated key to the keyserver.

    I only have 2 of Tommi's: 0e6b3c81 and 2a6f822a

    The former has 2 added email akas, and the latter has 3.

    Those seemed to be the most recent ones anyway.

    Tommi should resolve the mystery, which keys are the prefered ones! ;)

    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From Wilfred van Velzen@2:280/464 to August Abolins on Tue Jan 7 11:32:08 2020
    Hi August,

    On 2020-01-06 19:13:00, you wrote to me:

    I think almost 6 million isn't a small number. Almost 1 in every
    1000 earth human has one. ;)

    On the other hand. Almost every one with a key has more than 1. (Like
    Tommy's 18 ;))

    Right, so that reduces the estimate a bit. And if you factor in the keys that are expired or revoked, the number may be significantly less.

    Probably only half or even less...

    Some aspects of business-2-business are ripe for pgp.

    You don't have to convince me. ;)

    I'v read about S/MIME type encryption methods that use certificates. And these certificates are created and registered with an "authority". When I was looking for something to use with MS Outlook for business, I only came across solutions that required payment.

    Maybe big-business environments use the above solution.

    That's probably the same thing as the certificates used in ssl/tls ip trafic (https:). And indeed those cost money if you want one from the commercial "authority"'s and don't want to use Letsencrypt.

    But PGP management is much simpler and gives total angency to the
    user.

    I am a little surprised pgp is not more ubiquitous as it *should* be.

    What type of business is/was your involvement?

    Nothing (official)... Why would you think that? ;)

    But I have developed/used pgp signing solutions for distributing software to linux embeded systems.


    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From Tommi Koivula@2:221/360 to Wilfred van Velzen on Tue Jan 7 14:22:00 2020
    Hi Wilfred.

    07 Jan 20 11:29:08, you wrote to August Abolins:

    I only have 2 of Tommi's: 0e6b3c81 and 2a6f822a
    The former has 2 added email akas, and the latter has 3.
    Those seemed to be the most recent ones anyway.

    Tommi should resolve the mystery, which keys are the prefered ones! ;)

    In email, it should be clear. In fidonet, it really doesn't matter. ;)

    'Tommi

    ---
    * Origin: - rbb.fidonet.fi - Finland - (2:221/360)
  • From Wilfred van Velzen@2:280/464 to Tommi Koivula on Tue Jan 7 13:43:14 2020
    Hi Tommi,

    On 2020-01-07 14:22:00, you wrote to me:

    Tommi should resolve the mystery, which keys are the prefered ones!
    ;)

    In email, it should be clear.

    Not for every email adres. Some have multiple corresponding keys, which aren't revoked or expired.

    In fidonet, it really doesn't matter. ;)

    I've used the ones with "fido" in them... ;)

    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From Tommi Koivula@2:221/360 to Wilfred van Velzen on Tue Jan 7 14:48:16 2020
    Hi Wilfred.

    07 Jan 20 13:43:14, you wrote to me:

    Tommi should resolve the mystery, which keys are the prefered ones!
    ;)

    In email, it should be clear.

    Not for every email adres. Some have multiple corresponding keys, which
    aren't revoked or
    expired.

    Yes. Just revoked something...

    In fidonet, it really doesn't matter. ;)

    I've used the ones with "fido" in them... ;)

    How clever. :)

    'Tommi

    ---
    * Origin: - rbb.fidonet.fi - Finland - (2:221/360)
  • From mark lewis@1:3634/12 to August Abolins on Tue Jan 7 08:10:11 2020
    Re: enc + netmail
    By: August Abolins to Tommi Koivula on Tue Jan 07 2020 04:05:02


    I posted two test replies in the pkey_drop. One to Wilfred, and
    one to you.

    please remember that PKEY_DROP is only for posting public keys... i've not posted the rules in here or there since my previous system died and i stood this one up in its place... encrypted and/or signed messsges are allowed in this echo... AFAIK, this is the only echo that allows such ;)

    thanks


    )\/(ark
    --- SBBSecho 3.10-Linux
    * Origin: SouthEast Star Mail HUB - SESTAR (1:3634/12)
  • From August Abolins@2:221/360 to Tommi Koivula on Tue Jan 7 16:09:54 2020
    On 1/7/2020 2:33 AM, between "Tommi Koivula : August Abolins":

    I posted two test replies in the pkey_drop. One to Wilfred, and one
    to you.

    The one to me was encrypted only for youself. Very secret. :)

    Thanks for the report. Obviously my workaround is a big fail.

    --- Thunderbird 2.0.0.24 (Windows/20100228)
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From Wilfred van Velzen@2:280/464 to Tommi Koivula on Tue Jan 7 15:54:31 2020
    Hi Tommi,

    On 2020-01-07 14:48:16, you wrote to me:

    In email, it should be clear.

    Not for every email adres. Some have multiple corresponding keys,
    which aren't revoked or expired.

    Yes. Just revoked something...

    Noticed... But there are still duplicate email addresses, on 2 pairs of keys:


    pub 2048R/2A6F822A 2018-08-13 [expires: 2023-01-06]
    uid [ unknown] Tommi Koivula <tommi@rbb.fidonet.fi>
    uid [ unknown] Tommi Koivula <tommi@fidonet.fi>
    uid [ unknown] Tommi Koivula <tommi@rbb.bbs.fi>
    uid [ unknown] Tommi Koivula <tommi.koivula@p1.f1.n221.z2.fidonet.fi>

    pub 2048R/4B8A1677 2018-03-28 [expires: 2024-04-23]
    uid [ unknown] Tommi Koivula <tommi@rbb.fidonet.fi>



    pub 4096R/0E6B3C81 2018-03-30 [expires: 2023-12-24]
    uid [ unknown] Tommi Koivula <tommi@koivula.iki.fi>
    uid [ unknown] Tommi Koivula <tkk@iki.fi>
    uid [ unknown] Tommi Koivula <tommi.koivula@iki.fi>

    pub 2048R/49FAC85D 2018-03-28 [expires: 2024-04-23]
    uid [ unknown] Tommi Koivula <tommi@koivula.iki.fi>


    ;)


    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From Tommi Koivula@2:221/1 to Wilfred van Velzen on Tue Jan 7 17:56:46 2020
    On 07.01.2020 16:54, Wilfred van Velzen -> Tommi Koivula :

     WV>>> Not for every email adres. Some have multiple corresponding keys,
     WV>>> which aren't revoked or expired.

     TK>> Yes. Just revoked something...

    Noticed... But there are still duplicate email addresses, on 2 pairs of
    keys:

    There should not be duplicates anymore. Maybe you were too fast and those changes were not in keyservers yet?

    'Tommi

    ---
    * Origin: jamnntp://rpi.rbb.bbs.fi (2:221/1.0)
  • From Tommi Koivula@2:221/360 to Wilfred van Velzen on Tue Jan 7 17:58:40 2020
    -----BEGIN PGP MESSAGE-----

    hQIMAzrAVz4tNILzAQ//eA3UNU/Qiv+nAoPTlm4ZeKhDgp2vuGykfUocpmPHkNKL Lmq85Km2z+daCyQ7pl44zhhTNkcqvB8Tm0vwkpnriW3mW8N/2EU58lgH5O+oQOcH 2CbxAx8nh1WD1FFA97vby/T9GrOkFnPoB+Aqorj1IKCabR2bjmcYgQydNplg8Y/S qO1H2loHIOWD22xCdKsFZ0b0IPcNVkf7A5RysO626CjDIb06ALOnXAylcuP5fSHW YZKv06oCICOY5W8n3UzScEmsErXq/VxshfHwWOrLOWSqIu/68zvVVgKeBwwV/dF8 e3+XM7tfQ//oPpLhLIqvuyiY99sS8XC5oi/wZhMiL9ScNBGYBEfUFf6Jp3DokMFs uCiaS04w79kGKXsu5KaWEe3NRrq8W/bQ0rXeL9LNGaCXE5zE84YT+eD8K5ml0Y7i M8pydNYNlJucGmVCULcZZj4wRoGBHIJGnIo1zrGhKGSj5rLf2bUkz8/hjwWNmUx+ rfhVUcqZxAlOgaFt2P7uD1uk5ZlK5IhnAvxtJWCuxbTqYJ8rQI3m3j6n+VeZVMD9 6JoZ2uMBFXiPfQK+igsOldNC+ap1qStckEjoEm4m/t96DFNB4DWomvVM0wDqIo8+ Xtploc7vfx5OwpxM49InBrl0POjYy4mKOodpKU71T+VAIs8AbC2dksmaYF9uaxPS wNgBIwVxZhbuxhCjWOi8y9yfha891VxB4GR/0JNVqCARk2dJaQHHBZ46wNXhVhAT MCjUZ/4w6T2cfk3m+q82Pq+t/EWPRsBiz/hMe3/Lul721i6RwUavtJW7719SPI0M oEnIUZPyKiH6XYvvdhIP76m7naN4r5zn3/FJZpaNbZT6b+QPESg6qTEMAvUm4ZIQ 716UFSogxIdSeHEpQk0KavAQgCSei1IF7lBW01MSNcoh6rfHM8i3EoqpheQlvj94 /pyc/v/1fNVLxcS7iEa//+p32ppkskha6BmFvLmBGR4SGkPwJhD47MU81+UDItXw emUv9rAtBPYkEEoUlUhn/z+hOWDjtO9G7GEBCCS2m5N22Q7cUGecU4ojsmhVIgli 0DqX7qL/XxpPpa/5OG0fj5hvYiWOF6I2jcgesTPk/jrfLIumUZOm6/CzJwkh/RjR SzCd1GRQkOoLhjnZkvTp+agGqmhoEAUiFSTkNLLCV5CHYFFs7CvK9el1ZFceMQH1 vOdM/PEDm209TmyzeBTRsj3H1AVDnbnsRqw=
    =+FBq
    -----END PGP MESSAGE-----
    ---
    * Origin: - rbb.fidonet.fi - Finland - (2:221/360)
  • From Wilfred van Velzen@2:280/464 to Tommi Koivula on Tue Jan 7 17:04:25 2020
    Hi Tommi,

    On 2020-01-07 17:56:46, you wrote to me:

    Noticed... But there are still duplicate email addresses, on 2 pairs
    of keys:

    There should not be duplicates anymore. Maybe you were too fast and those changes were not in keyservers yet?

    Just redid:

    wilfred@wilnux5:~> gpg --refresh-keys tommi
    gpg: refreshing 20 keys from hkp://eu.pool.sks-keyservers.net
    gpg: requesting key 2442E762 from hkp server eu.pool.sks-keyservers.net
    gpg: requesting key 56CDF35B from hkp server eu.pool.sks-keyservers.net
    gpg: requesting key B1F9FF53 from hkp server eu.pool.sks-keyservers.net
    gpg: requesting key 2A6F822A from hkp server eu.pool.sks-keyservers.net
    gpg: requesting key 5C24EC4A from hkp server eu.pool.sks-keyservers.net
    gpg: requesting key 323FA167 from hkp server eu.pool.sks-keyservers.net
    gpg: requesting key 981A0F86 from hkp server eu.pool.sks-keyservers.net
    gpg: requesting key 8980463F from hkp server eu.pool.sks-keyservers.net
    gpg: requesting key 786D789D from hkp server eu.pool.sks-keyservers.net
    gpg: requesting key B21D4F1A from hkp server eu.pool.sks-keyservers.net
    gpg: requesting key AE2AE3A8 from hkp server eu.pool.sks-keyservers.net
    gpg: requesting key 0E6B3C81 from hkp server eu.pool.sks-keyservers.net
    gpg: requesting key 5709F0A6 from hkp server eu.pool.sks-keyservers.net
    gpg: requesting key 42512A34 from hkp server eu.pool.sks-keyservers.net
    gpg: requesting key CCBEBDD7 from hkp server eu.pool.sks-keyservers.net
    gpg: requesting key 8192034C from hkp server eu.pool.sks-keyservers.net
    gpg: requesting key 4B8A1677 from hkp server eu.pool.sks-keyservers.net
    gpg: requesting key 49FAC85D from hkp server eu.pool.sks-keyservers.net
    gpg: requesting key C08933C3 from hkp server eu.pool.sks-keyservers.net
    gpg: requesting key F3490F1F from hkp server eu.pool.sks-keyservers.net
    gpg: key 2442E762: "Tommi Koivula <sysop@f10.n221.z2.fidonet.fi>" not changed gpg: key 56CDF35B: "Tommi Koivula <tommi@rbb.fidonet.fi>" not changed
    gpg: key B1F9FF53: "Tommi Koivula <0405009611@koivula.iki.fi>" not changed
    gpg: key 2A6F822A: "Tommi Koivula <tommi@rbb.fidonet.fi>" not changed
    gpg: key 5C24EC4A: "Tommi Koivula <tkkoivula@gmail.com>" not changed
    gpg: key 323FA167: "Tommi Koivula <tommi@koivula.mine.nu>" not changed
    gpg: key 981A0F86: "Tommi Koivula <tommi.koivula@insta-automation.fi>" not changed
    gpg: key 8980463F: "Tommi Koivula <tom@raa.to>" not changed
    gpg: key 786D789D: "Tommi Koivula <koivula@live.com>" not changed
    gpg: key B21D4F1A: "Tommi Koivula <iki@sci.fi>" not changed
    gpg: key AE2AE3A8: "Tommi Koivula <sysop@rbb.bbs.fi>" not changed
    gpg: key 0E6B3C81: "Tommi Koivula <tommi@koivula.iki.fi>" not changed
    gpg: assuming bad signature from key 5709F0A6 due to an unknown critical bit gpg: key 5709F0A6: "tommi@koivula.co" not changed
    gpg: key 42512A34: "Tommi Koivula <tommi@koivula.iki.fi>" not changed
    gpg: key CCBEBDD7: "Tommi Koivula <tommi@rbb.homeip.net>" not changed
    gpg: key 8192034C: "Tommi Koivula <tommi@koivula.iki.fi>" not changed
    gpg: key 4B8A1677: "Tommi Koivula <tommi@rbb.fidonet.fi>" not changed
    gpg: key 49FAC85D: "Tommi Koivula <tommi@koivula.iki.fi>" not changed
    gpg: key C08933C3: "Tommi Koivula <tommi@koivula.yi.org>" not changed
    gpg: key F3490F1F: "Tommi Koivula <tkoivula@freenet.hut.fi>" not changed
    gpg: Total number processed: 20
    gpg: unchanged: 20

    So there are no updates (yet) since I checked for the dupes earlier today...

    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From Wilfred van Velzen@2:280/464 to Tommi Koivula on Tue Jan 7 18:56:45 2020
    Hi Tommi,

    On 2020-01-07 17:58:40, you wrote to me:

    -----BEGIN PGP MESSAGE-----

    hQIMAzrAVz4tNILzAQ//eA3UNU/Qiv+nAoPTlm4ZeKhDgp2vuGykfUocpmPHkNKL Lmq85Km2z+daCyQ7pl44zhhTNkcqvB8Tm0vwkpnriW3mW8N/2EU58lgH5O+oQOcH 2CbxAx8nh1WD1FFA97vby/T9GrOkFnPoB+Aqorj1IKCabR2bjmcYgQydNplg8Y/S qO1H2loHIOWD22xCdKsFZ0b0IPcNVkf7A5RysO626CjDIb06ALOnXAylcuP5fSHW YZKv06oCICOY5W8n3UzScEmsErXq/VxshfHwWOrLOWSqIu/68zvVVgKeBwwV/dF8 e3+XM7tfQ//oPpLhLIqvuyiY99sS8XC5oi/wZhMiL9ScNBGYBEfUFf6Jp3DokMFs uCiaS04w79kGKXsu5KaWEe3NRrq8W/bQ0rXeL9LNGaCXE5zE84YT+eD8K5ml0Y7i M8pydNYNlJucGmVCULcZZj4wRoGBHIJGnIo1zrGhKGSj5rLf2bUkz8/hjwWNmUx+ rfhVUcqZxAlOgaFt2P7uD1uk5ZlK5IhnAvxtJWCuxbTqYJ8rQI3m3j6n+VeZVMD9 6JoZ2uMBFXiPfQK+igsOldNC+ap1qStckEjoEm4m/t96DFNB4DWomvVM0wDqIo8+ Xtploc7vfx5OwpxM49InBrl0POjYy4mKOodpKU71T+VAIs8AbC2dksmaYF9uaxPS wNgBIwVxZhbuxhCjWOi8y9yfha891VxB4GR/0JNVqCARk2dJaQHHBZ46wNXhVhAT MCjUZ/4w6T2cfk3m+q82Pq+t/EWPRsBiz/hMe3/Lul721i6RwUavtJW7719SPI0M oEnIUZPyKiH6XYvvdhIP76m7naN4r5zn3/FJZpaNbZT6b+QPESg6qTEMAvUm4ZIQ 716UFSogxIdSeHEpQk0KavAQgCSei1IF7lBW01MSNcoh6rfHM8i3EoqpheQlvj94 /pyc/v/1fNVLxcS7iEa//+p32ppkskha6BmFvLmBGR4SGkPwJhD47MU81+UDItXw emUv9rAtBPYkEEoUlUhn/z+hOWDjtO9G7GEBCCS2m5N22Q7cUGecU4ojsmhVIgli 0DqX7qL/XxpPpa/5OG0fj5hvYiWOF6I2jcgesTPk/jrfLIumUZOm6/CzJwkh/RjR SzCd1GRQkOoLhjnZkvTp+agGqmhoEAUiFSTkNLLCV5CHYFFs7CvK9el1ZFceMQH1 vOdM/PEDm209TmyzeBTRsj3H1AVDnbnsRqw=
    =+FBq
    -----END PGP MESSAGE-----

    That was a really exiting message! ;)

    Decoding and verifying went well:

    wilfred@wilnux5:~> gpg tommi.msg

    You need a passphrase to unlock the secret key for
    user: "Wilfred van Velzen <wvvelzen@gmail.com>"
    4096-bit RSA key, ID 2D3482F3, created 2017-10-25 (main key ID 4A97932B)

    gpg: encrypted with 4096-bit RSA key, ID 2D3482F3, created 2017-10-25
    "Wilfred van Velzen <wvvelzen@gmail.com>"
    gpg: tommi.msg: unknown suffix
    Enter new filename [GDa06700]:
    gpg: Signature made di 07 jan 2020 16:59:44 CET using RSA key ID 2A6F822A
    gpg: Good signature from "Tommi Koivula <tommi@rbb.fidonet.fi>" [unknown]
    gpg: aka "Tommi Koivula <tommi@fidonet.fi>" [unknown]
    gpg: aka "Tommi Koivula <tommi@rbb.bbs.fi>" [unknown]
    gpg: aka "Tommi Koivula <tommi.koivula@p1.f1.n221.z2.fidonet.fi>" [unknown]
    gpg: WARNING: This key is not certified with a trusted signature!
    gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 4132 67AD A3AC 401A 18C0 23D2 D229 3299 2A6F 822A


    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From August Abolins@2:221/360 to Wilfred van Velzen on Tue Jan 7 21:43:31 2020
    On 07/01/2020 12:56 p.m., Wilfred van Velzen : Tommi Koivula wrote:

     TK> -----BEGIN PGP MESSAGE-----

     TK> hQIMAzrAVz4tNILzAQ//eA3UNU/Qiv+nAoPTlm4ZeKhDgp2vuGykfUocpmPHkNKL
     TK> Lmq85Km2z+daCyQ7pl44zhhTNkcqvB8Tm0vwkpnriW3mW8N/2EU58lgH5O+oQOcH
    [snip - much super secret content removed]
     TK> SzCd1GRQkOoLhjnZkvTp+agGqmhoEAUiFSTkNLLCV5CHYFFs7CvK9el1ZFceMQH1
     TK> vOdM/PEDm209TmyzeBTRsj3H1AVDnbnsRqw=
     TK> =+FBq
     TK> -----END PGP MESSAGE-----

    That was a really exiting message! ;)

    Decoding and verifying went well:

    wilfred@wilnux5:~> gpg tommi.msg

    You need a passphrase to unlock the secret key for
    user: "Wilfred van Velzen <wvvelzen@gmail.com>"
    4096-bit RSA key, ID 2D3482F3, created 2017-10-25 (main key ID 4A97932B)

    Ahh.. so you are saving the block (pulling it out of your echomail
    reader) to file tommi.msg manually, and then running gpg in a separate window/session.

    The process is much smoother with TB and processed within the same
    reading environment/application. :)

    I guess you could accomplish something similar using macros/scripts with
    your GoldED?

    --- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From Wilfred van Velzen@2:280/464 to August Abolins on Tue Jan 7 21:52:50 2020
    Hi August,

    On 2020-01-07 21:43:31, you wrote to me:

    Decoding and verifying went well:

    wilfred@wilnux5:~> gpg tommi.msg

    You need a passphrase to unlock the secret key for
    user: "Wilfred van Velzen <wvvelzen@gmail.com>"
    4096-bit RSA key, ID 2D3482F3, created 2017-10-25 (main key ID 4A97932B)

    Ahh.. so you are saving the block (pulling it out of your echomail reader) to file tommi.msg manually, and then running gpg in a separate window/session.

    Yes, I think it's easy enough...

    The process is much smoother with TB and processed within the same
    reading environment/application. :)

    I guess you could accomplish something similar using macros/scripts with your GoldED?

    I actually just discovered I already had such a macro in my golded.cfg, I just had to assign a key to it, to actually be able to use it. ;)

    The only drawback is, I can't see the output of the decoding/verifying proces, so I don't know if the encrypted message was signed with a trusted key, or even
    not signed at all. It's probably just a matter of adding a "press any key to continu" option to the end of the decoding script, to make that possible. That would also work on clearsigned messages.

    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From August Abolins@2:221/1.58 to mark lewis on Tue Jan 7 18:12:00 2020
    Hello mark!

    ** 07.01.20 - 08:10, mark lewis wrote to August Abolins:

    I posted two test replies in the pkey_drop. One to Wilfred, and
    one to you.

    please remember that PKEY_DROP is only for posting public keys...

    Noted. But the other 2 guys started it over there! LOL


    ..AFAIK, this is the only echo that allows such ;)

    It's nice to have a pgp gpg discussion/test area to serve the fidonet demographic.



    ../|ug

    --- OpenXP 5.0.42
    * Origin: Key ID = 0x5789589B (2:221/1.58)
  • From August Abolins@2:221/1.58 to Wilfred van Velzen on Tue Jan 7 18:42:00 2020
    Hello Wilfred!

    ** 07.01.20 - 21:52, Wilfred van Velzen wrote to August Abolins:

    I actually just discovered I already had such a macro in my golded.cfg, I
    just had to assign a key to it, to actually be able to use it. ;)

    Very nice :)


    The only drawback is, I can't see the output of the decoding/verifying
    proces, so I don't know if the encrypted message was signed with a
    trusted key, or even not signed at all. It's probably just a matter of
    adding a "press any key to continu" option to the end of the decoding
    script, to make that possible. That would also work on clearsigned
    messages.

    Can you modify the macro to include the auto-signing. Gpg will pick the
    key that you have previously assigned as your primary key


    ../|ug

    --- OpenXP 5.0.42
    * Origin: Key ID = 0x5789589B (2:221/1.58)
  • From Wilfred van Velzen@2:280/464 to August Abolins on Thu Jan 9 11:47:45 2020
    Hi August,

    On 2020-01-07 18:42:00, you wrote to me:

    The only drawback is, I can't see the output of the
    decoding/verifying proces, so I don't know if the encrypted message
    was signed with a trusted key, or even not signed at all. It's
    probably just a matter of adding a "press any key to continu" option
    to the end of the decoding script, to make that possible. That would
    also work on clearsigned messages.

    Can you modify the macro to include the auto-signing. Gpg will pick the key that you have previously assigned as your primary key

    We were talking about decrypting. Signing you do with encrypting. I already have/had macros in place for that in golded. They are presented to me as options in the menu when I save the message I just entered...

    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From Tommi Koivula@2:221/360 to Wilfred van Velzen on Thu Jan 9 20:07:16 2020
    Hi Wilfred.

    09 Jan 20 11:47:44, you wrote to August Abolins:

    Can you modify the macro to include the auto-signing. Gpg will pick the
    key that you have previously assigned as your primary key

    We were talking about decrypting. Signing you do with encrypting. I
    already have/had
    macros in place for that in golded. They are presented to me as options in
    the menu
    when I save the message I just entered...


    === Cut ===

    EXTERNUTIL 2 gpg.exe --default-key 2A6F822A -o @file --clearsign @tmpfile EDITSAVEUTIL 2 "gpg sign the msg --default-key 2A6F822A"

    EXTERNUTIL 3 gpg.exe --default-key 2A6F822A -sea -o @file -r "@dname" @tmpfile EDITSAVEUTIL 3 "gpg encrypt the msg --default-key 2A6F822A"

    === Cut ===

    My Golded.cfg in Windows.

    It still asks about overwriting the msg file. But who cares... :)

    'Tommi

    ---
    * Origin: - rbb.fidonet.fi - Finland - (2:221/360)
  • From Wilfred van Velzen@2:280/464 to Tommi Koivula on Thu Jan 9 20:26:23 2020
    Hi Tommi,

    On 2020-01-09 20:07:16, you wrote to me:

    EXTERNUTIL 2 gpg.exe --default-key 2A6F822A -o @file --clearsign
    @tmpfile
    EDITSAVEUTIL 2 "gpg sign the msg --default-key 2A6F822A"

    EXTERNUTIL 3 gpg.exe --default-key 2A6F822A -sea -o @file -r "@dname" @tmpfile EDITSAVEUTIL 3 "gpg encrypt the msg --default-key 2A6F822A"

    === Cut ===

    My Golded.cfg in Windows.

    My linux golded.cfg:

    EXTERNOPTIONS -NoKeepCtrl

    EXTERNUTIL 1 /home/fido/bin/fido_gpg.sh @file -sa
    ;sign
    EXTERNUTIL 2 /home/fido/bin/fido_gpg.sh @file --clearsign
    ;clearsign
    EXTERNUTIL 3 -Wipe /home/fido/bin/fido_gpg.sh @file -ea -r "@dname" -r "@oname" ;encrypt
    EXTERNUTIL 4 -Wipe /home/fido/bin/fido_gpg.sh @file -esa -r "@dname" -r "@oname" ;enc & sign
    EXTERNUTIL 5 /home/fido/bin/fido_gpg.sh @file -u "@dname"
    ;decrypt
    EXTERNUTIL 6 -noreload /home/fido/bin/fido_gpg.sh @file -ka -u "@dname"
    ;add key

    EDITSAVEUTIL 1 "S PGP Sign the msg"
    EDITSAVEUTIL 2 "L PGP CLear-Sign the msg"
    EDITSAVEUTIL 3 "E PGP Encrypt the msg"
    EDITSAVEUTIL 4 "T PGP EncrypT & Sign the msg"

    wilnux5:/home/fido/bin # cat fido_gpg.sh
    #!/bin/dash
    TFILE=$(mktemp) || exit 1
    chmod a+rw $TFILE
    IFILE="$1"
    shift
    sudo -u wilfred gpg --yes "$@" -o $TFILE $IFILE
    mv -f $TFILE $IFILE

    This because golded runs as user fido. (This could of course be improved to check for the exit status of gpg before overwriting the $IFILE)

    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From August Abolins@2:221/360 to Wilfred van Velzen on Thu Jan 9 22:27:15 2020
    On 09/01/2020 5:47 a.m., Wilfred van Velzen : August Abolins wrote:

    We were talking about decrypting. Signing you do with
    encrypting. I already have/had macros in place for that in
    golded. They are presented to me as options in the menu when I
    save the message I just entered...

    Noted. I used the wrong term, signing. I was thinking about the part
    where we enter the passphrase. The TB/Enigmail combo is making me lazy
    with the operations ..and the terminology. I just have to click a
    button for either "sign" or just "encrypt" or both. For decrypting,
    another button reveals the signatures/verifications used *before* you
    actually trigger a decrypt (unless you configure it to auto-decrypt).

    I can't imagine doing this outside of TB. I've only started to look
    into the macro support in OpenXP, but it's looking too complicated.

    --- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From August Abolins@2:221/360 to Wilfred van Velzen on Thu Jan 9 22:37:05 2020
    On 09/01/2020 2:26 p.m., Wilfred van Velzen : Tommi Koivula wrote:
    EXTERNUTIL 1 /home/fido/bin/fido_gpg.sh @file
    -sa                       
                  ;sign

    Stupid question. Why would you just sign a message without the -e for encryption?

    --- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From Wilfred van Velzen@2:280/464 to August Abolins on Thu Jan 9 22:08:43 2020
    Below is my reply to your message. It's not encrypted only signed (but not clearsigned). Anyone with gpg can decode it and view it's contents. If they have my public key they can verify it was me who wrote it. Why you would want to do it this way, I don't know. I can't think of a use-case for it...

    -----BEGIN PGP MESSAGE-----
    Version: GnuPG v2

    owGbwMvMwMRovbl2hdf0ydqMaxlNk7jS83NSUlP0covT48Qnf/DIVHAsTS8tLtHh 4vLPUzAyMDLQNTDUNbBUMDKyMja3MjDVUajML1UoL8ovSVUoyVfITbXi4lKws1Nw jQhxDfILDfH0UTBU0M/Iz03VT8tMyddPyswDM+LTC9L1ijMUHNIyc1IVdIsTFayL M9PzgJodHe0UgktKCzJTFApLU4tLMvPz9BQUwjMqFcrzS3NSwPZlAZ2kAFKvkAi0 srg4MT1VoTyzJCO/tEShJANoXqpCWn4RxKzUvOSiygKQMfZcXJ4K5YnFQCWZedmZ eelgtcWJualgkXQ9BWtdTS4un9QSdaCaokqFzBIFkIn5eSD5YoWi1IKcSj0uLqfK VB2F8MyctCJgSHFxdTLJsDAwMjGwsTKBwoyBi1MAFqaFjwUYevb6Se79/V15cuzE KbqeIj8SN7v5Bv4+t6jyVVdOjL/IPRORvOCVbzZmWO/JD1W9tNrxdZEv3/XzJ+9v Z47lVt5ea9IcxTCRgztU+e0scfc5gXnzeD/ULBV7nsK7VvtNkkNvwZIY1tY5cR7K S/k2ub2J4Ja9sFW28nVAd9VPxdI00fheP/kXLJdyVJ69n94aYuJq2NwiOj3dfenC qx9uzo1Ts9WZUXJK18NKkcP7/NHpntfXcL7jjNwV96bInTt9dsOj1jnpb3bEqcQr /MjODeX8XySkdjRpXfiD4FyPzNWCBj3dC4V5NVNkJ7inndA9kJYSlrV/8e70H2Gb vouo7/a7vSSazz1Nz15+gv+d3eeL7D5O27vpd9WJWX0rmOcaPb39RfBd070Xhm57 Ty3K/vpJ09VHc2nWjr+Zm3T3zPae3n6zVLI75AFHbspLB4+ZO3JerMqf+zso3O9x nh9/+PR5i183G13gzuiYErX005Ksyj1+mnwX6w63hs2Vs0p4duPRQ9/6FKPdCgnJ Qbvfzp17/fspnZx58ZeMVz6tDNn7Pd3nUkkkT0q6/aOJ/ic+aexredqTEnx+sUOF 5fL3bUJHF2lmSW86spGBf/7BW6lKQf3LU5JqC6NinuzULTkVFzXx9PuOYN21E0UL o6yd/eKcRJpsLrZce6Z3rcvjTMP6OvPacxW2Uz+fuLKVdfK79zcPqB/pEZuZKQsA
    =J/zF
    -----END PGP MESSAGE-----
    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From August Abolins@2:221/360 to Wilfred van Velzen on Thu Jan 9 23:18:55 2020
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    Hi August,

    On 2020-01-09 22:37:05, you wrote to me:

    EXTERNUTIL 1 /home/fido/bin/fido_gpg.sh @file -sa ;sign

    Stupid question. Why would you just sign a message without the
    -e for AA> encryption?

    I was thinking the same thing. ;-)

    Let's try it out on this reply.

    OK.. I received it with the usual PGP BLOCK header, and all the
    gibberish, so it *is* encrypted?

    But the difference would be that anyone who has my or your public key
    can read it?






    -----BEGIN PGP SIGNATURE-----

    iQEzBAEBCAAdFiEE0OsqKVIE8xZ+slA87w6JZVeJWJsFAl4XmJYACgkQ7w6JZVeJ WJtqzQf/YA+QXVfg46z5GIQ1WwNrwF5afKr312U1dndleLYh/b7WQsq8MF8C+uE2 YoicxXFA8KqVwuLG+KTQcC3vomNQ+gCZeiMIC7lDT8Ocl8ePxisLT1rpHKvltp2s 6ZBkfZoD8C4I5pL9bErcInmhRx18dTp1SECdYuMYvUiOX7H9T3sUxi8154ZTryGt N2D2hCugtu0JcTs+i/dYSBxjEFFta+mQvWG6t8GSdguK3299/HgVtu8t2idc9e/e xl5uLujCEe5Kkqbo2IMQfjpe2jCMj9TNBsN4N3n1Ang1hxBbnypuGre/Fb7r5WLU yzVYwf5ysZc6MjYpM4cGydYyuzb8FQ==
    =t3h/
    -----END PGP SIGNATURE-----

    --- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From August Abolins@2:221/360 to Wilfred van Velzen on Thu Jan 9 23:35:38 2020
    On 09/01/2020 4:08 p.m., Wilfred van Velzen : August Abolins wrote:

    Below is my reply to your message. It's not encrypted only signed (but
    not clearsigned). Anyone with gpg can decode it and view it's contents.
    If they have my public key they can verify it was me who wrote it. Why
    you would want to do it this way, I don't know. I can't think of a
    use-case for it...

    TB decrypted it automatically, (but it obscured your preface above; the decryption result in TB fills the whole reading window of the open message).

    It contained this security header info:

    Part of the message signed Good signature from Wilfred van Velzen <wvvelzen@gmail.com> Key ID: 0xD50ECD4F514B75DC0A064F893BB37DA84A97932B
    / Signed on: 01/09/20, 3:58 PM Key fingerprint: D50E CD4F 514B 75DC 0A06
    4F89 3BB3 7DA8 4A97 932B Used Algorithms: RSA and SHA-1

    I assume that it can then be read by anyone who has the key of the
    author. ?

    If so, then a good practical use would be if you wanted a totally
    obscured message stream by adding an extra layer of frustration to just
    anyone, or even from the bots that skim messages. ? I kinda like that.

    It would force the would-be reader to collect the keys of everyone who
    is writing the messages, but still remain a lurker. ?

    Not good good for sharing sensitive info though.

    --- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From August Abolins@2:221/360 to Wilfred van Velzen on Thu Jan 9 23:45:04 2020
    Hi Wilfred,

    Further to your preceding message, you sent it signed with SHA1.

    In the real world outside of fidonet it might be wise never to use that:

    https://www.pcworld.com/article/3173791/stop-using-sha1-it-s-now-completely-unsafe.html

    https://tinyurl.com/t98dpl5

    --- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From Wilfred van Velzen@2:280/464 to August Abolins on Thu Jan 9 22:57:06 2020
    Hi August,

    On 2020-01-09 23:18:55, you wrote to me:

    EXTERNUTIL 1 /home/fido/bin/fido_gpg.sh @file -sa ;sign

    Stupid question. Why would you just sign a message without the
    -e for AA> encryption?

    I was thinking the same thing. ;-)

    Let's try it out on this reply.

    OK.. I received it with the usual PGP BLOCK header, and all the gibberish, so it *is* encrypted?

    No, only signed and ascii-encoded.

    But the difference would be that anyone who has my or your public key
    can read it?

    No, anyone can read it period. If they have my public key they can verify it's from me, but they don't need it to read the message. Your key was not involved.

    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From Wilfred van Velzen@2:280/464 to August Abolins on Thu Jan 9 22:52:51 2020
    Hi August,

    On 2020-01-09 23:35:38, you wrote to me:

    Below is my reply to your message. It's not encrypted only signed (but
    not clearsigned). Anyone with gpg can decode it and view it's contents.
    If they have my public key they can verify it was me who wrote it. Why
    you would want to do it this way, I don't know. I can't think of a
    use-case for it...

    TB decrypted it automatically, (but it obscured your preface above; the decryption result in TB fills the whole reading window of the open message).

    I get the same thing when I decode a message with mixed content from within golded. It's to be expected. But golded doesn't decode unless told to, so I always see the mixed content first...

    It contained this security header info:

    Part of the message signed Good signature from Wilfred van Velzen <wvvelzen@gmail.com> Key ID: 0xD50ECD4F514B75DC0A064F893BB37DA84A97932B
    / Signed on: 01/09/20, 3:58 PM Key fingerprint: D50E CD4F 514B 75DC 0A06 4F89 3BB3 7DA8 4A97 932B Used Algorithms: RSA and SHA-1

    Good.

    I assume that it can then be read by anyone who has the key of the
    author. ?

    No you don't even need the key, to decode it, only to verify it.

    If so, then a good practical use would be if you wanted a totally
    obscured message stream by adding an extra layer of frustration to just anyone, or even from the bots that skim messages. ? I kinda like that.

    It would force the would-be reader to collect the keys of everyone who
    is writing the messages, but still remain a lurker. ?

    It doesn't work that way.

    Not good good for sharing sensitive info though.

    Nope. And it wasn't intended for that purpose.

    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From Wilfred van Velzen@2:280/464 to August Abolins on Thu Jan 9 23:20:14 2020
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    Hi August,

    On 2020-01-09 23:45:04, you wrote to me:

    Further to your preceding message, you sent it signed with SHA1.

    In the real world outside of fidonet it might be wise never to use that:

    https://www.pcworld.com/article/3173791/stop-using-sha1-it-s-now-completel y -unsafe.html

    Yeah, I already thought so. It's the default in my older gpg version. Let me try and change that...

    Bye, Wilfred.

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2

    iQIcBAEBCAAGBQJeF6ccAAoJEDuzfahKl5MrnSQP/jvrgB+DPEFVATXJfRs26lxI If4XtA1x+kRPZd4/hvlQPsFhmGIVA8/oG84kDWA+koVRc2oql85/G0STZ2IuB8tH toqnlcNlg5O3XpRTWF84t6waJmHITB3O/oNTonJUE4mg1TJOht3xGGdKvvv2bJMU Elm2nlJhHqkwtqXq4PQop7h4FSEVtSZUUqw8JckmMEOioO0NjHR0OPpD1K5oHZTB a9XxUNiDZqnBk3AOB57Jc18LGeWFZWTfrzOMp9BM2sI82Yc42rODv2KCVO1GtEWY YSWZZBmuKZrZtNWr+y8qpdKu4QhDfTxla1+0KGc29a9YdIZCHXk6BTucdR/IJ7Ac IVVm4lL2K3EkX4Hi7eZSDfo/y1L4UTGIFc/y30iZEZUgON0imW/PLcRQlaekAuQp IXxipB44oHz5H06rBTcPvKTWLeYm7uXMZ+8c9UHZPK4/zXO3MgYzNj9oF33+kKHd kFRSuv2KYLPvOyfScV1sVDwh91VTBHYm2xss8LsVEzihNSAUeqFMp5Z/twYbnAtV YXvulX1HAyhhgTXYFRXlWI5OYzpL6xzMgI4O/hEjVTx1W4N7CpyEBiktmbv3I5fJ ingac1ookiiLDLfZrZUb2ZFXJg+TqLnMZPzE9ee8UjC59BzdkoUQI7+TJeoYfh+G WWB6fmL8MKX1R9AKfHxa
    =vhW8
    -----END PGP SIGNATURE-----
    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From August Abolins@2:221/360 to Wilfred van Velzen on Fri Jan 10 05:39:12 2020
    On 1/9/2020 4:52 PM, between "Wilfred van Velzen : August Abolins":

    Below is my reply to your message. It's not encrypted
    only signed (but not clearsigned). Anyone with gpg can
    decode it and view it's contents. If they have my public
    key they can verify it was me who wrote it. Why you would
    want to do it this way, I don't know. I can't think of a
    use-case for it...

    I will believe that when I get an -s signed message from someone for
    whom I do not have a key. Maybe mark will oblige, as I do not have his key.

    TB decrypted it automatically, (but it obscured your
    preface above; the decryption result in TB fills the whole
    reading window of the open message).

    I get the same thing when I decode a message with mixed
    content from within golded. It's to be expected. But golded
    doesn't decode unless told to, so I always see the mixed
    content first...

    I just discovered something interesting. TB 60 obscures the clear-text
    preface after auto-decrytion, but TB 2.0.0.24 (the one I am using now)
    shows both mixed content *with* the decrypted part. I like the way the
    older TB/Enigma operates! But sadly, I may have to leave TB 2.0.0.24
    when my Win10 pc is ready to use. :(

    --- Thunderbird 2.0.0.24 (Windows/20100228)
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From August Abolins@2:221/360 to Wilfred van Velzen on Fri Jan 10 05:55:01 2020
    On 1/9/2020 5:20 PM, between "Wilfred van Velzen : August Abolins":

    Further to your preceding message, you sent it signed with
    SHA1.

    Yeah, I already thought so. It's the default in my older
    gpg version. Let me try and change that...

    TB 2.0.0.24 warned me with this:

    gpg command line and output:
    C:\Program Files\gnupg\bin\gpg.exe
    gpg: Signature made 01/09/20 17:20:12 Eastern Standard Time
    gpg: using RSA key 3BB37DA84A97932B
    gpg: BAD signature from "Wilfred van Velzen <wvvelzen@gmail.com>" [unknown]

    It is warning me that you are not the person who claims to have written
    that?

    Maybe the new and old gpg programs are using different local key files
    on your pc?

    ../|ug

    --- Thunderbird 2.0.0.24 (Windows/20100228)
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From Wilfred van Velzen@2:280/464 to August Abolins on Fri Jan 10 09:18:32 2020
    Hi August,

    On 2020-01-10 05:39:12, you wrote to me:

    Below is my reply to your message. It's not encrypted
    only signed (but not clearsigned). Anyone with gpg can
    decode it and view it's contents. If they have my public
    key they can verify it was me who wrote it. Why you would
    want to do it this way, I don't know. I can't think of a
    use-case for it...

    I will believe that when I get an -s signed message from someone for
    whom I do not have a key. Maybe mark will oblige, as I do not have his key.

    I tested it on another user account on my linux machine that hasn't got yours or mine keys installed in it's gpg configuration. I get:

    ------------------------------------------------------------------------------ # gpg <signed.msg.txt
    Hi August,

    On 2020-01-09 22:37:05, you wrote to me:

    EXTERNUTIL 1 /home/fido/bin/fido_gpg.sh @file -sa ;sign

    Stupid question. Why would you just sign a message without the -e for encryption?

    I was thinking the same thing. ;-)

    Let's try it out on this reply.

    Bye, Wilfred.

    gpg: Signature made Thu Jan 9 21:58:24 2020 CET using RSA key ID 4A97932B
    gpg: Can't check signature: No public key
    # ------------------------------------------------------------------------------

    You could try the same thing on windows. ;)

    Btw: This is a good example when it's usefull to run gpg without options! ;)

    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From Wilfred van Velzen@2:280/464 to August Abolins on Fri Jan 10 09:21:10 2020
    Hi August,

    On 2020-01-10 05:55:01, you wrote to me:

    Further to your preceding message, you sent it signed with
    SHA1.

    Yeah, I already thought so. It's the default in my older
    gpg version. Let me try and change that...

    TB 2.0.0.24 warned me with this:

    gpg command line and output:
    C:\Program Files\gnupg\bin\gpg.exe
    gpg: Signature made 01/09/20 17:20:12 Eastern Standard Time
    gpg: using RSA key 3BB37DA84A97932B
    gpg: BAD signature from "Wilfred van Velzen <wvvelzen@gmail.com>"
    [unknown]

    It is warning me that you are not the person who claims to have written that?

    No, than it would say something different. This just means the cleartext, has been changed from it's original when you verify it.

    Maybe the new and old gpg programs are using different local key files
    on your pc?

    Nope.

    I just tested the original text on my windows pc at work, and I get:

    gpg: WARNING: no command supplied. Trying to guess what you mean ...
    gpg: Signature made 01/09/20 23:20:12 W. Europe Standard Time
    gpg: using RSA key 3BB37DA84A97932B
    gpg: Good signature from "Wilfred van Velzen <wvvelzen@gmail.com>" [full]
    gpg: aka "Wilfred van Velzen <wilfred@vvlzn.nl>" [unknown]
    gpg: aka "[jpeg image of size 5943]" [unknown]

    So...?

    Maybe Tommi and/or Mark can try to verify it.

    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From August Abolins@2:221/360 to Wilfred van Velzen on Fri Jan 10 17:23:42 2020
    On 10/01/2020 3:18 a.m., Wilfred van Velzen : August Abolins wrote:

    I tested it on another user account on my linux machine that
    hasn't got yours or mine keys installed in it's gpg
    configuration. I get:

    ------------------------------------
    # gpg <signed.msg.txt

    [snip]

    Btw: This is a good example when it's usefull to run gpg
    without options!


    Very nice. Thanks for explaining and showing that.

    I'll have to try that on a virgin pc with a fresh TB/Enigmail/gpg
    installation with no keys.

    --- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From August Abolins@2:221/360 to Wilfred van Velzen on Fri Jan 10 17:33:30 2020
    On 10/01/2020 3:21 a.m., Wilfred van Velzen : August Abolins wrote:

    TB 2.0.0.24 warned me with this:

    gpg command line and output: C: \Program
    Files\gnupg\bin\gpg.exe gpg: Signature made 01/09/20 17:20:12
    Eastern Standard Time gpg: using RSA key 3BB37DA84A97932B gpg:
    BAD signature from "Wilfred van Velzen <wvvelzen@gmail.com>"
    [unknown]

    I just tested the original text on my windows pc at work, and I
    get:

    gpg: WARNING: no command supplied. Trying to guess what you
    mean... gpg: Signature made 01/09/20 23:20:12 W. Europe
    Standard Time gpg: using RSA key 3BB37DA84A97932B gpg: Good
    signature from "Wilfred van Velzen <wvvelzen@gmail.com>" [full]
    gpg: aka "Wilfred van Velzen <wilfred@vvlzn.nl>" [unknown] gpg:
    aka "[jpeg image of size 5943]" [unknown]

    So...?

    Maybe Tommi and/or Mark can try to verify it.

    According to the dates (and time), we have exactly the same version of
    your keys. So, if Tommi (or me) signed your key, and I refreshed your
    keys on my systems, then the error "BAD signature" message to me would
    go away?

    BAD signature sounds misleading. It's that you just don't have anyone
    to have vouched for you yet?

    Man.. there is a plethora of terminology in this environment to get
    familiar with.

    --- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From Wilfred van Velzen@2:280/464 to August Abolins on Fri Jan 10 16:57:12 2020
    Hi August,

    On 2020-01-10 17:23:42, you wrote to me:

    I tested it on another user account on my linux machine that
    hasn't got yours or mine keys installed in it's gpg
    configuration. I get:

    ------------------------------------
    # gpg <signed.msg.txt

    [snip]

    Btw: This is a good example when it's usefull to run gpg
    without options!


    Very nice. Thanks for explaining and showing that.

    I'll have to try that on a virgin pc with a fresh TB/Enigmail/gpg installation with no keys.

    You should be able to just create a new user on your current windows pc. That new user shouldn't use the configuration/keys of your current user.

    Or if you don't want to do that, just create a new virtual machine.

    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From Wilfred van Velzen@2:280/464 to August Abolins on Fri Jan 10 17:04:43 2020
    Hi August,

    On 2020-01-10 17:33:30, you wrote to me:

    gpg: WARNING: no command supplied. Trying to guess what you
    mean... gpg: Signature made 01/09/20 23:20:12 W. Europe
    Standard Time gpg: using RSA key 3BB37DA84A97932B gpg: Good
    signature from "Wilfred van Velzen <wvvelzen@gmail.com>" [full]
    gpg: aka "Wilfred van Velzen <wilfred@vvlzn.nl>" [unknown] gpg:
    aka "[jpeg image of size 5943]" [unknown]

    So...?

    Maybe Tommi and/or Mark can try to verify it.

    According to the dates (and time), we have exactly the same version of your keys. So, if Tommi (or me) signed your key, and I refreshed your keys on my systems, then the error "BAD signature" message to me would
    go away?

    No. 'BAD signature' really means a bad signature!

    BAD signature sounds misleading. It's that you just don't have anyone
    to have vouched for you yet?

    Nope that isn't it!

    When I try to check a signature on a message that was signed with a key which I
    haven't signed yet I get for instance:

    gpg: Signature made do 09 jan 2020 22:18:14 CET using RSA key ID 5789589B
    gpg: Good signature from "August Abolins <august@kolico.ca>" [unknown]
    gpg: aka "August Abolins <august@R_E_M_O_V_Ekolico.ca>" [unknown]
    gpg: WARNING: This key is not certified with a trusted signature!
    gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: D0EB 2A29 5204 F316 7EB2 503C EF0E 8965 5789 589B

    That still says 'Good signature'! But gives a warning about the key.


    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From August Abolins@2:221/360 to Wilfred van Velzen on Sat Jan 11 02:07:22 2020
    On 1/10/2020 11:04 AM, between "Wilfred van Velzen : August Abolins":

    According to the dates (and time), we have exactly the same
    version of your keys. So, if Tommi (or me) signed your key,
    and I refreshed your keys on my systems, then the
    error "BAD signature" message to me would go away?

    No. 'BAD signature' really means a bad signature!

    What made it report BAD for me? It was exactly the same pub key pair
    between us. The exact time and date proved that.

    --- Thunderbird 2.0.0.24 (Windows/20100228)
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From Wilfred van Velzen@2:280/464 to August Abolins on Sat Jan 11 11:31:55 2020
    Hi August,

    On 2020-01-11 02:07:22, you wrote to me:

    According to the dates (and time), we have exactly the same
    version of your keys. So, if Tommi (or me) signed your key,
    and I refreshed your keys on my systems, then the
    error "BAD signature" message to me would go away?

    No. 'BAD signature' really means a bad signature!

    What made it report BAD for me? It was exactly the same pub key pair between us. The exact time and date proved that.

    So if the keys weren't the problem. Something must have changed in the plain text that was signed, before it reached you, that made it fail the verify...

    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From August Abolins@2:221/360 to Wilfred van Velzen on Sat Jan 11 19:12:27 2020
    On 11/01/2020 5:31 a.m., Wilfred van Velzen : August Abolins wrote:

    What made it report BAD for me? It was exactly the same pub key
    pair between us. The exact time and date proved that.

    So if the keys weren't the problem. Something must have changed
    in the plain text that was signed, before it reached you, that
    made it fail the verify...

    So, when it says "BAD signature", it's talking about the signature of
    the message?

    Hmmm. A single char difference (maybe the odd =20 char) gets
    introduced) and messes up the "signature" of the message.

    I see that happening when I need to copy/paste the contents of a PGP
    block and paste it into my BlackBerry's pgp decryptor window. It always
    seem to return an error and never decrypts.

    --- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From Wilfred van Velzen@2:280/464 to August Abolins on Sat Jan 11 18:24:15 2020
    Hi August,

    On 2020-01-11 19:12:27, you wrote to me:

    What made it report BAD for me? It was exactly the same pub key
    pair between us. The exact time and date proved that.

    So if the keys weren't the problem. Something must have changed
    in the plain text that was signed, before it reached you, that
    made it fail the verify...

    So, when it says "BAD signature", it's talking about the signature of
    the message?

    Yes.

    Hmmm. A single char difference (maybe the odd =20 char) gets
    introduced) and messes up the "signature" of the message.

    Yes.

    I see that happening when I need to copy/paste the contents of a PGP
    block and paste it into my BlackBerry's pgp decryptor window. It always seem to return an error and never decrypts.

    Ok...

    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From August Abolins@2:221/360 to mark lewis on Sat Jan 25 18:46:39 2020
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    On 07/01/2020 8:10 a.m., mark lewis : August Abolins wrote:

    encrypted and/or signed messsges are allowed in this echo...
    AFAIK, this is the only echo that allows such

    I recently updated my Win7 pc to TB 68 + the corresponding
    Enigmail/GPG plugin.

    But signed clear-text email seems to be rolling out with:

    gpg command line and output:
    C:\Program Files\gnupg\bin\gpg.exe
    gpg: invalid armor header: Â \r\n
    gpg: invalid armor header: Â \r\n


    Signed clear-text messages from other people in this echo look good
    and process properly.

    So, I am testing one originating from this new TB68/Enigmail combo to
    see if the "invalid armor header" is a problem here.

    I'd hate to roll back TB. But maybe all I have to do is rollback the
    Enigmail plugin version?


    - --
    Quoted with Reformator/Quoter. Info = https://tinyurl.com/sxnhuxc
    -----BEGIN PGP SIGNATURE-----

    iQEzBAEBCAAdFiEE0OsqKVIE8xZ+slA87w6JZVeJWJsFAl4scOIACgkQ7w6JZVeJ WJugNQf/TcvM1zQJi8hN42CQDCtsTbX0hu2B/Smg3k/zy6aCB5FabIRGxgQCt3C0 yROmIvUpLLwQQ8MMwzYqQfvb25ifmt1NwCNHl2sPSQVeIUQPaU/6PNeikgSNhmXH w7SxK7upP17sAjIY3sG+lOto2S6HgDtt8MVyZrbr4BAUK6EfG475oTsKgo3jezTc ALa2W3tVByYS6TlnvuyqEFJkbShw6ddl+lIclYsK3A8B0y4S+rOLlklUyloUbVY1 u4BBpQAyWXzwLb9Mfm7W/X0pcCzlxCEtn4RXblMg9o7UnVNviYupc31HbLCAo/FO 61EYIA3M6lOe/QCfx6jk62qF+xFNLg==
    =iByN
    -----END PGP SIGNATURE-----

    --- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From Wilfred van Velzen@2:280/464 to August Abolins on Sat Jan 25 21:42:27 2020
    Hi August,

    On 2020-01-25 18:46:39, you wrote to mark lewis:

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    On 07/01/2020 8:10 a.m., mark lewis : August Abolins wrote:

    encrypted and/or signed messsges are allowed in this echo...
    AFAIK, this is the only echo that allows such

    I recently updated my Win7 pc to TB 68 + the corresponding
    Enigmail/GPG plugin.

    But signed clear-text email seems to be rolling out with:

    gpg command line and output:
    C:\Program Files\gnupg\bin\gpg.exe
    gpg: invalid armor header: Â \r\n
    gpg: invalid armor header: Â \r\n


    Signed clear-text messages from other people in this echo look good
    and process properly.

    So, I am testing one originating from this new TB68/Enigmail combo to
    see if the "invalid armor header" is a problem here.

    I'd hate to roll back TB. But maybe all I have to do is rollback the Enigmail plugin version?


    - --
    Quoted with Reformator/Quoter. Info = https://tinyurl.com/sxnhuxc -----BEGIN PGP SIGNATURE-----

    iQEzBAEBCAAdFiEE0OsqKVIE8xZ+slA87w6JZVeJWJsFAl4scOIACgkQ7w6JZVeJ WJugNQf/TcvM1zQJi8hN42CQDCtsTbX0hu2B/Smg3k/zy6aCB5FabIRGxgQCt3C0 yROmIvUpLLwQQ8MMwzYqQfvb25ifmt1NwCNHl2sPSQVeIUQPaU/6PNeikgSNhmXH w7SxK7upP17sAjIY3sG+lOto2S6HgDtt8MVyZrbr4BAUK6EfG475oTsKgo3jezTc ALa2W3tVByYS6TlnvuyqEFJkbShw6ddl+lIclYsK3A8B0y4S+rOLlklUyloUbVY1 u4BBpQAyWXzwLb9Mfm7W/X0pcCzlxCEtn4RXblMg9o7UnVNviYupc31HbLCAo/FO 61EYIA3M6lOe/QCfx6jk62qF+xFNLg==
    =iByN
    -----END PGP SIGNATURE-----

    I'm getting:

    gpg: Signature made za 25 jan 2020 17:46:26 CET using RSA key ID 5789589B
    gpg: BAD signature from "August Abolins <august@kolico.ca>" [unknown]

    On this one...

    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From August Abolins@2:221/360 to Wilfred van Velzen on Sun Jan 26 04:24:19 2020
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    On 1/25/2020 3:42 PM, between "Wilfred van Velzen : August Abolins":

    I recently updated my Win7 pc to TB 68 + the corresponding
    Enigmail/GPG plugin.

    But signed clear-text email seems to be rolling out with:

    gpg command line and output:
    C:\Program Files\gnupg\bin\gpg.exe
    gpg: invalid armor header: Â \r\n
    gpg: invalid armor header: Â \r\n

    I'm getting:

    gpg: Signature made za 25 jan 2020 17:46:26 CET using RSA key ID
    5789589B
    gpg: BAD signature from "August Abolins <august@kolico.ca>" [unknown]

    On this one...

    THANK YOU.

    Something is wrong with TB 68 + Enigmail. I am guessing it might have
    to do with using UTF-8 for message encoding with that system.

    The invalid "Â" char in the PGP block is suspect of that cause.

    - From my quick initial research, there is supposed to be the equivalent
    of a &nbsp; where the "Â" shows up in the block.

    Meanwhile, this time, THIS message is originating from the TB 20.0.0.4.
    I am using UTF-8 message encoding, like I have configured for these
    nntp message areas here.

    Let's see how the signed clear-text behaves.


    -----BEGIN PGP SIGNATURE-----

    iQEzBAEBCAAdFiEE0OsqKVIE8xZ+slA87w6JZVeJWJsFAl4s+E8ACgkQ7w6JZVeJ WJts8wgApfinpTTIUpnag4dTVFFXRo21CW847SRm/xuNCWbvBRaxLTxDhf3gV5wo RsiRMCTx1hoFYaS1ZpWg0ZixcbasHvAfz5OBX3wN8is9NW94lxaQOhUYxoi2vZ9C dvN10bvTWoorWfCYt7kkbdFfVkJynEb8vO2HfCBcy6XxRz+a4BNgqs3qNPs36Juv YN/w8qlWYFPEOr0HuLCulpHBqDvPT1r/aS7yK7MIE6B2v36GPYT4DxKQGNyQP3HE GziAzVlzJVumt5HpLT9wjgPdn6VvOTPM4EPkxLcN0z1fsZHY/h5RhkcgrAFnRUhp qfD2gJI4TomJY03c7aTc8/3wMiFUug==
    =VfXg
    -----END PGP SIGNATURE-----

    --- Thunderbird 2.0.0.24 (Windows/20100228)
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From Wilfred van Velzen@2:280/464 to August Abolins on Sun Jan 26 13:12:35 2020
    Hi August,

    On 2020-01-26 04:24:19, you wrote to me:

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    Let's see how the signed clear-text behaves.

    This signature was ok...

    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From August Abolins@2:221/360 to Wilfred van Velzen on Sun Jan 26 18:49:36 2020
    On 1/26/2020 7:12 AM, between "Wilfred van Velzen : August Abolins":

    AA> Let's see how the signed clear-text behaves.

    This signature was ok...

    Thanks for confirming. That one went out with UTF-8 encoding, but my
    own copy (viewing locally) did not verify! :(

    gpg command line and output:
    C:\Program Files\gnupg\bin\gpg.exe
    gpg: Signature made 01/25/20 21:24:15 Eastern Standard Time
    gpg: using RSA key D0EB2A295204F3167EB2503CEF0E89655789589B
    gpg: BAD signature from "August Abolins <august@kolico.ca>" [ultimate]


    So, it seems that clear-text signing is only gonna work if I avoid UTF-8 charset and stick with ISO 8859-1.

    --- Thunderbird 2.0.0.24 (Windows/20100228)
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)