-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

test

-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEzBAEBCAAdFiEE0OsqKVIE8xZ+slA87w6JZVeJWJsFAl4NONkACgkQ7w6JZVeJ WJuM6Qf/SH2d3WYB4KfzXqoZAAa5cf/pzSKl40f7s2jPs9rnw57HOYb8SLAG+ttx 5fpBLO2V3BWyYUXn2bY6KKIiI9gmjXuC9FP2JtkXPeV39LR8yeu2Ea1iWS/AI7jF GPNocdfYGbeOHSsDW/82HYygiT69DbLPUXGLn4ujAzpiHgbRDNqEidtJQdKfEG3z UZfw3L71uZCAK2tnaPTBsBle0y1r1cO+ZzMcBEU3SAOA2MekrJDrpWq1q67Z0ymq UfrN6PtrPlSOjpGg+8Jh1BMr4xXCQwYeTPiZrEO6lduKO2cyIOimlOXO8nJK1vUi U1l/zoz/KMbROMTYeJfdcc0FpWGLaA==
=8I23
-----END PGP SIGNATURE-----

--- Thunderbird 2.0.0.24 (Windows/20100228)
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

Hi August,

On 2020-01-02 02:27:10, you wrote to All:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

test

-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEzBAEBCAAdFiEE0OsqKVIE8xZ+slA87w6JZVeJWJsFAl4NONkACgkQ7w6JZVeJ WJuM6Qf/SH2d3WYB4KfzXqoZAAa5cf/pzSKl40f7s2jPs9rnw57HOYb8SLAG+ttx 5fpBLO2V3BWyYUXn2bY6KKIiI9gmjXuC9FP2JtkXPeV39LR8yeu2Ea1iWS/AI7jF GPNocdfYGbeOHSsDW/82HYygiT69DbLPUXGLn4ujAzpiHgbRDNqEidtJQdKfEG3z UZfw3L71uZCAK2tnaPTBsBle0y1r1cO+ZzMcBEU3SAOA2MekrJDrpWq1q67Z0ymq UfrN6PtrPlSOjpGg+8Jh1BMr4xXCQwYeTPiZrEO6lduKO2cyIOimlOXO8nJK1vUi U1l/zoz/KMbROMTYeJfdcc0FpWGLaA==
=8I23
-----END PGP SIGNATURE-----

wilfred@wilnux5:~/tmp> gpg --verify aug.msg
gpg: Signature made do 02 jan 2020 01:27:05 CET using RSA key ID 5789589B
gpg: Can't check signature: No public key

wilfred@wilnux5:~/tmp> gpg --recv-keys 5789589B
gpg: requesting key 5789589B from hkp server keys.gnupg.net
gpgkeys: key 5789589B not found on keyserver
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0

So where can we get your key?

Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 1/3/2020 6:52 AM, between "Wilfred van Velzen : August Abolins":

Hello Wilfred!

wilfred@wilnux5:~/tmp> gpg --verify aug.msg
gpg: Signature made do 02 jan 2020 01:27:05 CET using RSA key ID 5789589B gpg: Can't check signature: No public key

wilfred@wilnux5:~/tmp> gpg --recv-keys 5789589B
gpg: requesting key 5789589B from hkp server keys.gnupg.net
gpgkeys: key 5789589B not found on keyserver
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0

So where can we get your key?

I just got started with this. I am not completely familiar how to use OpenPGP/Enigmail.

The following should be the right key for ID 5789589B

- -----BEGIN PGP PUBLIC KEY BLOCK-----

mQENBF4NOFYBCADa6gPUjpNmqWt5V5JehfGduti7TXWtfijFPrxYudCE1jleIlUw vThPsd6pX3o2KR/JkZEHpP9e1tkoUwNdOPUe1+OSkQAnr4BGbquMqE5Y79keRvAE y8CD/CzmioEZ9ij60lcu41ug3BfdDXMfubeld5dLFjsK9QySgjtztPN2m4cTpuuU 9m5bTIS5fhiHimivNgKSK2G1MAJdoR06oSEQ2SGNA8oJHeVuGMCvw/PpexzGUyeP rgmXiTvoTacX59ZuJIybNL/orUSdZmLDXGQWQ4lwmysITEOaJY5jHl3PU6+iNSF4 9L/FNQAYsOTDytzYwTwAxD77/CQI09QK1lrvABEBAAG0LEF1Z3VzdCBBYm9saW5z IDxhdWd1c3RAUl9FX01fT19WX0Vrb2xpY28uY2E+iQFUBBMBCAA+FiEE0OsqKVIE 8xZ+slA87w6JZVeJWJsFAl4NOFYCGyMFCQlmAYAFCwkIBwIGFQoJCAsCBBYCAwEC HgECF4AACgkQ7w6JZVeJWJucNwf+LmtJMmG5KFbB41k6hLXMSAQw0CFD+RFCsOyB HneBQ4cU8wFYSDZPha4giP/TbbiC1WzutO2/C+rfy3k6N1yeFla2/mVY+xGlC9x5 dkHvfkwEKfrAt4OMIAf/5Qrq/t6wjiguYRpDA6hsniDetTxjcvJJLjG4o8DgjkNx fnx4TXLVMosYELZJvEHkdUJwaU8iGZ9Pz9Z9Wpt7aewTV56cPm7tQTIQbEYOq1W8 YS1ASlfvRW0qoofZG7FH62WoCSV10I83QTilEAjtVsw/0chqrpHk1cH/u38xZYAh jGY4ocbCPilxw3mbGYBFScfBWRYYyCpFjkS/tg4QiI5e6G5aprkBDQReDThWAQgA 0kNKgT7LsfDHn7d8Ai599CvunawaEDQHCNXIEdTT0qrnyFmzV4NT2gm+G8rLbhAB wayXgO73LC+03tikuZhR2HFnrkgprP2ZmjZRyaqB4nC7SC9YRm5EwJ//HrYPL7Kz uChT2r0F38cViZxSZFLG8PCwn3P6mIUZrZfhQx3EE2B8sIUlv4b8VMgCp+rKo0aM s1VyBhuieRmChYbH/w1UxFJrdCD0h5mTpIoUgxGVaV/6x23DnAtq+EpKj6n17cdU zpEOMh9a6O5xCpzmBcH9fv0IuKIHI575ktJTIm4Dx4Y/6lEZ+X3QilGXErjDFGjz QRJ6uW5XmUJ0RtmcsmWVWQARAQABiQE8BBgBCAAmFiEE0OsqKVIE8xZ+slA87w6J ZVeJWJsFAl4NOFYCGwwFCQlmAYAACgkQ7w6JZVeJWJtEfwgAr6j/kJsuhJgpO0q+ DZPnrD3wfX97UHsJP3wNvRm0YiZKlNxYOBoUjop1fdyxIDGMAhuHi9WgN208LaAi diEZLaUJtiU+BfewkLjZV4xmt/GHP2TrMUogsrXP1jhkotWEH/TBReNYe+cJ4fcx C3xxheldYbSN9Jf01aowtjXb/7Lbw6RFk1m8tNDS1DDAzthmxBZ1z0PwCRKVho29 3lFvyMCesmbZgYROluCunYHgFQt2Bw4PPodWiHlrdqt4uA0Ptneiy/5Qb1t9qtdc yap1//5Omg+OKAjZJS8sSM40k1M23rKQ+jadqOOLSBAJ/hwXcKtnhWRSDxdw4k8w
YjG6yA==
=fbxl
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEzBAEBCAAdFiEE0OsqKVIE8xZ+slA87w6JZVeJWJsFAl4PSqoACgkQ7w6JZVeJ WJtviQgAziOcU9rSwJ7L36pN59reZbMfdWLegV5AP4uAxN4c5yie8E2qMXWiGMfl d1MuwlAeTkckRsLE8iNpWx5kfzUICbTUqzCHqaKrc8iT1AnVI6Naen1ZkNEuQcNy xdBvU1uEJfnRkxNJ8Pna4YQI1Mehat2pmyDv/TWGNylfTUhEsumNzTIVPozZnzM7 VUtDpl/KEaU3yIO3vmTHZ+FrRDgJ8MYWbbb/LdWqzN/GgF6QCZheA5XP92vmtmS0 8yjaXwixd8ITOQg0xxV4dj/d8qcQwb9L6IE+RjqLosiynt2fbPuRWZA60K8ZRyOG LSTtElqg3/yY9SvaLUpDRynqN4iPOA==
=mgJh
-----END PGP SIGNATURE-----

--- Thunderbird 2.0.0.24 (Windows/20100228)
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

Hi August,

On 2020-01-03 16:07:45, you wrote to me:

So where can we get your key?

I just got started with this. I am not completely familiar how to use OpenPGP/Enigmail.

The following should be the right key for ID 5789589B

- -----BEGIN PGP PUBLIC KEY BLOCK-----

I can now verify your message had a correct signature made with this key:

wilfred@wilnux5:~/tmp> gpg --import aug.key
gpg: key 5789589B: public key "August Abolins <august@R_E_M_O_V_Ekolico.ca>" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
wilfred@wilnux5:~/tmp> gpg --verify aug.msg
gpg: Signature made vr 03 jan 2020 15:07:38 CET using RSA key ID 5789589B
gpg: Good signature from "August Abolins <august@R_E_M_O_V_Ekolico.ca>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: D0EB 2A29 5204 F316 7EB2 503C EF0E 8965 5789 589B

The trust thing is sort of an issue. I can't just sign your key (technically I could of course), because I can't verify it's really you. Anyone could login to
Tommy's nntp server as 'August Abolins'. and "fake" email addresses are also easy to create/get. And since you are not a node we can't even exchange some crash netmails...


Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

On 03/01/2020 10:02 a.m., Wilfred van Velzen : August Abolins wrote:

Hello Wilfred!

I can now verify your message had a correct signature made with
this key:

wilfred@wilnux5: ~/tmp> gpg -- import aug.key gpg: key
5789589B: public key "August Abolins
<august@R_E_M_O_V_Ekolico.ca>" imported gpg: Total number
processed: 1 gpg: imported: 1 (RSA: 1) wilfred@wilnux5

Cool! I still have to learn how to do that here.

I have used the pgp signing process in the long ago past, but now and I am rusty and have only begun figuring out "the process" to use in this new environment.

I like the Enigmail/OpenPGP integration in Thunderbird.

When pgp first came out found, I found it fascinating. I immediately wondered why *wouldn't* anyone want to use it on a regular basic for email exchanges. But at that time, using it required complex extra manual steps - especially for
decrypting. Looks like this TB/OpenPGP/Enigmail integration can decrypt automatically.

But email became a horrible monster filled with html codes, graphics, and many fancy things that people have been mesmerized with. It would be too inconvenient to decrypt that each and every time, I guess.

I think my old public key is still out there. (I have not really looked for it though. I don't remember the servers I used.) The private key is probably still
on a 3½ diskette, somewhere.

The trust thing is sort of an issue. I can't just sign your key (technically I could of course), because I can't verify it's
really you. Anyone could login to Tommy's nntp server
as 'August Abolins'. and "fake" email addresses are also easy
to create/get. And since you are not a node we can't even
exchange some crash netmails...

Well.. there *is* the email clue above. ;) A few email exchanges, and the analysis of the headers could be one way to get confidence whether the email I claim to use above is really me or suspicious.

There is still a trust issue in this whole process for sure. At least one other
person who could actually vouch that I am who I am would be needed.

W.r.t nntp, another "August Abolins" could come from many different outside systems. True. But since registering on Tommi's system requires human intervention, I don't think he would permit another me to register on his system with exactly the same FN LN. So, technically you could be confident that
once you grab my public key from here, future correspondences are from "the August Abolins originally seen on Tommi's system." ? :)

As a minimum, if Tommi were to sign my key, (since my messages are originating on *his* system, and we can be sure that he's the *real deal* operating his *own* system, and I had to be registered manually to have access) then that would be a nice vote of confidence.

There is another verification process I can suggest. I'll cover that later. And maybe I'll encrypt that message! <G>

Cheers!
../|ug

--- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

Hi August,

On 2020-01-03 18:20:39, you wrote to me:

I can now verify your message had a correct signature made with
this key:

wilfred@wilnux5: ~/tmp> gpg -- import aug.key gpg: key
5789589B: public key "August Abolins
<august@R_E_M_O_V_Ekolico.ca>" imported gpg: Total number
processed: 1 gpg: imported: 1 (RSA: 1) wilfred@wilnux5

Cool! I still have to learn how to do that here.

This was done by hand. I exported the message from golded to a file. Imported the key from it, and then did the verify as the commands show...

I have used the pgp signing process in the long ago past, but now and
I am rusty and have only begun figuring out "the process" to use in
this new environment.

There are configuration lines in my golded config to do gpg/pgp functions, but I can't remember when I last used them. Maybe never...

I like the Enigmail/OpenPGP integration in Thunderbird.

When pgp first came out found, I found it fascinating.

Me too.

I immediately wondered why *wouldn't* anyone want to use it on a
regular basic for email exchanges.

And in fidonet some systems wouldn't allow encrypted routed netmail messages to
pass their systems... I remember there was a lot of discussion going on about that at the time.

I think my old public key is still out there. (I have not really
looked for it though. I don't remember the servers I used.)

Afaik most key-servers are connected to each other these days, and exchange keys on a regular basis. So if your key is out there, it might be "everywhere".
;)

When I search for "abolins" on my (default) key-server it finds 27 keys as old as from 1994. But none include a mention of "august".

The private key is probably still on a 3½ diskette, somewhere.

I have a lot of them still around (mainly Amiga formatted). Haven't tried them in a few decades, and it would surprise me if they are still readable. ;)

The trust thing is sort of an issue. I can't just sign your key
(technically I could of course), because I can't verify it's
really you. Anyone could login to Tommy's nntp server
as 'August Abolins'. and "fake" email addresses are also easy
to create/get. And since you are not a node we can't even
exchange some crash netmails...

Well.. there *is* the email clue above. ;) A few email exchanges, and

the

analysis of the headers could be one way to get confidence whether the email I claim to use above is really me or suspicious.

It would establish some trust I suppose. ;)

It would have helped if we already had email exchanges before this conversation
about keys though! ;)

There is still a trust issue in this whole process for sure. At least
one other person who could actually vouch that I am who I am would be needed.

That would help!

W.r.t nntp, another "August Abolins" could come from many different outside systems. True. But since registering on Tommi's system
requires human intervention, I don't think he would permit another me
to register on his system with exactly the same FN LN. So, technically
you could be confident that once you grab my public key from here,
future correspondences are from "the August Abolins originally seen on Tommi's system." ? :)

As a minimum, if Tommi were to sign my key, (since my messages are originating on *his* system, and we can be sure that he's the *real deal* operating his *own* system, and I had to be registered manually to have access) then that would be a nice vote of confidence.

That would help. I already have Tommi's key(s):

wilfred@wilnux5:~/tmp> gpg -kv koivula
gpg: using PGP trust model
gpg: NOTE: signature key 2442E762 expired di 03 dec 2019 11:00:00 CET
gpg: NOTE: signature key 2442E762 expired di 03 dec 2019 11:00:00 CET
gpg: NOTE: signature key 2442E762 expired di 03 dec 2019 11:00:00 CET
pub 1024R/2442E762 2015-11-20 [revoked: 2019-12-02]
uid [ revoked] Tommi Koivula <sysop@f10.n221.z2.fidonet.fi>
uid [ revoked] Tommi Koivula <sysop@rbb.bbs.fi>
uid [ revoked] Tommi Koivula <root@tkk.iki.fi>
sub 1024R/B8627807 2015-11-20 [revoked: 2019-12-02]

gpg: can't handle public key algorithm 22
gpg: can't handle public key algorithm 18
pub 4096R/56CDF35B 2017-10-27 [revoked: 2019-12-29]
uid [ revoked] Tommi Koivula <tommi@rbb.fidonet.fi>
uid [ revoked] Tommi Koivula <tommi@fidonet.fi>
uid [ revoked] Tommi Koivula <tommi.koivula@f10.n221.z2.fidonet.fi>
sub 4096R/3ECEC94C 2017-10-27 [revoked: 2019-12-29]

pub 4096R/B1F9FF53 2017-06-16 [expires: 2023-09-10]
uid [ unknown] Tommi Koivula <0405009611@koivula.iki.fi>
uid [ revoked] Tommi Koivula <tommi@koivula.iki.fi>
uid [ unknown] Tommi Koivula <root@koivula.iki.fi>
uid [ unknown] Tommi Koivula <0407680500@koivula.iki.fi>
uid [ revoked] Tommi Koivula <o4o5oo9611@elisanet.fi>
sub 4096R/7289F937 2017-06-16 [expires: 2023-09-10]

And I can already exchange (crash) netmail with him on a secure binkp connection (we have a link).

There is another verification process I can suggest. I'll cover that later. And maybe I'll encrypt that message! <G>

Cliffhanger! ;)

Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

On 03/01/2020 12:27 p.m., Wilfred van Velzen : August Abolins wrote:

I think my old public key is still out there. (I have not
really looked for it though. I don't remember the servers I
used.)

The one at MIT (which sounds like where I would have submitted my key) but fails with this:

--[begin]--
Proxy Error

The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request GET /pks/lookup.

Reason: Error reading from remote server
--[end]--

I didn't expect that from the great MIT.

Afaik most key-servers are connected to each other these days,
and exchange keys on a regular basis. So if your key is out
there, it might be "everywhere".

Yes.. I notice that keys are now pooled and distributed to other servers. Things have certainly changed since I first started with PGP in the 90's.

I looked with a few listed here: https://sks-keyservers.net/status/

When I search for "abolins" on my (default) key-server it finds
27 keys as old as from 1994. But none include a mention
of "august".

Are they *all* from 1994? 1994 sounds about right when I actually submitted to a server. I found about the same number of references to abolins as you at a few random servers from the sks link above. I am surprised that I wouldn't have included my FN. I wonder if the last entry in one of those searches could be it!

pub 512R/246249F7 1994-02-16

The DATE and bit size certainly looks right. 1994 is about the last time I actually used pgp. And, I am pretty sure the key signature was small before I learned about the benefits of larger ones.

The private key is probably still on a 3S diskette, somewhere.

I have a lot of them still around (mainly Amiga formatted).
Haven't tried them in a few decades, and it would surprise me
if they are still readable.

This is what I did with a bunch of 3 1/2 diskettes a few years ago:

http://kolico.ca/fidonet/echos/win95/index.html#diskettes



As an aside: I like the "status" page at https://sks-keyservers.net/status/

It would be fun to see a similar live version of something like that for the modest 900 IP nodes. ..But I digress.

Cheers!
../|ug

--- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


Hi Wilfred.

03 Jan 20 18:27:28, you wrote to August Abolins:

There are configuration lines in my golded config to do gpg/pgp functions, but I can't remember when I last used them. Maybe never...

I have (S)ign function set up in my GoldED. Nothing else. :)

I like the Enigmail/OpenPGP integration in Thunderbird.

As August said, Enigmail in Thunderbird is quite nice.

And in fidonet some systems wouldn't allow encrypted routed netmail messages to pass their systems... I remember there was a lot of discussion going on about that at the time.

Yes, there was a lot discussion in finnish echos too.

,U,ENC. :)

As a minimum, if Tommi were to sign my key, (since my messages are

I just signed the key of August. :)

'Tommi



-----BEGIN PGP SIGNATURE-----

iQJFBAEBCAAvFiEESUTEY3HGTj5gd0IrNqcDHlbN81sFAl4PodQRHHRvbW1pQGZp ZG9uZXQuZmkACgkQNqcDHlbN81sjIQ/+PWiGAlGDFMcqXrm7mg51fs3kNEBQ4Pvq KwPuCMLod78kLkJzxtN2NNaYUDrwy89E+4dX+tjRn3Qb4Zcpg5CmbRPaG/EYm2pI /2+3zJxTecVQ99PvYDD7yOc+yPWXxtG01uoLeBoKc++270oZVIyRUlid/ChK4P4j 5h1l+BTWLO6IZrDoPngqLu+M5ZwS3ox9g+TbDD5J2sga5swFKPP6gV9Mg4fv65iT caHQjRNhdUG1+8v5W51qkM1wkBnP5/gkH4s5EpPOS2KhPurx3DYGc+1DdVFwU7Pp Vl9rjVCQMWBUIFTTsapwNIFEox32qSi6wsVW88MSGAvz6qPm9jZRnbBCEoC+VDg1 Hbt0RRLK7V5kuZrSK4R3Ja2YYqg8QIfHG6tVUlPYy+hZbIXB7d6FUJjE4VhHWAB0 5oOz9RuHg0XGbm1PSSTueOL2+tkzRkp9AF3YBA+BztByEzGmJUhovkcCD7/AShQJ DBl95YMMKmEfKsXWNf9XfGDD++ojXZn9Sfy75e7IcPN7a7qA5armenPSxfnq8cMh OtxLYnjGKRxWb0Sh0XkYu2I5fZdexQHdeCm4faxtmpDztrxza6usJ4cPjGv+YQWA +pK8s+/PMNPGLzM3OR+daTWQZsC0IvNXP9iRaHEUv8VhfYHnt8Zd6BnacacrtWmI
ufoJKqsPeY8=
=k731
-----END PGP SIGNATURE-----
---
* Origin: - rbb.fidonet.fi - Finland - (2:221/360)

Hi August,

On 2020-01-03 22:02:34, you wrote to me:

The one at MIT (which sounds like where I would have submitted my key)
but fails with this:

--[begin]--
Proxy Error

The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request GET /pks/lookup.

Reason: Error reading from remote server
--[end]--

I didn't expect that from the great MIT.

I get the same error there...

Afaik most key-servers are connected to each other these days,
and exchange keys on a regular basis. So if your key is out
there, it might be "everywhere".

Yes.. I notice that keys are now pooled and distributed to other servers. Things have certainly changed since I first started with PGP in the 90's.

I looked with a few listed here: https://sks-keyservers.net/status/

You probably got the same results everywhere, because they are all synced. ;)

When I search for "abolins" on my (default) key-server it finds
27 keys as old as from 1994. But none include a mention
of "august".

Are they *all* from 1994?

Nope, only the last one.

This is the list I get:

https://pgp.surfnet.nl/pks/lookup?search=abolins&fingerprint=on&op=index

1994 sounds about right when I actually submitted to a server. I
found about the same number of references to abolins as you at a few random servers from the sks link above. I am surprised that I wouldn't have included my FN. I wonder if the last entry in one of those
searches could be it!

pub 512R/246249F7 1994-02-16

The DATE and bit size certainly looks right. 1994 is about the last time

I

actually used pgp. And, I am pretty sure the key signature was small

before

I learned about the benefits of larger ones.

I get that same one in my list, but I don't think it's compatible with modern gpg2 that I use.
I can import it from the keyserver:

wilfred@wilnux5:~/tmp> gpg --recv-keys 246249F7
gpg: requesting key 246249F7 from hkp server keys.gnupg.net
gpg: key 246249F7: no user ID
gpg: Total number processed: 1

But afterwards it can't be listed:

wilfred@wilnux5:~/tmp> gpg -kv 246249F7
gpg: using PGP trust model
gpg: can't handle public key algorithm 22
gpg: can't handle public key algorithm 18
gpg: error reading key: No public key

This is what I did with a bunch of 3 1/2 diskettes a few years ago:

http://kolico.ca/fidonet/echos/win95/index.html#diskettes

You have too much time! ;)

As an aside: I like the "status" page at https://sks-keyservers.net/status/

It would be fun to see a similar live version of something like that
for the modest 900 IP nodes. ..But I digress.

Fun for some, but painfull for others: It would embarrass a lot of hosts, because it would show how bad their segments are maintained in the nodelist...


Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

Hi Tommi,

On 2020-01-03 22:12:32, you wrote to me:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

There are configuration lines in my golded config to do gpg/pgp
functions, but I can't remember when I last used them. Maybe never...

I have (S)ign function set up in my GoldED. Nothing else. :)

You will have to fix that though, because I get:

wilfred@wilnux5:~/tmp> gpg --verify tommi.msg
gpg: Signature made vr 03 jan 2020 21:19:32 CET using RSA key ID 56CDF35B
gpg: Good signature from "Tommi Koivula <tommi@rbb.fidonet.fi>" [unknown]
gpg: aka "Tommi Koivula <tommi@fidonet.fi>" [unknown]
gpg: aka "Tommi Koivula <tommi.koivula@f10.n221.z2.fidonet.fi>"
[unknown]
gpg: WARNING: This key has been revoked by its owner!
gpg: This could mean that the signature is forged.
gpg: reason for revocation: No reason specified
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 4944 C463 71C6 4E3E 6077 422B 36A7 031E 56CD F35B

... on this message. So you are using a revoked key!?

I just signed the key of August. :)

And where is it? If it's only in your keyring, it's not very usefull for the rest of the world, that you signed it. ;)

Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

gpg: WARNING: This key has been revoked by its owner!
gpg: This could mean that the signature is forged.
gpg: reason for revocation: No reason specified
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 4944 C463 71C6 4E3E 6077 422B 36A7 031E 56CD F35B

... on this message. So you are using a revoked key!?

Interesting.. Why is GPG using the revoked one, when there is a working one available... Hmm...

I just signed the key of August. :)

And where is it? If it's only in your keyring, it's not very usefull
for the rest of
the world, that you signed it. ;)

It should have been uploaded to the keyserver.

'Tommi

-----BEGIN PGP SIGNATURE-----

iQFFBAEBCAAvFiEEQTJnraOsQBoYwCPS0ikymSpvgioFAl4PtiARHHRvbW1pQHJi Yi5iYnMuZmkACgkQ0ikymSpvgipG3gf7BX0gxT/n+klaHU3/Q7wlr6rdPULfwwYH s5UjuMXNY+eudix4C3nR4V9g7vaIOdkPJbLmkwl9P7sNMTUULXhLd/aK0WlHaQr6 11U9RYyQHxhjx7dhxENtDqmUMXAizCwO/YTukK1PjxItz6rsLKKpoJKO6KqcMFGD ZvlFvtMFFCkzBGYk23T+lx5fmYoG4CGpMGhpN6GBsJUtGkwLRWavXwBHfRg32L8s 1lhGmoO4lbG/CBO8q5o9G0eJia8+nddMYQR0Al2FJndwT7oqGrDbji0Y/K3Wtf1t RiKB4x1o6WSfLAbOxcd+x0uJ8UbZ79xTnCL+KJD65nW00q924zl8wQ==
=kktI
-----END PGP SIGNATURE-----
---
* Origin: - rbb.fidonet.fi - Finland - (2:221/360)

Hi Tommi,

On 2020-01-03 23:45:16, you wrote to me:

gpg: WARNING: This key has been revoked by its owner!
gpg: This could mean that the signature is forged.
gpg: reason for revocation: No reason specified
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the
owner.
Primary key fingerprint: 4944 C463 71C6 4E3E 6077 422B 36A7 031E 56CD
F35B

... on this message. So you are using a revoked key!?

Interesting.. Why is GPG using the revoked one, when there is a working

one

available... Hmm...

I don't know. Maybe it's the default? (Can you set a default key?)

This one had a valid signature from a valid key.

I just signed the key of August. :)

And where is it? If it's only in your keyring, it's not very usefull
for the rest of
the world, that you signed it. ;)

It should have been uploaded to the keyserver.

Of course! Got it... ;)

Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

On 1/3/2020 3:12 PM, between "Tommi Koivula : Wilfred van Velzen":

And in fidonet some systems wouldn't allow encrypted routed
netmail messages to pass their systems... I remember there
was a lot of discussion going on about that at the time.

Yes, there was a lot discussion in finnish echos too.

, U, ENC. :)

How is that supposed to be interpreted? The nodelist just says "node
accepts inbound encrypted mail". And, is encrypted mail only supported *between* nodes that _both_ have ENC specified?

As a minimum, if Tommi were to sign my key..

I just signed the key of August. :)

Cool. Thanks.

../|ug

--- Thunderbird 2.0.0.24 (Windows/20100228)
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

On 1/3/2020 4:05 PM, between "Wilfred van Velzen : August Abolins":

This is the list I get:

https://pgp.surfnet.nl/pks/lookup?search=abolins&fingerprint=on&op=index

Thank you for that. Yes, that list looks the same at the other servers
that I tried. Syncing is working!

I get that same one in my list, ..
..I can import it from the keyserver: ..
But afterwards it can't be listed: ..

If my original key has either expired or is no longer compatible with
the newer PGP since then, that is probably a good thing.

This is what I did with a bunch of 3 1/2 diskettes a few
years ago: ..

You have too much time! ;)

It was something one could do rather mindlessly while watching TV. I
actually had another pair of hands helping me. We went through that
cubic foot of diskettes in less than 3 hours.

As an aside: I like the "status" page at
https://sks-keyservers.net/status/

It would be fun to see a similar live version of something
like that for the modest 900 IP nodes...But I digress.

Fun for some, but painfull for others: It would embarrass a
lot of hosts, because it would show how bad their segments
are maintained in the nodelist...

The squeaky wheel gets the grease. <g>

There is another one that I first mentioned in FUTURE4FIDO in April:

https://fido.net.wisc.edu/

A version for Fidonet IP/BBS network status would be very cool. But I digress..

../|ug

--- Thunderbird 2.0.0.24 (Windows/20100228)
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

Hello Wilfred!

** 03.01.20 - 16:07, August Abolins wrote to Wilfred van Velzen:

wilfred@wilnux5:~/tmp> gpg --verify aug.msg
gpg: Signature made do 02 jan 2020 01:27:05 CET using RSA key ID 5789589B
gpg: Can't check signature: No public key

The following should be the right key for ID 5789589B

- -----BEGIN PGP PUBLIC KEY BLOCK-----

mQENBF4NOFYBCADa6gPUjpNmqWt5V5JehfGduti7TXWtfijFPrxYudCE1jleIlUw
vThPsd6pX3o2KR/JkZEHpP9e1tkoUwNdOPUe1+OSkQAnr4BGbquMqE5Y79keRvAE

I am going to have to scrap the key for ID 5789589B above. I did not realize that the email address that I needed to configure in OpenPGP
should not be padded like I had it done as "august@R_E_M_O_V_Ekolico.ca"

When I tried to actually send a message, Thunderbird was looking for a matching "august@R_E_M_O_V_Ekolico.ca" account.

What a friggin learning curve.


../|ug

--- OpenXP 5.0.42
* Origin: /|ug's Point, Ont. CANADA (2:221/1.58)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


On 04.01.2020 0:40, Wilfred van Velzen wrote:

... on this message. So you are using a revoked key!?

Interesting.. Why is GPG using the revoked one, when there is a working

one

available... Hmm...

I don't know. Maybe it's the default? (Can you set a default key?)

In Golded setup I could use the exact fingerprint to choose the key instead of using the email address. "gpg.exe -o @file -u "tommi@fidonet.fi" --clearsign @tmpfile" apparently picked up the first one in the ring. The revoked one.

This one had a valid signature from a valid key.

Good.

I just signed the key of August. :)

And where is it? If it's only in your keyring, it's not very usefull
for the rest of the world, that you signed it. ;)

It should have been uploaded to the keyserver.

Of course! Got it... ;)

:)

'Tommi


-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEE+hnho0Ro0laqZGpRFRvBesy+vdcFAl4QRx8ACgkQFRvBesy+ vdfR2gf/d7VV+DW/FbiyMyc7ZwPalNVUNzxj6n3MZ36qN6nZ43H6jisU156ofzQr rx9S6F9gM37D1qBax7DKY5UAXW5+iXbO14fnnKkZ84BuvVPhnDx+I4MO+xS/TB9n 1ZcjvP7IeCpj3Q4xHCVKTo9JdagDgdgBxyLqEWhLt3zRdtXrK+eb4el5EjQmXlau 7wF0yCFjVemvtlTsHksIm5qPqtkp2f4sf7MtWNy7Iuka+6EboCpYxICoCZe4IYMw X7SF053tn6206w4APjwUlRXI6zjFivukGCxQUHNLyC2Hjwd827Hvp7M9i6GQajUG B5s548qnJ84nbqGjHBq3SmQ792Da3A==
=/0jo
-----END PGP SIGNATURE-----

--- Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:68.0) Gecko/20100101 Thunderbird/68.3.1
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

On 04.01.2020 1:58, August Abolins : Tommi Koivula :

And in fidonet some systems wouldn't allow encrypted routed
netmail messages to pass their systems... I remember there
was a lot of discussion going on about that at the time.

Yes, there was a lot discussion in finnish echos too.

,U,ENC. :)

How is that supposed to be interpreted?… The nodelist just says "node
accepts inbound encrypted mail".… And, is encrypted mail only supported *between* nodes that _both_ have ENC specified?

There is no nodelist flag that tells NOT to accept encrypted mail.

So my node will accept encrypted mail and will forward it but you cannot know how the next hop treats it.

Please test. :D

'Tommi

--- Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:68.0) Gecko/20100101 Thunderbird/68.3.1
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

On 03/01/2020 10:02 a.m., Wilfred van Velzen : August Abolins wrote:

Hello Wilfred,

The following should be the right key for ID 5789589B

I am going to have to scrap the key for ID 5789589B above. I did
not realize that the email address that I needed to configure in
OpenPGP should not be padded like I had it done
as "august@R_E_M_O_V_Ekolico.ca"

Actually, since the key is signed now, it could still serve a purpose. I also noticed that it was published on one of the servers. I found it in at pgpkeys.co.uk. Since it bears Tommi's validation, I'll keep it, add a non-padded version of my email, see how to work this whole thing.

--- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

Hi August,

On 2020-01-04 03:17:03, you wrote to me:

If my original key has either expired or is no longer compatible with
the newer PGP since then, that is probably a good thing.

Yep.

Btw: I'm using 'gpg' (2), which I think is more or less the standard software on linux to do (open)pgp stuff with.

There is another one that I first mentioned in FUTURE4FIDO in April:

https://fido.net.wisc.edu/

What is that supposed to show? It seems like a bunch of random "info" to me...


Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

Hi August,

On 2020-01-04 00:45:00, you wrote to me:

The following should be the right key for ID 5789589B

I am going to have to scrap the key for ID 5789589B above. I did not realize that the email address that I needed to configure in OpenPGP should not be padded like I had it done as
"august@R_E_M_O_V_Ekolico.ca"

It's not necessary to "scrap" a key, just because the "uid" (user ID) is no longer relevant.

You can add additional (new) uid's, you can delete uid's (but that won't remove
them from keys on keyservers), and you can revoke uid's.

For instance my 9611AC4F key (which is on the keyservers), has 3 active uid's (with current email addresses), and 3 revoked uid's (with email address I no longer use)...

Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

On 04/01/2020 11:31 a.m., Wilfred van Velzen : August Abolins wrote:

It's not necessary to "scrap" a key, just because the "uid"
(user ID) is no longer relevant.

You can add additional (new) uid's, you can delete uid's (but
that won't remove them from keys on keyservers), and you can
revoke uid's.

I am not sure I can tie a proper (non-padded) email address to the one I
messed up with the program I am using. I'm pretty new to the process. I
have to figure out the right rhythm and steps.

If you were to create an email to me using my current key, would you
have to remove the R_E_M_O_V_E part manually each and every time?

For instance my 9611AC4F key (which is on the keyservers), has
3 active uid's (with current email addresses), and 3 revoked
uid's (with email address I no longer use)...

Yes, I pulled that one down. It has 5 "Also known as" email addresses.

Key management could be a nightmare across multiple devices.

It's pretty neat that I can look up old friends and check the properties
of the keys.

--- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

On 04/01/2020 11:26 a.m., Wilfred van Velzen : August Abolins wrote:

Btw: I'm using 'gpg' (2), which I think is more or less the
standard software on linux to do (open)pgp stuff with.

Hello Wilfred!

It is a very smart inclusion in linux. But I'll stick with a Windows
offering. The Enigmail version, as an Add-On for Thunderbird, seems to
be a smooth integration. The only thing I can't seem to check is which
PGP version my Enigmail/GnuPG-generated key is using. But the linux
tool can do that.

I first installed Enigmail on an XP pc with an older Thunderbird v24.
The default server searches don't seem to work. But it looks like I can
pick different ones.

I just installed Enigmail on my Win7 pc (from which this message
originates). The default server options for searches are different, but
one of them works! I'll have to see if I can use the same server on the
other pc.

https://fido.net.wisc.edu/

What is that supposed to show? It seems like a bunch of
random "info" to me...

Oh no! They removed the dog with the wagging tail! :(

It reports the status of various IP devices, computers, alarms, and
sensors all over their campus in real time.

--- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Tommi,

On 2020-01-04 10:04:46, you wrote to me:

I don't know. Maybe it's the default? (Can you set a default key?)

In Golded setup I could use the exact fingerprint to choose the key instead of using the email address. "gpg.exe -o @file -u "tommi@fidonet.fi" --clearsign @tmpfile" apparently picked up the first one in the ring. The revoked one.

This one had a valid signature from a valid key.

Good.

Checking if my golded signing configuration works... ;)

Bye, Wilfred.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBAgAGBQJeEM+bAAoJEDuzfahKl5MrlYAQAI7o25SMQd5kVh3uz1UEpl1n kwt6S18ic4WHMN9b3gd+U9PdCTcKvOOuxgl/LoAfw1Re3ECfn+9GGXjj/ABDaZAS 8V5cJfsDmw5mxf/7TGk1N087FFeA09/Pd83RRPUQibI+JE8ZfSq60I0D0yURTm9J iDiR8SV+ZJQ2JALOh/GiQLZwtau18/uHCUSIRxCEQ7zTJOq9rpPPggiHV8vK0plG +eGAwo0Oij73MK+039f6sBjlmCIBU90JFedEEZQiWbGWUHAmhEiVMp+ZZmc0/9mg WEU7KmYEPw11AzHRFxTnQzIn73iPpCpIVOUcAw1EWhoav1dfvHywbYU+rtcDwuyP i2j9+sewN/uwjyyJLeWvFP4xtJm6roAsEpjvilUhyX7q3vvaO+R0ZiBjS68Jxh2Y N37sNjb7VhONhvBe478+YAmjZCeW9oUoaA1kjAoZQZ6sVnAHbuhxzL4KJgxuYspO fvu1f034Ys1B7QXV8Kknzgi8mT433kmYr2q+5M5ranR7ajS+oOWEq5jCzvg6MPUA qvC7HfoRX2qFwYcUuxR3Iniy3hbHZdeTA/ZsV6AJ9aCNb0u2ZjGAaEiKZuTVaejB 8U1XRYehQHsSk+XJn6msqxEKag3ycc7kqWD7QOAjtyrv8soYLxs0g48KE3TEtMzw LSdVYNM7ahTN7XMVWsT6
=uWMu
-----END PGP SIGNATURE-----
--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

Hi Tommi,

On 2020-01-04 10:04:46, you wrote to me:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I'm wondering why yours uses SHA256 and mine uses SHA1. SHA1 is the more compatibel one with older versions, but is less secure...

I don't know. Maybe it's the default? (Can you set a default key?)

In Golded setup I could use the exact fingerprint to choose the key

instead

of using the email address. "gpg.exe -o @file -u "tommi@fidonet.fi" --clearsign @tmpfile" apparently picked up the first one in the ring. The revoked one.

Just found the --default-key option. ;)

I have this in my ~/.gnupg/gpg.conf file:

# If you have more than 1 secret key in your keyring, you may want to
# uncomment the following option and set your preferred keyid.

default-key 3BB37DA84A97932B

The man page says this:

--default-key name
Use name as the default key to sign with. If this option is not used, the default key is the first key found in the secret keyring. Note
that -u or --local-user overrides this option.


Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

Hi August,

On 2020-01-04 19:37:35, you wrote to me:

It's not necessary to "scrap" a key, just because the "uid"
(user ID) is no longer relevant.

You can add additional (new) uid's, you can delete uid's (but
that won't remove them from keys on keyservers), and you can
revoke uid's.

I am not sure I can tie a proper (non-padded) email address to the one I messed up with the program I am using.

What program are you using?

And you should be able to! ;)

I'm pretty new to the process. I have to figure out the right rhythm
and steps.

If you were to create an email to me using my current key, would you
have to remove the R_E_M_O_V_E part manually each and every time?

I have no clue, I have never tried sending an encrypted email. ;)

For instance my 9611AC4F key (which is on the keyservers), has
3 active uid's (with current email addresses), and 3 revoked
uid's (with email address I no longer use)...

Yes, I pulled that one down. It has 5 "Also known as" email addresses.

Key management could be a nightmare across multiple devices.

It shouldn't. Just publish your keys to a key-server, and pull in what you need
on other devices... Although private keys of course can't be pushed to a key-server and will have to be exchanged using whatever suites you...

It's pretty neat that I can look up old friends and check the
properties of the keys.

Indeed. ;)

But are those older keys still usable? I have two keys from 1993, I no longer remember the passwords for. :-(
But they aren't on the keyservers afaik, so nobody will be tempted to use them.
;)

Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


On 04.01.2020 19:47, Wilfred van Velzen : Tommi Koivula wrote:

Checking if my golded signing configuration works... ;)

Works ok! However, using Thunderbird as a fidonet client does not show
your from: name as it should. But it works. ;)

'Tommi



-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEQTJnraOsQBoYwCPS0ikymSpvgioFAl4Q8rEACgkQ0ikymSpv giruOwf/cWXutYJ3K3UVfQ3YSxgOTcE91rXATYTm4Mbgm6wdkaJNnDyg8S7rwtf4 anF6l7IExq89aYVi0qMgyunFHWfLTUCwl6dvxwZOIQ0tXR+cXoxmatF320vwpc51 2y7iSNaBmgal+xfuGHgrVPiMnjzBrKW8o5l5cGCpHaTxlUtDiQpXRA6lQYTcz9H3 kJ0EGAm2VW6XepDMdLHxG3Kw6VrNLKRjpry36PrDGhpDVrgyjEj5Qf0MGaCLpCys LC4WcQZxMDM3rjqqV61NDXfM20No8QfnFFZCQSBmateXHG8Ug6kIkTg2ZsKssrfu W6vVeZ7Cj86/RU9JLClPr0V6bZkJ7w==
=YB70
-----END PGP SIGNATURE-----

--- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.3.1
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


On 04.01.2020 20:11, Wilfred van Velzen : Tommi Koivula wrote:

-----BEGIN PGP SIGNED MESSAGE----- TK> Hash: SHA256

I'm wondering why yours uses SHA256 and mine uses SHA1. SHA1 is the
more compatibel one with older versions, but is less secure...

Hmm.. No idea..

Just found the --default-key option. ;)

I did it too!

I have this in my ~/.gnupg/gpg.conf file:

Googled also this one. :)

The "--default-key" way works better in my Win/OS2 LAN, where I can
access the same Golded from different workstations.

Next I need to set it up in my Ubuntu system. ;)

'Tommi


-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEQTJnraOsQBoYwCPS0ikymSpvgioFAl4Q9BAACgkQ0ikymSpv gipNNwf+JP4m9tX8hUNACVBttVj6Ely1Ov625g4zUwrN/8g1nITYXMbJOhnRspJM X7oNyxlsyG7otWEBrqisbND3CBqak1o2Yh5pIREXEgzkUGex+FjGQgBLJ56tk+8X Uy0mRVGVnY79von2tNVOnQibuDwrHaGOdWSkfU8QiYM9pgm2vSrUHUpo48WZeGhF lAjl8OU+snTFWyN/DgLbh8l1JLsPxvGXiZz+Dy8HxBfJjhwqp6G66g3mTEgSfwe4 QhqQ3XtMHkOe8MVWrPmOkhnt4qWrxj5H9s+dZOUsUXchSWtSnpWVJt2BfwushCov R1zkVt33spUZit8ofd96knxA9QrBtw==
=zMwa
-----END PGP SIGNATURE-----

--- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.3.1
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

On 04.01.2020 19:37, August Abolins : Wilfred van Velzen :

Key management could be a nightmare across multiple devices.

I export my secret keys to a "home" directory in my LAN, and then I can
import them to any workstation.

Enigmail is a nice tool, as well as kleopatra of gpg4win package.

'Tommi

--- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.3.1
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

Hi August,

On 2020-01-04 20:08:43, you wrote to me:

Btw: I'm using 'gpg' (2), which I think is more or less the
standard software on linux to do (open)pgp stuff with.

It is a very smart inclusion in linux. But I'll stick with a Windows offering. The Enigmail version, as an Add-On for Thunderbird, seems
to be a smooth integration. The only thing I can't seem to check is
which PGP version my Enigmail/GnuPG-generated key is using. But the
linux tool can do that.

You could for instance add: https://www.gpg4win.org/ to your windows setup, so you have a decent key management tool...

Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

Hi Tommi,

On 2020-01-04 22:16:54, you wrote to me:

Checking if my golded signing configuration works... ;)

Works ok! However, using Thunderbird as a fidonet client does not show your from: name as it should. But it works. ;)

Cool!

Good to know it works. (But I won't be signing every message by default ;))

Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

Hi Tommi,

On 2020-01-04 22:22:45, you wrote to me:

-----BEGIN PGP SIGNED MESSAGE----- TK> Hash: SHA256

I'm wondering why yours uses SHA256 and mine uses SHA1. SHA1 is the
more compatibel one with older versions, but is less secure...

Hmm.. No idea..

You don't have anything in you gpg.conf ? Maybe thunderbird forces it?

Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

On 04/01/2020 3:27 p.m., Tommi Koivula : August Abolins wrote:

Key management could be a nightmare across multiple devices.

I export my secret keys to a "home" directory in my LAN, and
then I can import them to any workstation.

I might like to use it from a laptop that I carry around, and from a
desktop at another location. I guess I can delegate the laptop as my
"home". I usually have the laptop with me wherever I go anyway.

I wouldn't want to store keys on a USB though. I lost a USB (fell off my keychain!) last year. Among other files, I had an MS Access database
copy on it, and lo an behold, a resourceful person actually explored the details and extracted credit card info from the .accdb file. I noticed
the unusual charges pretty much right away, but all was taken care of well.

Meanwhile, I found a PGP app for my Blackberry. Getting the secret keys
to it in a secure way are a bit tricky though. But once done, I should
be fine for several years.

Enigmail is a nice tool, as well as kleopatra of gpg4win
package.

It is absolutely amazing that a simple add-on can introduce a nice new
feature to TB.

I am having trouble signing this message! Enigmail is sending me in a loop!

../|ug

--- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


04 Jan 20 22:00, Wilfred van Velzen wrote to Tommi Koivula:

Hi Tommi,

On 2020-01-04 22:22:45, you wrote to me:

-----BEGIN PGP SIGNED MESSAGE----- TK> Hash: SHA256

I'm wondering why yours uses SHA256 and mine uses SHA1. SHA1 is the
more compatibel one with older versions, but is less secure...

Hmm.. No idea..

You don't have anything in you gpg.conf ?

Nope. Maybe it is how the key was initially created?

Maybe thunderbird forces it?

I don't think so...

I'll sign this one with Golded.

'Tommi


-----BEGIN PGP SIGNATURE-----

iQFFBAEBCAAvFiEEQTJnraOsQBoYwCPS0ikymSpvgioFAl4Q/0oRHHRvbW1pQHJi Yi5iYnMuZmkACgkQ0ikymSpvgiqwUAgAmjRIGH7yG4TrQCDafDksLeMVe0Xm/YyW VmGN5LIJ42znECV6RLsxo+JuxFqbOxru+QTstqUzjIkuNWKvSpNkOVx+pMN+BSXz kAfy1WTbr7jmA+i1k9wnWyAbMobPffpgIK4TGRi2MGqRFEBzFOXNH2tVAhDVSXe3 y3yIMw7EkHnMFv39S8RBdVyJZ/5N2WPCMd6T5ub+TeAVudOqn8OThw9R04AkMBsx HgddGQIdJt4GSWCWeWyRAItENfKV1QmiaX89dAWQCs8xggwrXew75OvGEKk+yffT tfdEFmcwKBo/u7VzvWQc8jbwiez2+tHi6mNXwdcLM+2GkY1ZR6xywA==
=lvUq
-----END PGP SIGNATURE-----
---
* Origin: 2001:470:1f15:cb0:f1d0:2:221:1 (2:221/1)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I'll sign this one with Golded.

'Tommi

Hi Tommi, Enigmail is reporting the following for your previous message:

Enigmail Security Info Part of the message signed Unverified signature
Public key D22932992A6F822A used to verify signature BAD signature
from Tommi Koivula <tommi@fidonet.fi>

Why would it be BAD?






-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEE0OsqKVIE8xZ+slA87w6JZVeJWJsFAl4RA14ACgkQ7w6JZVeJ WJv41wf/fOkkUiiP+5Ef6VoeCnnj7DkyeXO+jXZpUjbDzP0oA2TpFV6c8RSuaGwx p5NEKp23LEpLsfZur0A6LugGM2XrvH512kDViNre4MHz4xskTbioLiMV9FDefdxP jIcy8letr5RQB73XP/+lNkmnFO7Sqgrij3OLDdLIvL+ElElVr4/7SB5oBHjXDszQ Q8joYb1H1gFAtXdkI4DIHforpTnUA90NTZ5UJh88dnA3Sp/OStUA5CkfCrOy7Bia ZpEUea0FIUxH+DJJnhROjDV2JyGEBCPu68jMBHN6AM//d0Yo85ny0Ikb/x8xOBNU qD9A0oKMWrhFBg2kNo/X7BHmqAA/Qw==
=RG4n
-----END PGP SIGNATURE-----

--- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

On 4.1.2020 23:28, August Abolins : Tommi Koivula wrote:

I'll sign this one with Golded.

'Tommi

Hi Tommi, Enigmail is reporting the following for your previous message:

Enigmail Security Info Part of the message signed Unverified signature
Public key D22932992A6F822A used to verify signature BAD signature
from Tommi Koivula <tommi@fidonet.fi>

Why would it be BAD?

I'm not sure but it may be because of the way how JamNNTPd shows the
From: field.

'Tommi

--- Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:68.0) Gecko/20100101 Thunderbird/68.3.1
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

On 04/01/2020 4:36 p.m., Tommi Koivula : August Abolins wrote:

Enigmail Security Info Part of the message signed Unverified signature
Public key D22932992A6F822A used to verify signature BAD signature
from Tommi Koivula <tommi@fidonet.fi>

Why would it be BAD?

I'm not sure but it may be because of the way how JamNNTPd shows the
From: field.

Looking at your key, it is not signed by anyone else. Could that be
what is meant by unverified?

Did my recent nntp signed messages verify at your side?

../|ug

--- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

On 04/01/2020 4:36 p.m., Tommi Koivula : August Abolins wrote:

Enigmail Security Info Part of the message signed Unverified signature
Public key D22932992A6F822A used to verify signature BAD signature
from Tommi Koivula <tommi@fidonet.fi>

Why would it be BAD?

I'm not sure but it may be because of the way how JamNNTPd shows the
From: field.

More info:

This message that you wrote here..

X-JAM-From: Tommi Koivula <2:221/360.0>
X-JAM-To: Wilfred van Velzen
X-JAM-MSGID: 2:221/360.0 5e10f2b2
X-JAM-REPLYID: 2:280/464 5e10cfa1
--- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101
Thunderbird/68.3.1
+ Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

...reports GOOD:

Enigmail Security Info Part of the message signed Good signature from
Tommi Koivula <tommi@fidonet.fi> Key ID: 0x413267ADA3AC401A18C023D2D22932992A6F822A / Signed on: 01/04/20, 3:16
PM Key fingerprint: 4132 67AD A3AC 401A 18C0 23D2 D229 3299 2A6F 822A
Used Algorithms: RSA and SHA256

But, you used a different system and editor for the one that reports BAD:

+ Origin: 2001:470:1f15:cb0:f1d0:2:221:1 (2:221/1)
..using GoldED


Maybe that is a clue.

--- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

Hi August,

On 2020-01-04 23:09:17, you wrote to Tommi Koivula:

Meanwhile, I found a PGP app for my Blackberry. Getting the secret
keys to it in a secure way are a bit tricky though.

If you used decent passwords for the secret keys, it doesn't matter if the files fall in the wrong hands...

Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

Hi Tommi,

On 2020-01-04 23:08:50, you wrote to me:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

You don't have anything in you gpg.conf ?

Nope. Maybe it is how the key was initially created?

I don't think the hash used has anything to do with your key.

Maybe thunderbird forces it?

I don't think so...

I'll sign this one with Golded.

Still SHA256. It might have to do with the gpg version you are using. Mine is somewhat older:

# gpg --version
gpg (GnuPG) 2.0.24
libgcrypt 1.6.1
...

Maybe the default hash algorithme has change in newer versions?

Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

Hi August,

On 2020-01-04 23:28:04, you wrote to Tommi Koivula:

I'll sign this one with Golded.

'Tommi

Hi Tommi, Enigmail is reporting the following for your previous message:

Enigmail Security Info Part of the message signed Unverified signature Public key D22932992A6F822A used to verify signature BAD signature
from Tommi Koivula <tommi@fidonet.fi>

Why would it be BAD?

I'm getting a good signature on Tommy's message:

gpg: Signature made za 04 jan 2020 22:10:34 CET using RSA key ID 2A6F822A
gpg: Good signature from "Tommi Koivula <tommi@rbb.fidonet.fi>" [unknown]
gpg: aka "Tommi Koivula <tommi@fidonet.fi>" [unknown]
gpg: aka "Tommi Koivula <tommi@rbb.bbs.fi>" [unknown]
gpg: aka "Tommi Koivula <tommi.koivula@p1.f1.n221.z2.fidonet.fi>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 4132 67AD A3AC 401A 18C0 23D2 D229 3299 2A6F 822A


Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

Hi Wilfred.

04 Jan 20 23:45:04, you wrote to me:

I'll sign this one with Golded.

Still SHA256. It might have to do with the gpg version you are using. Mine

is

somewhat older:

# gpg --version
gpg (GnuPG) 2.0.24
libgcrypt 1.6.1
...

Maybe the default hash algorithme has change in newer versions?

Perhaps.. In this Windows I'm using :

=== Cut ===

gpg --version

gpg (GnuPG) 2.2.19
libgcrypt 1.8.5
Copyright (C) 2019 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: C:/Users/root/AppData/Roaming/gnupg
Tuetut algoritmit:
JulkAvain: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Salaus: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Tiiviste: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Pakkaus: pakkaamaton, ZIP, ZLIB, BZIP2
=== Cut ===

'Tommi

PS. I hate when programs speak finnish, even if I have an english OS... :)

---
* Origin: - rbb.fidonet.fi - Finland - (2:221/360)

On 1/4/2020 12:47 PM, between "Wilfred van Velzen : Tommi Koivula":

Hi Wilfred,

The message I am replying to in this message gave me this report:

Error - signature verification failed

gpg command line and output:
C:\Program Files\gnupg\bin\gpg.exe
gpg: Signature made 01/04/20 12:47:07 Eastern Standard Time
gpg: using RSA key 3BB37DA84A97932B
gpg: BAD signature from "Wilfred van Velzen <wvvelzen@gmail.com>"
[unknown]


It's the one you wrote to Tommi with:

WvV> -----BEGIN PGP SIGNED MESSAGE-----
WvV> Hash: SHA1

--- Thunderbird 2.0.0.24 (Windows/20100228)
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

On 1/4/2020 1:30 PM, between "Wilfred van Velzen : August Abolins":

I am not sure I can tie a proper (non-padded) email address
to the one I messed up with the program I am using.

What program are you using?
And you should be able to! ;)

Enigmail. It integrates GnuPG into Thunderbird as an add-on so that it
looks and operates as if were part of Thunderbird.

Apparently, I haven't fully explored its full configuration options.
There are so many. I saw a setting on my other pc where I could "assign"
other identities to the existing ones. Maybe that is the answer.

If you were to create an email to me using my current key,
would you have to remove the R_E_M_O_V_E part manually each
and every time?

I have no clue, I have never tried sending an encrypted
email. ;)

Next to being able to sign messages in echomail/newsgroups, fully
encrypted messages only make sense in email - direct to a specific
individual.

It's pretty neat that I can look up old friends and check
the properties of the keys.

Indeed. ;)

But are those older keys still usable? I have two keys from
1993, I no longer remember the passwords for. :-( But they
aren't on the keyservers afaik, so nobody will be tempted
to use them. ;)

That's the beauty of pulling down the keys and checking their
properties. The properties will reveal creation dates, expiry dates, revocations,etc. It would be relatively easy to just pick the most
recent date, and send a brief hello message with a CC: and see which
ones reach their target.

--- Thunderbird 2.0.0.24 (Windows/20100228)
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

On 1/4/2020 3:57 PM, between "Wilfred van Velzen : August Abolins":

You could for instance add: https://www.gpg4win.org/ to
your Windows setup, so you have a decent key management tool...

I noticed that one too. Enigmail is not bad, except the version
designed for TB 24, XP, is probably a bit outdated considering there are
newer versions for more recent versions of TB. But I will soon be
migrating my files to a newer latop with Win7. There, I should be able
to have smoother operations with a more recent Enigmail.

--- Thunderbird 2.0.0.24 (Windows/20100228)
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

On 1/4/2020 3:58 PM, between "Wilfred van Velzen : Tommi Koivula":

Good to know it works. (But I won't be signing every
message by default ;))

Signing probably makes most sense for official content that contains
specific data, dates, to register an official vote, etc.

The technology was probably only intended to be used in direct 1 to 1
exchanges like email.

Sometimes I get requests from vendors via email that require a
confirmation for a particular agreement. There is a document that they
request be signed. In the not too distant past, I would print the doc,
add my signature, scan it, print it and fax it. Very time consuming.

When the fax device died (pc usb type), I would take a pictures of the
signed doc, copy the pic to the network and email the pic.

Since then, I've learned to sign the pdf version of the doc and email it
back.

But a pgp signature would be even simpler and faster.


../|ug

--- Thunderbird 2.0.0.24 (Windows/20100228)
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

On 1/4/2020 5:42 PM, between "Wilfred van Velzen : August Abolins":

Meanwhile, I found a PGP app for my Blackberry. Getting the
secret keys to it in a secure way are a bit tricky though.

If you used decent passwords for the secret keys, it
doesn't matter if the files fall in the wrong hands...

I could email the secret keys between my devices, but I don't like the
idea that email in general is in the clear and the isp/systems enroute
can cache and record anything.

The passphrase is fairly decent. I am confident that no one would be
able to guess it.

--- Thunderbird 2.0.0.24 (Windows/20100228)
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

On 1/4/2020 5:51 PM, between "Wilfred van Velzen : August Abolins":

Enigmail Security Info Part of the message signed Unverified signature Public key D22932992A6F822A used to verify signature BAD signature
from Tommi Koivula <tommi@fidonet.fi>

Why would it be BAD?

I'm getting a good signature on Tommy's message:

gpg: Signature made za 04 jan 2020 22:10:34 CET using RSA key ID 2A6F822A gpg: Good signature from "Tommi Koivula <tommi@rbb.fidonet.fi>" [unknown] gpg: aka "Tommi Koivula <tommi@fidonet.fi>" [unknown]
gpg: aka "Tommi Koivula <tommi@rbb.bbs.fi>" [unknown]
gpg: aka "Tommi Koivula <tommi.koivula@p1.f1.n221.z2.fidonet.fi>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the
owner.
Primary key fingerprint: 4132 67AD A3AC 401A 18C0 23D2 D229 3299 2A6F 822A

I think it has to do with whether he is using GoldED or Thunderbird.

My keys with his ID 2A6F822A do not have the long
p1.f1.n221.z2.fidonet.fi address in the list. And my Enigmail reports a different fingerprint.

--- Thunderbird 2.0.0.24 (Windows/20100228)
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

Hello Tommi!

** 04.01.20 - 10:15, Tommi Koivula wrote to August Abolins:

There is no nodelist flag that tells NOT to accept encrypted mail.

So my node will accept encrypted mail and will forward it but you
cannot know how the next hop treats it.

Please test. :D

To me, if the original concensus was "no enrypted mail in fidonet" then
the nodelist U,ENC only covers the exceptions. ?

In that setting U,ENC only makes sense for netmail exchanges between users
of that same host. (If only the documentations could say it as simple as that!)

Further, since there is no way for a user to know in advance how one U,ENC system routes their mail, and since there is no guarante what happens if a packet reaches a non-U,ENC system, there is no point in taking chances and causing annoyance. :(

Pooh.

But kudos to those systems that accomidate U,ENC without flinching!

Meanhile, email is probably a more reliable option for really private messaging anyway.



../|ug

--- OpenXP 5.0.42
* Origin: /|ug's Point, Ont. CANADA (2:221/1.58)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Meanhile, email is probably a more reliable option for really
private messaging anyway.

As long as you dont use Gmail. ;)

'Tommi



-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEQTJnraOsQBoYwCPS0ikymSpvgioFAl4RxPQACgkQ0ikymSpv giqNlQf+LbMwBq2IlR9H2fsNJPuW7wZJpqZD3rIGveY2t+fRH+gsEwPhbcQJjlDf ZLIUl8KkjnIUErc7E8o4Gm78mLt/m1YQjXJaSHwHHBXU5+3+1riCkZQFDhLAIpWy tdYmyaqJwETk3HJhiuA++cMkg/Nur2QiFYMo1/qy4DPRGTeqSQvRSdXw8iiq4H0y heRIzYhgIggCVLTTnjZqNkPoSyWSHYLXOsQeb7qENs9ZX82UIe9jnpXlq0DVhTxE M6n2UkjVf5ZBSz37tuFPsXb2bFeFHDJz+yGGS0v9BzWX9jHcpsi/XTDJDhILRdOc xHrghBv1Ey19SijGaPzU21Kqlb8KmA==
=0ILC
-----END PGP SIGNATURE-----

--- Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.2.2
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

Hi Tommi,

On 2020-01-05 00:56:06, you wrote to me:

Maybe the default hash algorithme has change in newer versions?

Perhaps.. In this Windows I'm using :

Tuetut algoritmit:
JulkAvain: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Salaus: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Tiiviste: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Pakkaus: pakkaamaton, ZIP, ZLIB, BZIP2

There are some differences in my versions algorithms:

Supported algorithms:
Pubkey: RSA, ELG, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

But that doesn't show, what the defaults are, under what circumstances.

PS. I hate when programs speak finnish, even if I have an english
OS... :)

Same here with Dutch! ;)

Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

Hi August,

On 2020-01-05 02:14:47, you wrote to me:

The message I am replying to in this message gave me this report:

Error - signature verification failed

gpg command line and output:
C:\Program Files\gnupg\bin\gpg.exe
gpg: Signature made 01/04/20 12:47:07 Eastern Standard Time
gpg: using RSA key 3BB37DA84A97932B
gpg: BAD signature from "Wilfred van Velzen <wvvelzen@gmail.com>" [unknown]

It's the one you wrote to Tommi with:

So you don't have the key I used there?


Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

Hi August,

On 2020-01-05 02:30:00, you wrote to me:

Apparently, I haven't fully explored its full configuration options.
There are so many. I saw a setting on my other pc where I could
"assign" other identities to the existing ones. Maybe that is the
answer.

Probably!

Next to being able to sign messages in echomail/newsgroups, fully encrypted messages only make sense in email - direct to a specific individual.

Or routed netmail!

But are those older keys still usable? I have two keys from
1993, I no longer remember the passwords for. :-( But they
aren't on the keyservers afaik, so nobody will be tempted
to use them. ;)

That's the beauty of pulling down the keys and checking their
properties. The properties will reveal creation dates, expiry dates, revocations,etc. It would be relatively easy to just pick the most
recent date, and send a brief hello message with a CC: and see which
ones reach their target.

If there are multiple keys to choose from...

Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

Hi August,

On 2020-01-05 03:08:42, you wrote to me:

Good to know it works. (But I won't be signing every
message by default ;))

Signing probably makes most sense for official content that contains specific data, dates, to register an official vote, etc.

Yes, it doesn't add too much in the mostly casual communication that goes on in
fidonet...

The technology was probably only intended to be used in direct 1 to 1 exchanges like email.

I don't think so. It also has it's function in public forums like fido's echomail...

Sometimes I get requests from vendors via email that require a confirmation for a particular agreement. There is a document that they request be signed. In the not too distant past, I would print the doc, add my signature, scan it, print it and fax it. Very time consuming.

When the fax device died (pc usb type), I would take a pictures of the signed doc, copy the pic to the network and email the pic.

Since then, I've learned to sign the pdf version of the doc and email it back.

But a pgp signature would be even simpler and faster.

If they can verify the signature is really made by who you claim you are! It would be even better, because it's easier to create a false hand written signature.

Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

Hi August,

On 2020-01-05 03:21:24, you wrote to me:

If you used decent passwords for the secret keys, it
doesn't matter if the files fall in the wrong hands...

I could email the secret keys between my devices, but I don't like the idea that email in general is in the clear and the isp/systems enroute
can cache and record anything.

You can use a common storage place, either on your own network or external lile
dropbox. If that's an encrypted place (I don't know if dropbox is by default?) that would be even better.

The passphrase is fairly decent. I am confident that no one would be
able to guess it.

Than it doesn't matter too much what you use to exchange the secret key files.

Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

Hi August,

On 2020-01-05 03:34:10, you wrote to me:

Enigmail Security Info Part of the message signed Unverified

signature

Public key D22932992A6F822A used to verify signature BAD signature
from Tommi Koivula <tommi@fidonet.fi>

Why would it be BAD?

I'm getting a good signature on Tommy's message:

gpg: Signature made za 04 jan 2020 22:10:34 CET using RSA key ID 2A6F822A
gpg: Good signature from "Tommi Koivula <tommi@rbb.fidonet.fi>" [unknown]
gpg: aka "Tommi Koivula <tommi@fidonet.fi>" [unknown]
gpg: aka "Tommi Koivula <tommi@rbb.bbs.fi>" [unknown]
gpg: aka "Tommi Koivula
<tommi.koivula@p1.f1.n221.z2.fidonet.fi>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the
owner.
Primary key fingerprint: 4132 67AD A3AC 401A 18C0 23D2 D229 3299 2A6F
822A

I think it has to do with whether he is using GoldED or Thunderbird.

I don't think that matters. It's what happens between him and the receivers system to the contents of the message, before the verify...

My keys with his ID 2A6F822A do not have the long
p1.f1.n221.z2.fidonet.fi address in the list. And my Enigmail reports a different fingerprint.

Then you should update the key from a keyserver...

Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

Hi August,

On 2020-01-04 21:40:00, you wrote to Tommi Koivula:

Further, since there is no way for a user to know in advance how one
U,ENC system routes their mail, and since there is no guarante what happens if a packet reaches a non-U,ENC system, there is no point in taking chances and causing annoyance. :(

The worlds view/commonsense on transporting encrypted content has changed in the few decades since the discussion in fidonet about this! If it didn't internet banking wouldn't be possible for instance! ;-)

Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

Re: Key management could be a nightmare
By: August Abolins to Wilfred van Velzen on Sun Jan 05 2020 03:21:24

I could email the secret keys between my devices, but I don't like the
idea that email in general is in the clear and the isp/systems enroute
can cache and record anything.

use pgp/gpg to encrypt it, then email it, and decrypt it on the other end...


)\/(ark
--- SBBSecho 3.10-Linux
* Origin: SouthEast Star Mail HUB - SESTAR (1:3634/12)

Hello mark!

** 05.01.20 - 07:46, mark lewis wrote to August Abolins:

Re: Key management could be a nightmare
By: August Abolins to Wilfred van Velzen on Sun Jan 05 2020 03:21:24

I could email the secret keys between my devices, but I don't like
the idea that email in general is in the clear and the isp/systems
enroute can cache and record anything.

use pgp/gpg to encrypt it, then email it, and decrypt it on the other
end...

Still working through the morning coffee? <BWG>

I need that key on the other end *before* I can decrypt anything.

;)




../|ug

--- OpenXP 5.0.42
* Origin: /|ug's Point, Ont. CANADA (2:221/1.58)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 1/5/2020 6:13 AM, between "Tommi Koivula : August Abolins":

AA >> Meanhile, email is probably a more reliable option for
AA >> really private messaging anyway.

As long as you dont use Gmail. ;)

https://support.google.com/mail/answer/6330403?hl=en

So, maybe there is progress in that direction.

If people did start using their S/MIME support (uses certificates? not
keys?) they'd probably want to control or track the usage and sell the info/stats in order to monetize it.

BTW.. I am really liking the Enigmail/GnuPG add-on for TB. The
decrypting is automatic and the inline sig key blocks are "hidden" to
provide a very clean reading/replying experience.


../|ug
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEzBAEBCAAdFiEE0OsqKVIE8xZ+slA87w6JZVeJWJsFAl4R/ecACgkQ7w6JZVeJ WJuszggAu7do1rceBlMup6HQRZQgc8fg0UcfbAEB//QWBH9o5UlfdfCK93WxrFoG JJbfWX0/G+GF1RL/MGyvx+ggTEv+ByKbVP2xft+mNPs9Z3heJdeXgkFMaOQosmrj pcx2B9p7SYzrrkV9Z0VZQefvTqFD7gcuQsoWV7tgBiFYu8SCkPl3qvKrahB/bKBT 8bQU7+I05D5fQIjTp9aFa3brlUbJsg/m59+Lg6yyAw4uRWjVgci5OyFDZ2Ev779w OZl+dqKmpr6c1HDOPAjETlrigWvepmNHWPtbhl6m2eYEu5d7TdurCoyJUVOJF3KO Ugr/8aFWoBZnLqWo8BWL5dsV9iNFNw==
=+553
-----END PGP SIGNATURE-----

--- Thunderbird 2.0.0.24 (Windows/20100228)
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

On 1/5/2020 7:01 AM, between "Wilfred van Velzen : August Abolins":

Error - signature verification failed

gpg command line and output: C: \Program
Files\gnupg\bin\gpg.exe gpg: Signature made 01/04/20
12:47:07 Eastern Standard Time gpg: using RSA key
3BB37DA84A97932B gpg: BAD signature from "Wilfred van
Velzen <wvvelzen@gmail.com>" [unknown]

It's the one you wrote to Tommi with:

So you don't have the key I used there?

Hello Wilfred,

Send me the fingerprint of the keys I should be using, and I'll grab
them from a server.

BTW, is it this one:

keys.openpgp.org

https://keys.openpgp.org/vks/v1/by-fingerprint/D50ECD4F514B75DC0A064F893BB37DA84A97932B



../|ug

--- Thunderbird 2.0.0.24 (Windows/20100228)
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

On 1/5/2020 7:03 AM, between "Wilfred van Velzen : August Abolins":

Next to being able to sign messages in echomail/newsgroups,
fully encrypted messages only make sense in email - direct
to a specific individual.

Or routed netmail!

But we really don't know the exact route a netmail will take.

For a user, unless they analyze the nodelist or confirm things with
their sysop, netmail is unreliable.

I also use point-software (OpenXP) which allows sending crash mail. With
that, I could crash my encrypted netmail to its final destination with confidence to any system that flies the U,ENC flags.

That's the beauty of pulling down the keys and checking
their properties. The properties will reveal creation
dates, expiry dates, revocations, etc. It would be
relatively easy to just pick the most recent date, and send
a brief hello message with a CC: and see which ones reach
their target.

If there are multiple keys to choose from...

Yeah, tracking people down from the past that have only one email addy
listed on the servers with an expired key could be a challenge.

../|ug

--- Thunderbird 2.0.0.24 (Windows/20100228)
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

On 1/5/2020 7:11 AM, between "Wilfred van Velzen : August Abolins":

Good to know it works. (But I won't be signing every
message by default ;))

Signing probably makes most sense for official content that
contains specific data, dates, to register an official
vote, etc.

Yes, it doesn't add too much in the mostly casual
communication that goes on in fidonet...

Hello Wilfred!

I haven't seen PGP signing used very much in the echos (or at least not
in the few and active ones that I read). Where else do you see it used?

Since then, I've learned to sign the pdf version of the doc
and email it back.

But a pgp signature would be even simpler and faster.

If they can verify the signature is really made by who you
claim you are! It would be even better, because it's easier
to create a false hand written signature.

I don't think they would lack any confidence in an email that they use
to send me reminders of an overdue invoice, with my ACK. <G> And..
many vendors keep a record of email addys after a phone call with me
giving them a specific addy.

Yep. PGP signing would be a very convenient solution for signing
agreements with on-sale dates that I have to acknowledge.

../|ug

--- Thunderbird 2.0.0.24 (Windows/20100228)
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

On 1/5/2020 7:12 AM, between "Wilfred van Velzen : August Abolins":

I could email the secret keys between my devices, but I
don't like the idea that email in general is in the clear
and the isp/systems enroute can cache and record anything.

You can use a common storage place, either on your own
network or external lile dropbox. If that's an encrypted
place (I don't know if dropbox is by default?) that would
be even better.

Hello Wilfred!

I have an option for my Blackberry. I can send it through my own wi-fi connections to a file directory on the device. But I have to do it from
my Win7 pc desktop which is at a remote location. :(

The passphrase is fairly decent. I am confident that no one
would be able to guess it.

Than it doesn't matter too much what you use to exchange
the secret key files.

Nah.. Even if the secret key were sent with Gmail for example, its copy
would be grabbed and stored in the cloud forever. The "they" people
could then feed the key to their petra flop computers to try and crack it.

I think it is absolutely imperative to never transfer a secret key
through a transfer mechanism that I don't have exclusive control over.

../|ug

--- Thunderbird 2.0.0.24 (Windows/20100228)
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

On 1/5/2020 7:21 AM, between "Wilfred van Velzen : August Abolins":

My keys with his ID 2A6F822A do not have the long
p1.f1.n221.z2.fidonet.fi address in the list. And my
Enigmail reports a different fingerprint.

Then you should update the key from a keyserver...

I just did. Looks good now.

The key management in Enigmail for TB 24 does not do the updates
automatically, but Enigmail for TB 68 and up does. Looking forward to
possibly only use a newer TB.

--- Thunderbird 2.0.0.24 (Windows/20100228)
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

Hi August,

On 2020-01-05 17:29:37, you wrote to me:

gpg command line and output: C: \Program
Files\gnupg\bin\gpg.exe gpg: Signature made 01/04/20
12:47:07 Eastern Standard Time gpg: using RSA key
3BB37DA84A97932B gpg: BAD signature from "Wilfred van
Velzen <wvvelzen@gmail.com>" [unknown]

It's the one you wrote to Tommi with:

So you don't have the key I used there?

Hello Wilfred,

Send me the fingerprint of the keys I should be using, and I'll grab
them from a server.

BTW, is it this one:

keys.openpgp.org

https://keys.openpgp.org/vks/v1/by-fingerprint/D50ECD4F514B75DC0A064F893BB3
7DA84A97932B

Yes that looks like it. The ID that's quoted above is enough to search for it! ;)

wilfred@wilnux5:~> gpg --fingerprint -k 4A97932B
pub 4096R/4A97932B 2017-10-25 [expires: 2023-01-01]
Key fingerprint = D50E CD4F 514B 75DC 0A06 4F89 3BB3 7DA8 4A97 932B
uid [ultimate] Wilfred van Velzen <wvvelzen@gmail.com>
uid [ultimate] Wilfred van Velzen <wilfred@vvlzn.nl>
uid [ultimate] [jpeg image of size 5943]
sub 4096R/2D3482F3 2017-10-25


Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

Hi August,

On 2020-01-05 17:46:25, you wrote to me:

Next to being able to sign messages in echomail/newsgroups,
fully encrypted messages only make sense in email - direct
to a specific individual.

Or routed netmail!

But we really don't know the exact route a netmail will take.

Nope.

For a user, unless they analyze the nodelist or confirm things with
their sysop, netmail is unreliable.

Indeed. But I doubt many systems still filter-out/bounce netmail with encrypted
content.

I also use point-software (OpenXP) which allows sending crash mail.
With that, I could crash my encrypted netmail to its final destination with confidence to any system that flies the U,ENC flags.

And in case of a point as destination of which the boss has the ENC flag. You can crash the encrypted netmail at the boss's system...


Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

Hi August,

On 2020-01-05 17:54:41, you wrote to me:

I haven't seen PGP signing used very much in the echos (or at least
not in the few and active ones that I read). Where else do you see it used?

Well lately I've seen it in this area and FIDOTEST. ;)
But I wasn't paying attention before. ;)

Outside of fidonet. I see it sometimes in newsgroups. And I know the (open)suse, software distribution system makes use of gpg keys to sign the distributed software.

But a pgp signature would be even simpler and faster.

If they can verify the signature is really made by who you
claim you are! It would be even better, because it's easier
to create a false hand written signature.

I don't think they would lack any confidence in an email that they use
to send me reminders of an overdue invoice, with my ACK. <G> And..
many vendors keep a record of email addys after a phone call with me giving them a specific addy.

Yep. PGP signing would be a very convenient solution for signing agreements with on-sale dates that I have to acknowledge.

I don't think "they" are going to trust it, untill there will be a government key signing authority, that can "properly" verify your identity.

Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

On 05/01/2020 7:11 a.m., Wilfred van Velzen : August Abolins wrote:

If they can verify the signature is really made by who you
claim you are! It would be even better, because it's easier to
create a false hand written signature.

Written signatures (that are not witnessed) are useless really. When my
debit machine spews out a receipt with "Signature required", the person
can easily put anything there. Often I just get a scribble.

However, I think the understanding in the industry is that for starters,
I wouldn't have that debit machine unless my true identity was verified.
And since I am a "registered" operator of the device, and rule is if I
give the receipt to the buyer to sign, then I did exactly that - as me
as a witness, and that my claim to authenticity trumps the buyer's claim
should they decide to deny they signed it.

Also, I should be probably checking that the scribble they put on the
receipt matches the scribble they have on the back of the card.

But sometimes, there is no sig on the card, or the user refuses to hand
it over, or they tell me it's a family card, or.. whatever.

For now, the sig on receipt requirement is only for foreign buyers. <G>

PIN enabled or Contact-less enabled cards are gaining usage.


.../|ug

--- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

Re: Key management could be a nightmare
By: August Abolins to mark lewis on Sun Jan 05 2020 09:10:00

use pgp/gpg to encrypt it, then email it, and decrypt it on the other
end...

Still working through the morning coffee? <BWG>

nope, not when i wrote that...

I need that key on the other end *before* I can decrypt anything.

are you saying that you cannot simply encrypt some text and decrypt it? i don't
mean to encrypt it to a specific individual... just general encryption with a phrase... pgp used to do that and i used it numerous times to send stuff to others with no keys involved...


)\/(ark
--- SBBSecho 3.10-Linux
* Origin: SouthEast Star Mail HUB - SESTAR (1:3634/12)

On 05/01/2020 11:08 a.m., Wilfred van Velzen : August Abolins wrote:

gpg command line and output: C: \Program
Files\gnupg\bin\gpg.exe gpg: Signature made 01/04/20 12:47:07
Eastern Standard Time gpg: using RSA key 3BB37DA84A97932B
gpg: BAD signature from "Wilfred van Velzen
<wvvelzen@gmail.com>" [unknown]

BTW, is it this one:

keys.openpgp.org

https://keys.openpgp.org/vks/v1/by-fingerprint/D50ECD4F514B75DC0A064F893BB3
7DA84A97932B

Yes that looks like it. The ID that's quoted above is enough to
search for it!

I found out that is not always the case. It seems to depend on the
server. For example, I used your RSA key 3BB37DA84A97932B as above, but
the server at keys.openpgp.org reported that they do not support
abbreviated keys.

wilfred@wilnux5: ~> gpg -- fingerprint - k 4A97932B pub
4096R/4A97932B 2017-10-25 [expires: 2023-01-01] Key
fingerprint = D50E CD4F 514B 75DC 0A06 4F89 3BB3 7DA8 4A97 932B
uid [ultimate] Wilfred van Velzen <wvvelzen@gmail.com> uid
[ultimate] Wilfred van Velzen <wilfred@vvlzn.nl> uid [ultimate]
[jpeg image of size 5943] sub 4096R/2D3482F3 2017-10-25

What is interesting, I just fetched your updated keys from the *same*
server that I used on my lessor TB 2.0.0.24 pc, but this time on my TB
60 there was no photo offered or recorded. :(

I wonder why the difference.

--- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

On 05/01/2020 11:21 a.m., Wilfred van Velzen : August Abolins wrote:

I haven't seen PGP signing used very much in the echos (or at
least not in the few and active ones that I read). Where else
do you see it used?

Well lately I've seen it in this area and FIDOTEST.

I think that's about it! LOL

Outside of fidonet. I see it sometimes in newsgroups. And I
know the (open)suse, software distribution system makes use of
gpg keys to sign the distributed software.

According to the info at https://sks-keyservers.net/status/

Max keys: 5964828

That's really not a whole lot in the internet collective.

Yep. PGP signing would be a very convenient solution for
signing agreements with on-sale dates that I have to
acknowledge.

I don't think "they" are going to trust it, untill there will
be a government key signing authority, that can "properly"
verify your identity.

Why not? There is a vast pre-history of email exchange between me and
the vendor with many emails that include my customer/account number with
them. And my cheques even include the same customer/account number. So,
they ought have great confidence that next time they send me something
to the same email address to sign, then my PGP-signed reply was done by me.

../|ug

--- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

On 05/01/2020 11:27 a.m., Wilfred van Velzen : August Abolins wrote:

For a user, unless they analyze the nodelist or confirm things
with their sysop, netmail is unreliable.

Indeed. But I doubt many systems still filter-out/bounce
netmail with encrypted content.

Now that you let the cat out of the bag, so to speak.. sysops may be
interested to add such filters to find out! LOL

And in case of a point as destination of which the boss has the
ENC flag. You can crash the encrypted netmail at the boss's
system...

Exactly. The ENC flag is usually flown by the boss. It's a
bonus/incentive if that system supports point users.

../|ug

--- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

On 05/01/2020 1:10 p.m., mark lewis : August Abolins wrote:

Still working through the morning coffee? <BWG>

nope, not when i wrote that...

No offense meant.

I need that key on the other end *before* I can decrypt
anything.

are you saying that you cannot simply encrypt some text and
decrypt it? i don't mean to encrypt it to a specific
individual... just general encryption with a phrase... pgp used
to do that and i used it numerous times to send stuff to others
with no keys involved...

Thank you for mentioning just plain encryption (without keys). I hadn't
thought of that. Apparently, *I* hadn't finished *my* morning coffee.

WRT to my Blackberry, where I need to send the keys, I am not aware of
away to decrypt a message that I simply encrypted somewhere else.

The pgp app on the Blackberry only operates with established keys.

--- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

Hi August,

On 2020-01-05 20:28:30, you wrote to me:

https://keys.openpgp.org/vks/v1/by-fingerprint/D50ECD4F514B75DC0A064F8 93BB37DA84A97932B

Yes that looks like it. The ID that's quoted above is enough to
search for it!

I found out that is not always the case. It seems to depend on the
server. For example, I used your RSA key 3BB37DA84A97932B as above, but the server at keys.openpgp.org reported that they do not support abbreviated keys.

Strange. Why wouldn't they support it? What would be the benefit of that?

wilfred@wilnux5: ~> gpg -- fingerprint - k 4A97932B pub
4096R/4A97932B 2017-10-25 [expires: 2023-01-01] Key
fingerprint = D50E CD4F 514B 75DC 0A06 4F89 3BB3 7DA8 4A97 932B
uid [ultimate] Wilfred van Velzen <wvvelzen@gmail.com> uid
[ultimate] Wilfred van Velzen <wilfred@vvlzn.nl> uid [ultimate]
[jpeg image of size 5943] sub 4096R/2D3482F3 2017-10-25

What is interesting, I just fetched your updated keys from the *same* server that I used on my lessor TB 2.0.0.24 pc, but this time on my TB
60 there was no photo offered or recorded. :(

I wonder why the difference.

When I export the key to the server, I have the option not to export attributes
(photo ID). Maybe it's optional on importing to, but the option isn't given to you?

Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

Hi August,

On 2020-01-05 20:41:53, you wrote to me:

Outside of fidonet. I see it sometimes in newsgroups. And I
know the (open)suse, software distribution system makes use of
gpg keys to sign the distributed software.

According to the info at https://sks-keyservers.net/status/

Max keys: 5964828

That's really not a whole lot in the internet collective.

I wouldn't want to import them all to my keyring file! ;-)

I don't think "they" are going to trust it, untill there will
be a government key signing authority, that can "properly"
verify your identity.

Why not? There is a vast pre-history of email exchange between me and
the vendor with many emails that include my customer/account number with them. And my cheques even include the same customer/account number. So, they ought have great confidence that next time they send me something
to the same email address to sign, then my PGP-signed reply was done by

me.

That requires some human employer to check this, and would make the company responsible in case a human mistake was made. They want that to be an external risk, not theirs...

Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

Hi August,

On 2020-01-05 20:51:01, you wrote to me:

For a user, unless they analyze the nodelist or confirm things
with their sysop, netmail is unreliable.

Indeed. But I doubt many systems still filter-out/bounce
netmail with encrypted content.

Now that you let the cat out of the bag, so to speak.. sysops may be interested to add such filters to find out! LOL

I don't think our audience is that big. ;)

Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

On 04/01/2020 3:27 p.m., Tommi Koivula : August Abolins wrote:

Enigmail is a nice tool, as well as kleopatra of gpg4win package.

Hmmm..

Apparently, I had kleopatra (via gpg4win) already on the pc that I use
for TB 60.

Very nice. It seems to tie in to the existing gpg package that the
Enigmail installation created, and they use the same local database for
the keys.

Even searching for keys is more responsive with the default server(s).

Thanks for mentioning kleopatra.

Now I wonder if kleopatra would solve the server access problem in the
older Enigmail/TB 2.0.0.24 combo on my XP pc.

../|ug

--- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

On 05/01/2020 2:25 p.m., Wilfred van Velzen : August Abolins wrote:

I found out that is not always the case. It seems to depend on
the server. For example, I used your RSA key 3BB37DA84A97932B
as above, but the server at keys.openpgp.org reported that they
do not support abbreviated keys.

Strange. Why wouldn't they support it? What would be the
benefit of that?

Clarification: When I use the keys.openpgp.org website directly, it
reports that SEARCHES do not support short IDs.

That probably explains why using that server in Enigmail searching with
the short ID fails also.

When I export the key to the server, I have the option not to
export attributes (photo ID). Maybe it's optional on importing
to, but the option isn't given to you?

I dunno. The default config in the Enigmail version for TB 2.0.0.24
imported the image, no problem. If I have to enable it in the Enigmail
version for TB 60, I haven't looked. I just assumed it ought to work
like the other Enigmail.

--- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

On 05/01/2020 2:29 p.m., Wilfred van Velzen : August Abolins wrote:

According to the info at https://sks-keyservers.net/status/
Max keys: 5964828
That's really not a whole lot in the internet collective.

I wouldn't want to import them all to my keyring file!

I was just pointing out that globally, there is a relatively small
number of people posting their keys.

............................. So, they ought have great
confidence that next time they send me something to the same
email address to sign, then my PGP-signed reply was done by me.

That requires some human employer to check this, and would make
the company responsible in case a human mistake was made. They
want that to be an external risk, not theirs...

Maybe true re external risk. But if we are just talking about a
signature for a release-date acknowledgement, all "they" have to do is
pull my public key to verify that the pgp-signed message with "I agree"
was indeed penned by me.

Some aspects of business-2-business are ripe for pgp.

../|ug

--- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

On 05/01/2020 2:33 p.m., Wilfred van Velzen : August Abolins wrote:

Now that you let the cat out of the bag, so to speak.. sysops
may be interested to add such filters to find out! LOL

I don't think our audience is that big.

Unless there are publicly disclosed traffic stats on netmail flowing
through fidonet, we'll never quite know.

../|ug

--- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

Hi August,

On 2020-01-05 22:55:14, you wrote to me:

According to the info at https://sks-keyservers.net/status/
Max keys: 5964828
That's really not a whole lot in the internet collective.

I wouldn't want to import them all to my keyring file!

I was just pointing out that globally, there is a relatively small
number of people posting their keys.

I think almost 6 million isn't a small number. Almost 1 in every 1000 earth human has one. ;)

On the other hand. Almost every one with a key has more than 1. (Like Tommy's 18 ;))

That requires some human employer to check this, and would make
the company responsible in case a human mistake was made. They
want that to be an external risk, not theirs...

Maybe true re external risk. But if we are just talking about a
signature for a release-date acknowledgement, all "they" have to do is pull my public key to verify that the pgp-signed message with "I agree" was indeed penned by me.

Some aspects of business-2-business are ripe for pgp.

You don't have to convince me. ;)

Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

Hi August,

On 2020-01-05 22:58:39, you wrote to me:

Now that you let the cat out of the bag, so to speak.. sysops
may be interested to add such filters to find out! LOL

I don't think our audience is that big.

Unless there are publicly disclosed traffic stats on netmail flowing through fidonet, we'll never quite know.

You could do some tests, sending encrypted and non-encrypted routed netmails through the net. But you will have to find volunteer destinations in all far away corners of the nodelist. ;)

Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

On 06.01.2020 19:14, Wilfred van Velzen : August Abolins :

On the other hand. Almost every one with a key has more than 1. (Like Tommy's

18 ;))

Yeah, I didn't understand the whole shit once. And created new keys instead of adding into one. ;)

'Tommi

--- Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:68.0) Gecko/20100101 Thunderbird/68.3.1
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

On 06.01.2020 19:23, Wilfred van Velzen : August Abolins :

You could do some tests, sending encrypted and non-encrypted routed
netmails through the net. But you will have to find volunteer
destinations in all far away corners of the nodelist. ;)

I may need to set up my Golded to send encrypted netmail, Thunderbird does not allow encrypted mail to "news" netmail...

'Tommi

--- Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:68.0) Gecko/20100101 Thunderbird/68.3.1
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

Hi Tommi,

On 2020-01-06 20:56:00, you wrote to me:

On the other hand. Almost every one with a key has more than 1. (Like
Tommy's 18 ;))

Yeah, I didn't understand the whole shit once. And created new keys

instead

of adding into one. ;)

Maybe you should revoke a bunch, so it's clear to people what the prefered one is? ;)

Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

On 1/6/2020 12:23 PM, between "Wilfred van Velzen : August Abolins":

You could do some tests, sending encrypted and non-
encrypted routed netmails through the net. But you will
have to find volunteer destinations in all far away corners
of the nodelist. ;)

For starters, the ENC flag seems to be flown in Z2 systems only. So, it
is unlikely that anyone in Z1 would like to participate. But it could
be interesting which non-ENC systems let the messages pass through.

Nah.. best to stick with known systems that show ENC.

--- Thunderbird 2.0.0.24 (Windows/20100228)
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

Hello Wilfred!

** 06.01.20 - 20:52, Wilfred van Velzen wrote to Tommi Koivula:

On the other hand. Almost every one with a key has more than 1. (Like
Tommy's 18 ;))

Yeah, I didn't understand the whole shit once. And created new keys
instead of adding into one. ;)

Maybe you should revoke a bunch, so it's clear to people what the
prefered one is? ;)

Or.. just keep a couple. I only have 2 of Tommi's: 0e6b3c81 and 2a6f822a

The former has 2 added email akas, and the latter has 3.

Those seemed to be the most recent ones anyway.



../|ug

--- OpenXP 5.0.42
* Origin: /|ug's Point, Ont. CANADA (2:221/1.58)

Hello Tommi!

** 06.01.20 - 20:56, Tommi Koivula wrote to Wilfred van Velzen:

Yeah, I didn't understand the whole shit once. And created new keys
instead of adding into one. ;)

Do you mean the process they call adding "user IDs" that shows up as "Also known as.." into an existing key?

There is still a whole pile of other shit to understand in the management
of keys.

The GUI tools are a great bonus.


../|ug

--- OpenXP 5.0.42
* Origin: /|ug's Point, Ont. CANADA (2:221/1.58)

Hello Wilfred!

** 06.01.20 - 18:14, Wilfred van Velzen wrote to August Abolins:

Max keys: 5964828
That's really not a whole lot in the internet collective.

I think almost 6 million isn't a small number. Almost 1 in every 1000
earth human has one. ;)

On the other hand. Almost every one with a key has more than 1. (Like
Tommy's 18 ;))

Right, so that reduces the estimate a bit. And if you factor in the keys that are expired or revoked, the number may be significantly less.

Some aspects of business-2-business are ripe for pgp.

You don't have to convince me. ;)

I'v read about S/MIME type encryption methods that use certificates. And these certificates are created and registered with an "authority". When I
was looking for something to use with MS Outlook for business, I only came across solutions that required payment.

Maybe big-business environments use the above solution.

But PGP management is much simpler and gives total angency to the user.

I am a little surprised pgp is not more ubiquitous as it *should* be.

What type of business is/was your involvement?


../|ug

--- OpenXP 5.0.42
* Origin: /|ug's Point, Ont. CANADA (2:221/1.58)

On 1/6/2020 2:01 PM, between "Tommi Koivula : Wilfred van Velzen":

Hi Tommi,

I may need to set up my Golded to send encrypted netmail,
Thunderbird does not allow encrypted mail to "news"
netmail...

Actually, there *may* be a way to do that entirely within TB.

I posted two test replies in the pkey_drop. One to Wilfred, and one to
you.

Let me know if it worked or not.

../|ug

--- Thunderbird 2.0.0.24 (Windows/20100228)
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

I posted two test replies in the pkey_drop. One to Wilfred, and one
to you.

The one to me was encrypted only for youself. Very secret. :)

--- Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:68.0) Gecko/20100101 Thunderbird/68.3.1
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

Hi August,

On 2020-01-07 01:38:14, you wrote to me:

You could do some tests, sending encrypted and non-
encrypted routed netmails through the net. But you will
have to find volunteer destinations in all far away corners
of the nodelist. ;)

For starters, the ENC flag seems to be flown in Z2 systems only.

Your right. Strange... Maybe they are filtered from the segments before they make it in the published nodelist?

So, it is unlikely that anyone in Z1 would like to participate.

I wouldn't draw that conclusion just from what is in the nodelist. ;)

But it could be interesting which non-ENC systems let the messages
pass through.

That's the whole purpose of the test: Find out which systems on "all" possible routes still filter/bounce encrypted netmail.

Nah.. best to stick with known systems that show ENC.

It isn't the destinations we are testing but the systems along the routes...

Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

Hi August,

On 2020-01-06 18:51:00, you wrote to me:

Maybe you should revoke a bunch, so it's clear to people what the
prefered one is? ;)

Or.. just keep a couple.

That's the same thing, as you can't delete keys from keyservers, you have to revoke them, and send the updated key to the keyserver.

I only have 2 of Tommi's: 0e6b3c81 and 2a6f822a

The former has 2 added email akas, and the latter has 3.

Those seemed to be the most recent ones anyway.

Tommi should resolve the mystery, which keys are the prefered ones! ;)

Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

Hi August,

On 2020-01-06 19:13:00, you wrote to me:

I think almost 6 million isn't a small number. Almost 1 in every
1000 earth human has one. ;)

On the other hand. Almost every one with a key has more than 1. (Like
Tommy's 18 ;))

Right, so that reduces the estimate a bit. And if you factor in the keys that are expired or revoked, the number may be significantly less.

Probably only half or even less...

Some aspects of business-2-business are ripe for pgp.

You don't have to convince me. ;)

I'v read about S/MIME type encryption methods that use certificates. And these certificates are created and registered with an "authority". When I was looking for something to use with MS Outlook for business, I only came across solutions that required payment.

Maybe big-business environments use the above solution.

That's probably the same thing as the certificates used in ssl/tls ip trafic (https:). And indeed those cost money if you want one from the commercial "authority"'s and don't want to use Letsencrypt.

But PGP management is much simpler and gives total angency to the
user.

I am a little surprised pgp is not more ubiquitous as it *should* be.

What type of business is/was your involvement?

Nothing (official)... Why would you think that? ;)

But I have developed/used pgp signing solutions for distributing software to linux embeded systems.


Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

Hi Wilfred.

07 Jan 20 11:29:08, you wrote to August Abolins:

I only have 2 of Tommi's: 0e6b3c81 and 2a6f822a
The former has 2 added email akas, and the latter has 3.
Those seemed to be the most recent ones anyway.

Tommi should resolve the mystery, which keys are the prefered ones! ;)

In email, it should be clear. In fidonet, it really doesn't matter. ;)

'Tommi

---
* Origin: - rbb.fidonet.fi - Finland - (2:221/360)

Hi Tommi,

On 2020-01-07 14:22:00, you wrote to me:

Tommi should resolve the mystery, which keys are the prefered ones!
;)

In email, it should be clear.

Not for every email adres. Some have multiple corresponding keys, which aren't revoked or expired.

In fidonet, it really doesn't matter. ;)

I've used the ones with "fido" in them... ;)

Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

Hi Wilfred.

07 Jan 20 13:43:14, you wrote to me:

Tommi should resolve the mystery, which keys are the prefered ones!
;)

In email, it should be clear.

Not for every email adres. Some have multiple corresponding keys, which

aren't revoked or

expired.

Yes. Just revoked something...

In fidonet, it really doesn't matter. ;)

I've used the ones with "fido" in them... ;)

How clever. :)

'Tommi

---
* Origin: - rbb.fidonet.fi - Finland - (2:221/360)

Re: enc + netmail
By: August Abolins to Tommi Koivula on Tue Jan 07 2020 04:05:02

I posted two test replies in the pkey_drop. One to Wilfred, and
one to you.

please remember that PKEY_DROP is only for posting public keys... i've not posted the rules in here or there since my previous system died and i stood this one up in its place... encrypted and/or signed messsges are allowed in this echo... AFAIK, this is the only echo that allows such ;)

thanks


)\/(ark
--- SBBSecho 3.10-Linux
* Origin: SouthEast Star Mail HUB - SESTAR (1:3634/12)

On 1/7/2020 2:33 AM, between "Tommi Koivula : August Abolins":

I posted two test replies in the pkey_drop. One to Wilfred, and one
to you.

The one to me was encrypted only for youself. Very secret. :)

Thanks for the report. Obviously my workaround is a big fail.

--- Thunderbird 2.0.0.24 (Windows/20100228)
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

Hi Tommi,

On 2020-01-07 14:48:16, you wrote to me:

In email, it should be clear.

Not for every email adres. Some have multiple corresponding keys,
which aren't revoked or expired.

Yes. Just revoked something...

Noticed... But there are still duplicate email addresses, on 2 pairs of keys:


pub 2048R/2A6F822A 2018-08-13 [expires: 2023-01-06]
uid [ unknown] Tommi Koivula <tommi@rbb.fidonet.fi>
uid [ unknown] Tommi Koivula <tommi@fidonet.fi>
uid [ unknown] Tommi Koivula <tommi@rbb.bbs.fi>
uid [ unknown] Tommi Koivula <tommi.koivula@p1.f1.n221.z2.fidonet.fi>

pub 2048R/4B8A1677 2018-03-28 [expires: 2024-04-23]
uid [ unknown] Tommi Koivula <tommi@rbb.fidonet.fi>



pub 4096R/0E6B3C81 2018-03-30 [expires: 2023-12-24]
uid [ unknown] Tommi Koivula <tommi@koivula.iki.fi>
uid [ unknown] Tommi Koivula <tkk@iki.fi>
uid [ unknown] Tommi Koivula <tommi.koivula@iki.fi>

pub 2048R/49FAC85D 2018-03-28 [expires: 2024-04-23]
uid [ unknown] Tommi Koivula <tommi@koivula.iki.fi>


;)


Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

On 07.01.2020 16:54, Wilfred van Velzen -> Tommi Koivula :

 WV>>> Not for every email adres. Some have multiple corresponding keys,
 WV>>> which aren't revoked or expired.

 TK>> Yes. Just revoked something...

Noticed... But there are still duplicate email addresses, on 2 pairs of

keys:

There should not be duplicates anymore. Maybe you were too fast and those changes were not in keyservers yet?

'Tommi

---
* Origin: jamnntp://rpi.rbb.bbs.fi (2:221/1.0)

-----BEGIN PGP MESSAGE-----

hQIMAzrAVz4tNILzAQ//eA3UNU/Qiv+nAoPTlm4ZeKhDgp2vuGykfUocpmPHkNKL Lmq85Km2z+daCyQ7pl44zhhTNkcqvB8Tm0vwkpnriW3mW8N/2EU58lgH5O+oQOcH 2CbxAx8nh1WD1FFA97vby/T9GrOkFnPoB+Aqorj1IKCabR2bjmcYgQydNplg8Y/S qO1H2loHIOWD22xCdKsFZ0b0IPcNVkf7A5RysO626CjDIb06ALOnXAylcuP5fSHW YZKv06oCICOY5W8n3UzScEmsErXq/VxshfHwWOrLOWSqIu/68zvVVgKeBwwV/dF8 e3+XM7tfQ//oPpLhLIqvuyiY99sS8XC5oi/wZhMiL9ScNBGYBEfUFf6Jp3DokMFs uCiaS04w79kGKXsu5KaWEe3NRrq8W/bQ0rXeL9LNGaCXE5zE84YT+eD8K5ml0Y7i M8pydNYNlJucGmVCULcZZj4wRoGBHIJGnIo1zrGhKGSj5rLf2bUkz8/hjwWNmUx+ rfhVUcqZxAlOgaFt2P7uD1uk5ZlK5IhnAvxtJWCuxbTqYJ8rQI3m3j6n+VeZVMD9 6JoZ2uMBFXiPfQK+igsOldNC+ap1qStckEjoEm4m/t96DFNB4DWomvVM0wDqIo8+ Xtploc7vfx5OwpxM49InBrl0POjYy4mKOodpKU71T+VAIs8AbC2dksmaYF9uaxPS wNgBIwVxZhbuxhCjWOi8y9yfha891VxB4GR/0JNVqCARk2dJaQHHBZ46wNXhVhAT MCjUZ/4w6T2cfk3m+q82Pq+t/EWPRsBiz/hMe3/Lul721i6RwUavtJW7719SPI0M oEnIUZPyKiH6XYvvdhIP76m7naN4r5zn3/FJZpaNbZT6b+QPESg6qTEMAvUm4ZIQ 716UFSogxIdSeHEpQk0KavAQgCSei1IF7lBW01MSNcoh6rfHM8i3EoqpheQlvj94 /pyc/v/1fNVLxcS7iEa//+p32ppkskha6BmFvLmBGR4SGkPwJhD47MU81+UDItXw emUv9rAtBPYkEEoUlUhn/z+hOWDjtO9G7GEBCCS2m5N22Q7cUGecU4ojsmhVIgli 0DqX7qL/XxpPpa/5OG0fj5hvYiWOF6I2jcgesTPk/jrfLIumUZOm6/CzJwkh/RjR SzCd1GRQkOoLhjnZkvTp+agGqmhoEAUiFSTkNLLCV5CHYFFs7CvK9el1ZFceMQH1 vOdM/PEDm209TmyzeBTRsj3H1AVDnbnsRqw=
=+FBq
-----END PGP MESSAGE-----
---
* Origin: - rbb.fidonet.fi - Finland - (2:221/360)

Hi Tommi,

On 2020-01-07 17:56:46, you wrote to me:

Noticed... But there are still duplicate email addresses, on 2 pairs
of keys:

There should not be duplicates anymore. Maybe you were too fast and those changes were not in keyservers yet?

Just redid:

wilfred@wilnux5:~> gpg --refresh-keys tommi
gpg: refreshing 20 keys from hkp://eu.pool.sks-keyservers.net
gpg: requesting key 2442E762 from hkp server eu.pool.sks-keyservers.net
gpg: requesting key 56CDF35B from hkp server eu.pool.sks-keyservers.net
gpg: requesting key B1F9FF53 from hkp server eu.pool.sks-keyservers.net
gpg: requesting key 2A6F822A from hkp server eu.pool.sks-keyservers.net
gpg: requesting key 5C24EC4A from hkp server eu.pool.sks-keyservers.net
gpg: requesting key 323FA167 from hkp server eu.pool.sks-keyservers.net
gpg: requesting key 981A0F86 from hkp server eu.pool.sks-keyservers.net
gpg: requesting key 8980463F from hkp server eu.pool.sks-keyservers.net
gpg: requesting key 786D789D from hkp server eu.pool.sks-keyservers.net
gpg: requesting key B21D4F1A from hkp server eu.pool.sks-keyservers.net
gpg: requesting key AE2AE3A8 from hkp server eu.pool.sks-keyservers.net
gpg: requesting key 0E6B3C81 from hkp server eu.pool.sks-keyservers.net
gpg: requesting key 5709F0A6 from hkp server eu.pool.sks-keyservers.net
gpg: requesting key 42512A34 from hkp server eu.pool.sks-keyservers.net
gpg: requesting key CCBEBDD7 from hkp server eu.pool.sks-keyservers.net
gpg: requesting key 8192034C from hkp server eu.pool.sks-keyservers.net
gpg: requesting key 4B8A1677 from hkp server eu.pool.sks-keyservers.net
gpg: requesting key 49FAC85D from hkp server eu.pool.sks-keyservers.net
gpg: requesting key C08933C3 from hkp server eu.pool.sks-keyservers.net
gpg: requesting key F3490F1F from hkp server eu.pool.sks-keyservers.net
gpg: key 2442E762: "Tommi Koivula <sysop@f10.n221.z2.fidonet.fi>" not changed gpg: key 56CDF35B: "Tommi Koivula <tommi@rbb.fidonet.fi>" not changed
gpg: key B1F9FF53: "Tommi Koivula <0405009611@koivula.iki.fi>" not changed
gpg: key 2A6F822A: "Tommi Koivula <tommi@rbb.fidonet.fi>" not changed
gpg: key 5C24EC4A: "Tommi Koivula <tkkoivula@gmail.com>" not changed
gpg: key 323FA167: "Tommi Koivula <tommi@koivula.mine.nu>" not changed
gpg: key 981A0F86: "Tommi Koivula <tommi.koivula@insta-automation.fi>" not changed
gpg: key 8980463F: "Tommi Koivula <tom@raa.to>" not changed
gpg: key 786D789D: "Tommi Koivula <koivula@live.com>" not changed
gpg: key B21D4F1A: "Tommi Koivula <iki@sci.fi>" not changed
gpg: key AE2AE3A8: "Tommi Koivula <sysop@rbb.bbs.fi>" not changed
gpg: key 0E6B3C81: "Tommi Koivula <tommi@koivula.iki.fi>" not changed
gpg: assuming bad signature from key 5709F0A6 due to an unknown critical bit gpg: key 5709F0A6: "tommi@koivula.co" not changed
gpg: key 42512A34: "Tommi Koivula <tommi@koivula.iki.fi>" not changed
gpg: key CCBEBDD7: "Tommi Koivula <tommi@rbb.homeip.net>" not changed
gpg: key 8192034C: "Tommi Koivula <tommi@koivula.iki.fi>" not changed
gpg: key 4B8A1677: "Tommi Koivula <tommi@rbb.fidonet.fi>" not changed
gpg: key 49FAC85D: "Tommi Koivula <tommi@koivula.iki.fi>" not changed
gpg: key C08933C3: "Tommi Koivula <tommi@koivula.yi.org>" not changed
gpg: key F3490F1F: "Tommi Koivula <tkoivula@freenet.hut.fi>" not changed
gpg: Total number processed: 20
gpg: unchanged: 20

So there are no updates (yet) since I checked for the dupes earlier today...

Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

Hi Tommi,

On 2020-01-07 17:58:40, you wrote to me:

-----BEGIN PGP MESSAGE-----

hQIMAzrAVz4tNILzAQ//eA3UNU/Qiv+nAoPTlm4ZeKhDgp2vuGykfUocpmPHkNKL Lmq85Km2z+daCyQ7pl44zhhTNkcqvB8Tm0vwkpnriW3mW8N/2EU58lgH5O+oQOcH 2CbxAx8nh1WD1FFA97vby/T9GrOkFnPoB+Aqorj1IKCabR2bjmcYgQydNplg8Y/S qO1H2loHIOWD22xCdKsFZ0b0IPcNVkf7A5RysO626CjDIb06ALOnXAylcuP5fSHW YZKv06oCICOY5W8n3UzScEmsErXq/VxshfHwWOrLOWSqIu/68zvVVgKeBwwV/dF8 e3+XM7tfQ//oPpLhLIqvuyiY99sS8XC5oi/wZhMiL9ScNBGYBEfUFf6Jp3DokMFs uCiaS04w79kGKXsu5KaWEe3NRrq8W/bQ0rXeL9LNGaCXE5zE84YT+eD8K5ml0Y7i M8pydNYNlJucGmVCULcZZj4wRoGBHIJGnIo1zrGhKGSj5rLf2bUkz8/hjwWNmUx+ rfhVUcqZxAlOgaFt2P7uD1uk5ZlK5IhnAvxtJWCuxbTqYJ8rQI3m3j6n+VeZVMD9 6JoZ2uMBFXiPfQK+igsOldNC+ap1qStckEjoEm4m/t96DFNB4DWomvVM0wDqIo8+ Xtploc7vfx5OwpxM49InBrl0POjYy4mKOodpKU71T+VAIs8AbC2dksmaYF9uaxPS wNgBIwVxZhbuxhCjWOi8y9yfha891VxB4GR/0JNVqCARk2dJaQHHBZ46wNXhVhAT MCjUZ/4w6T2cfk3m+q82Pq+t/EWPRsBiz/hMe3/Lul721i6RwUavtJW7719SPI0M oEnIUZPyKiH6XYvvdhIP76m7naN4r5zn3/FJZpaNbZT6b+QPESg6qTEMAvUm4ZIQ 716UFSogxIdSeHEpQk0KavAQgCSei1IF7lBW01MSNcoh6rfHM8i3EoqpheQlvj94 /pyc/v/1fNVLxcS7iEa//+p32ppkskha6BmFvLmBGR4SGkPwJhD47MU81+UDItXw emUv9rAtBPYkEEoUlUhn/z+hOWDjtO9G7GEBCCS2m5N22Q7cUGecU4ojsmhVIgli 0DqX7qL/XxpPpa/5OG0fj5hvYiWOF6I2jcgesTPk/jrfLIumUZOm6/CzJwkh/RjR SzCd1GRQkOoLhjnZkvTp+agGqmhoEAUiFSTkNLLCV5CHYFFs7CvK9el1ZFceMQH1 vOdM/PEDm209TmyzeBTRsj3H1AVDnbnsRqw=
=+FBq
-----END PGP MESSAGE-----

That was a really exiting message! ;)

Decoding and verifying went well:

wilfred@wilnux5:~> gpg tommi.msg

You need a passphrase to unlock the secret key for
user: "Wilfred van Velzen <wvvelzen@gmail.com>"
4096-bit RSA key, ID 2D3482F3, created 2017-10-25 (main key ID 4A97932B)

gpg: encrypted with 4096-bit RSA key, ID 2D3482F3, created 2017-10-25
"Wilfred van Velzen <wvvelzen@gmail.com>"
gpg: tommi.msg: unknown suffix
Enter new filename [GDa06700]:
gpg: Signature made di 07 jan 2020 16:59:44 CET using RSA key ID 2A6F822A
gpg: Good signature from "Tommi Koivula <tommi@rbb.fidonet.fi>" [unknown]
gpg: aka "Tommi Koivula <tommi@fidonet.fi>" [unknown]
gpg: aka "Tommi Koivula <tommi@rbb.bbs.fi>" [unknown]
gpg: aka "Tommi Koivula <tommi.koivula@p1.f1.n221.z2.fidonet.fi>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 4132 67AD A3AC 401A 18C0 23D2 D229 3299 2A6F 822A


Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

On 07/01/2020 12:56 p.m., Wilfred van Velzen : Tommi Koivula wrote:

 TK> -----BEGIN PGP MESSAGE-----

 TK> hQIMAzrAVz4tNILzAQ//eA3UNU/Qiv+nAoPTlm4ZeKhDgp2vuGykfUocpmPHkNKL
 TK> Lmq85Km2z+daCyQ7pl44zhhTNkcqvB8Tm0vwkpnriW3mW8N/2EU58lgH5O+oQOcH

[snip - much super secret content removed]

 TK> SzCd1GRQkOoLhjnZkvTp+agGqmhoEAUiFSTkNLLCV5CHYFFs7CvK9el1ZFceMQH1
 TK> vOdM/PEDm209TmyzeBTRsj3H1AVDnbnsRqw=
 TK> =+FBq
 TK> -----END PGP MESSAGE-----

That was a really exiting message! ;)

Decoding and verifying went well:

wilfred@wilnux5:~> gpg tommi.msg

You need a passphrase to unlock the secret key for
user: "Wilfred van Velzen <wvvelzen@gmail.com>"
4096-bit RSA key, ID 2D3482F3, created 2017-10-25 (main key ID 4A97932B)

Ahh.. so you are saving the block (pulling it out of your echomail
reader) to file tommi.msg manually, and then running gpg in a separate window/session.

The process is much smoother with TB and processed within the same
reading environment/application. :)

I guess you could accomplish something similar using macros/scripts with
your GoldED?

--- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

Hi August,

On 2020-01-07 21:43:31, you wrote to me:

Decoding and verifying went well:

wilfred@wilnux5:~> gpg tommi.msg

You need a passphrase to unlock the secret key for
user: "Wilfred van Velzen <wvvelzen@gmail.com>"
4096-bit RSA key, ID 2D3482F3, created 2017-10-25 (main key ID 4A97932B)

Ahh.. so you are saving the block (pulling it out of your echomail reader) to file tommi.msg manually, and then running gpg in a separate window/session.

Yes, I think it's easy enough...

The process is much smoother with TB and processed within the same
reading environment/application. :)

I guess you could accomplish something similar using macros/scripts with your GoldED?

I actually just discovered I already had such a macro in my golded.cfg, I just had to assign a key to it, to actually be able to use it. ;)

The only drawback is, I can't see the output of the decoding/verifying proces, so I don't know if the encrypted message was signed with a trusted key, or even
not signed at all. It's probably just a matter of adding a "press any key to continu" option to the end of the decoding script, to make that possible. That would also work on clearsigned messages.

Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

Hello mark!

** 07.01.20 - 08:10, mark lewis wrote to August Abolins:

I posted two test replies in the pkey_drop. One to Wilfred, and
one to you.

please remember that PKEY_DROP is only for posting public keys...

Noted. But the other 2 guys started it over there! LOL

..AFAIK, this is the only echo that allows such ;)

It's nice to have a pgp gpg discussion/test area to serve the fidonet demographic.



../|ug

--- OpenXP 5.0.42
* Origin: Key ID = 0x5789589B (2:221/1.58)

Hello Wilfred!

** 07.01.20 - 21:52, Wilfred van Velzen wrote to August Abolins:

I actually just discovered I already had such a macro in my golded.cfg, I
just had to assign a key to it, to actually be able to use it. ;)

Very nice :)

The only drawback is, I can't see the output of the decoding/verifying
proces, so I don't know if the encrypted message was signed with a
trusted key, or even not signed at all. It's probably just a matter of
adding a "press any key to continu" option to the end of the decoding
script, to make that possible. That would also work on clearsigned
messages.

Can you modify the macro to include the auto-signing. Gpg will pick the
key that you have previously assigned as your primary key


../|ug

--- OpenXP 5.0.42
* Origin: Key ID = 0x5789589B (2:221/1.58)

Hi August,

On 2020-01-07 18:42:00, you wrote to me:

The only drawback is, I can't see the output of the
decoding/verifying proces, so I don't know if the encrypted message
was signed with a trusted key, or even not signed at all. It's
probably just a matter of adding a "press any key to continu" option
to the end of the decoding script, to make that possible. That would
also work on clearsigned messages.

Can you modify the macro to include the auto-signing. Gpg will pick the key that you have previously assigned as your primary key

We were talking about decrypting. Signing you do with encrypting. I already have/had macros in place for that in golded. They are presented to me as options in the menu when I save the message I just entered...

Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

Hi Wilfred.

09 Jan 20 11:47:44, you wrote to August Abolins:

Can you modify the macro to include the auto-signing. Gpg will pick the
key that you have previously assigned as your primary key

We were talking about decrypting. Signing you do with encrypting. I

already have/had

macros in place for that in golded. They are presented to me as options in

the menu

when I save the message I just entered...

=== Cut ===

EXTERNUTIL 2 gpg.exe --default-key 2A6F822A -o @file --clearsign @tmpfile EDITSAVEUTIL 2 "gpg sign the msg --default-key 2A6F822A"

EXTERNUTIL 3 gpg.exe --default-key 2A6F822A -sea -o @file -r "@dname" @tmpfile EDITSAVEUTIL 3 "gpg encrypt the msg --default-key 2A6F822A"

=== Cut ===

My Golded.cfg in Windows.

It still asks about overwriting the msg file. But who cares... :)

'Tommi

---
* Origin: - rbb.fidonet.fi - Finland - (2:221/360)

Hi Tommi,

On 2020-01-09 20:07:16, you wrote to me:

EXTERNUTIL 2 gpg.exe --default-key 2A6F822A -o @file --clearsign
@tmpfile
EDITSAVEUTIL 2 "gpg sign the msg --default-key 2A6F822A"

EXTERNUTIL 3 gpg.exe --default-key 2A6F822A -sea -o @file -r "@dname" @tmpfile EDITSAVEUTIL 3 "gpg encrypt the msg --default-key 2A6F822A"

=== Cut ===

My Golded.cfg in Windows.

My linux golded.cfg:

EXTERNOPTIONS -NoKeepCtrl

EXTERNUTIL 1 /home/fido/bin/fido_gpg.sh @file -sa
;sign
EXTERNUTIL 2 /home/fido/bin/fido_gpg.sh @file --clearsign
;clearsign
EXTERNUTIL 3 -Wipe /home/fido/bin/fido_gpg.sh @file -ea -r "@dname" -r "@oname" ;encrypt
EXTERNUTIL 4 -Wipe /home/fido/bin/fido_gpg.sh @file -esa -r "@dname" -r "@oname" ;enc & sign
EXTERNUTIL 5 /home/fido/bin/fido_gpg.sh @file -u "@dname"
;decrypt
EXTERNUTIL 6 -noreload /home/fido/bin/fido_gpg.sh @file -ka -u "@dname"
;add key

EDITSAVEUTIL 1 "S PGP Sign the msg"
EDITSAVEUTIL 2 "L PGP CLear-Sign the msg"
EDITSAVEUTIL 3 "E PGP Encrypt the msg"
EDITSAVEUTIL 4 "T PGP EncrypT & Sign the msg"

wilnux5:/home/fido/bin # cat fido_gpg.sh
#!/bin/dash
TFILE=$(mktemp) || exit 1
chmod a+rw $TFILE
IFILE="$1"
shift
sudo -u wilfred gpg --yes "$@" -o $TFILE $IFILE
mv -f $TFILE $IFILE

This because golded runs as user fido. (This could of course be improved to check for the exit status of gpg before overwriting the $IFILE)

Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

On 09/01/2020 5:47 a.m., Wilfred van Velzen : August Abolins wrote:

We were talking about decrypting. Signing you do with
encrypting. I already have/had macros in place for that in
golded. They are presented to me as options in the menu when I
save the message I just entered...

Noted. I used the wrong term, signing. I was thinking about the part
where we enter the passphrase. The TB/Enigmail combo is making me lazy
with the operations ..and the terminology. I just have to click a
button for either "sign" or just "encrypt" or both. For decrypting,
another button reveals the signatures/verifications used *before* you
actually trigger a decrypt (unless you configure it to auto-decrypt).

I can't imagine doing this outside of TB. I've only started to look
into the macro support in OpenXP, but it's looking too complicated.

--- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

On 09/01/2020 2:26 p.m., Wilfred van Velzen : Tommi Koivula wrote:

EXTERNUTIL 1 /home/fido/bin/fido_gpg.sh @file

-sa                       

              ;sign

Stupid question. Why would you just sign a message without the -e for encryption?

--- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

Below is my reply to your message. It's not encrypted only signed (but not clearsigned). Anyone with gpg can decode it and view it's contents. If they have my public key they can verify it was me who wrote it. Why you would want to do it this way, I don't know. I can't think of a use-case for it...

-----BEGIN PGP MESSAGE-----
Version: GnuPG v2

owGbwMvMwMRovbl2hdf0ydqMaxlNk7jS83NSUlP0covT48Qnf/DIVHAsTS8tLtHh 4vLPUzAyMDLQNTDUNbBUMDKyMja3MjDVUajML1UoL8ovSVUoyVfITbXi4lKws1Nw jQhxDfILDfH0UTBU0M/Iz03VT8tMyddPyswDM+LTC9L1ijMUHNIyc1IVdIsTFayL M9PzgJodHe0UgktKCzJTFApLU4tLMvPz9BQUwjMqFcrzS3NSwPZlAZ2kAFKvkAi0 srg4MT1VoTyzJCO/tEShJANoXqpCWn4RxKzUvOSiygKQMfZcXJ4K5YnFQCWZedmZ eelgtcWJualgkXQ9BWtdTS4un9QSdaCaokqFzBIFkIn5eSD5YoWi1IKcSj0uLqfK VB2F8MyctCJgSHFxdTLJsDAwMjGwsTKBwoyBi1MAFqaFjwUYevb6Se79/V15cuzE KbqeIj8SN7v5Bv4+t6jyVVdOjL/IPRORvOCVbzZmWO/JD1W9tNrxdZEv3/XzJ+9v Z47lVt5ea9IcxTCRgztU+e0scfc5gXnzeD/ULBV7nsK7VvtNkkNvwZIY1tY5cR7K S/k2ub2J4Ja9sFW28nVAd9VPxdI00fheP/kXLJdyVJ69n94aYuJq2NwiOj3dfenC qx9uzo1Ts9WZUXJK18NKkcP7/NHpntfXcL7jjNwV96bInTt9dsOj1jnpb3bEqcQr /MjODeX8XySkdjRpXfiD4FyPzNWCBj3dC4V5NVNkJ7inndA9kJYSlrV/8e70H2Gb vouo7/a7vSSazz1Nz15+gv+d3eeL7D5O27vpd9WJWX0rmOcaPb39RfBd070Xhm57 Ty3K/vpJ09VHc2nWjr+Zm3T3zPae3n6zVLI75AFHbspLB4+ZO3JerMqf+zso3O9x nh9/+PR5i183G13gzuiYErX005Ksyj1+mnwX6w63hs2Vs0p4duPRQ9/6FKPdCgnJ Qbvfzp17/fspnZx58ZeMVz6tDNn7Pd3nUkkkT0q6/aOJ/ic+aexredqTEnx+sUOF 5fL3bUJHF2lmSW86spGBf/7BW6lKQf3LU5JqC6NinuzULTkVFzXx9PuOYN21E0UL o6yd/eKcRJpsLrZce6Z3rcvjTMP6OvPacxW2Uz+fuLKVdfK79zcPqB/pEZuZKQsA
=J/zF
-----END PGP MESSAGE-----
--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi August,

On 2020-01-09 22:37:05, you wrote to me:

EXTERNUTIL 1 /home/fido/bin/fido_gpg.sh @file -sa ;sign

Stupid question. Why would you just sign a message without the

-e for AA> encryption?

I was thinking the same thing. ;-)

Let's try it out on this reply.

OK.. I received it with the usual PGP BLOCK header, and all the
gibberish, so it *is* encrypted?

But the difference would be that anyone who has my or your public key
can read it?






-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEE0OsqKVIE8xZ+slA87w6JZVeJWJsFAl4XmJYACgkQ7w6JZVeJ WJtqzQf/YA+QXVfg46z5GIQ1WwNrwF5afKr312U1dndleLYh/b7WQsq8MF8C+uE2 YoicxXFA8KqVwuLG+KTQcC3vomNQ+gCZeiMIC7lDT8Ocl8ePxisLT1rpHKvltp2s 6ZBkfZoD8C4I5pL9bErcInmhRx18dTp1SECdYuMYvUiOX7H9T3sUxi8154ZTryGt N2D2hCugtu0JcTs+i/dYSBxjEFFta+mQvWG6t8GSdguK3299/HgVtu8t2idc9e/e xl5uLujCEe5Kkqbo2IMQfjpe2jCMj9TNBsN4N3n1Ang1hxBbnypuGre/Fb7r5WLU yzVYwf5ysZc6MjYpM4cGydYyuzb8FQ==
=t3h/
-----END PGP SIGNATURE-----

--- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

On 09/01/2020 4:08 p.m., Wilfred van Velzen : August Abolins wrote:

Below is my reply to your message. It's not encrypted only signed (but
not clearsigned). Anyone with gpg can decode it and view it's contents.
If they have my public key they can verify it was me who wrote it. Why
you would want to do it this way, I don't know. I can't think of a
use-case for it...

TB decrypted it automatically, (but it obscured your preface above; the decryption result in TB fills the whole reading window of the open message).

It contained this security header info:

Part of the message signed Good signature from Wilfred van Velzen <wvvelzen@gmail.com> Key ID: 0xD50ECD4F514B75DC0A064F893BB37DA84A97932B
/ Signed on: 01/09/20, 3:58 PM Key fingerprint: D50E CD4F 514B 75DC 0A06
4F89 3BB3 7DA8 4A97 932B Used Algorithms: RSA and SHA-1

I assume that it can then be read by anyone who has the key of the
author. ?

If so, then a good practical use would be if you wanted a totally
obscured message stream by adding an extra layer of frustration to just
anyone, or even from the bots that skim messages. ? I kinda like that.

It would force the would-be reader to collect the keys of everyone who
is writing the messages, but still remain a lurker. ?

Not good good for sharing sensitive info though.

--- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

Hi Wilfred,

Further to your preceding message, you sent it signed with SHA1.

In the real world outside of fidonet it might be wise never to use that:

https://www.pcworld.com/article/3173791/stop-using-sha1-it-s-now-completely-unsafe.html

https://tinyurl.com/t98dpl5

--- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

Hi August,

On 2020-01-09 23:18:55, you wrote to me:

EXTERNUTIL 1 /home/fido/bin/fido_gpg.sh @file -sa ;sign

Stupid question. Why would you just sign a message without the

-e for AA> encryption?

I was thinking the same thing. ;-)

Let's try it out on this reply.

OK.. I received it with the usual PGP BLOCK header, and all the gibberish, so it *is* encrypted?

No, only signed and ascii-encoded.

But the difference would be that anyone who has my or your public key
can read it?

No, anyone can read it period. If they have my public key they can verify it's from me, but they don't need it to read the message. Your key was not involved.

Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

Hi August,

On 2020-01-09 23:35:38, you wrote to me:

Below is my reply to your message. It's not encrypted only signed (but
not clearsigned). Anyone with gpg can decode it and view it's contents.
If they have my public key they can verify it was me who wrote it. Why
you would want to do it this way, I don't know. I can't think of a
use-case for it...

TB decrypted it automatically, (but it obscured your preface above; the decryption result in TB fills the whole reading window of the open message).

I get the same thing when I decode a message with mixed content from within golded. It's to be expected. But golded doesn't decode unless told to, so I always see the mixed content first...

It contained this security header info:

Part of the message signed Good signature from Wilfred van Velzen <wvvelzen@gmail.com> Key ID: 0xD50ECD4F514B75DC0A064F893BB37DA84A97932B
/ Signed on: 01/09/20, 3:58 PM Key fingerprint: D50E CD4F 514B 75DC 0A06 4F89 3BB3 7DA8 4A97 932B Used Algorithms: RSA and SHA-1

Good.

I assume that it can then be read by anyone who has the key of the
author. ?

No you don't even need the key, to decode it, only to verify it.

If so, then a good practical use would be if you wanted a totally
obscured message stream by adding an extra layer of frustration to just anyone, or even from the bots that skim messages. ? I kinda like that.

It would force the would-be reader to collect the keys of everyone who
is writing the messages, but still remain a lurker. ?

It doesn't work that way.

Not good good for sharing sensitive info though.

Nope. And it wasn't intended for that purpose.

Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi August,

On 2020-01-09 23:45:04, you wrote to me:

Further to your preceding message, you sent it signed with SHA1.

In the real world outside of fidonet it might be wise never to use that:

https://www.pcworld.com/article/3173791/stop-using-sha1-it-s-now-completel y -unsafe.html

Yeah, I already thought so. It's the default in my older gpg version. Let me try and change that...

Bye, Wilfred.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJeF6ccAAoJEDuzfahKl5MrnSQP/jvrgB+DPEFVATXJfRs26lxI If4XtA1x+kRPZd4/hvlQPsFhmGIVA8/oG84kDWA+koVRc2oql85/G0STZ2IuB8tH toqnlcNlg5O3XpRTWF84t6waJmHITB3O/oNTonJUE4mg1TJOht3xGGdKvvv2bJMU Elm2nlJhHqkwtqXq4PQop7h4FSEVtSZUUqw8JckmMEOioO0NjHR0OPpD1K5oHZTB a9XxUNiDZqnBk3AOB57Jc18LGeWFZWTfrzOMp9BM2sI82Yc42rODv2KCVO1GtEWY YSWZZBmuKZrZtNWr+y8qpdKu4QhDfTxla1+0KGc29a9YdIZCHXk6BTucdR/IJ7Ac IVVm4lL2K3EkX4Hi7eZSDfo/y1L4UTGIFc/y30iZEZUgON0imW/PLcRQlaekAuQp IXxipB44oHz5H06rBTcPvKTWLeYm7uXMZ+8c9UHZPK4/zXO3MgYzNj9oF33+kKHd kFRSuv2KYLPvOyfScV1sVDwh91VTBHYm2xss8LsVEzihNSAUeqFMp5Z/twYbnAtV YXvulX1HAyhhgTXYFRXlWI5OYzpL6xzMgI4O/hEjVTx1W4N7CpyEBiktmbv3I5fJ ingac1ookiiLDLfZrZUb2ZFXJg+TqLnMZPzE9ee8UjC59BzdkoUQI7+TJeoYfh+G WWB6fmL8MKX1R9AKfHxa
=vhW8
-----END PGP SIGNATURE-----
--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

On 1/9/2020 4:52 PM, between "Wilfred van Velzen : August Abolins":

Below is my reply to your message. It's not encrypted
only signed (but not clearsigned). Anyone with gpg can
decode it and view it's contents. If they have my public
key they can verify it was me who wrote it. Why you would
want to do it this way, I don't know. I can't think of a
use-case for it...

I will believe that when I get an -s signed message from someone for
whom I do not have a key. Maybe mark will oblige, as I do not have his key.

TB decrypted it automatically, (but it obscured your
preface above; the decryption result in TB fills the whole
reading window of the open message).

I get the same thing when I decode a message with mixed
content from within golded. It's to be expected. But golded
doesn't decode unless told to, so I always see the mixed
content first...

I just discovered something interesting. TB 60 obscures the clear-text
preface after auto-decrytion, but TB 2.0.0.24 (the one I am using now)
shows both mixed content *with* the decrypted part. I like the way the
older TB/Enigma operates! But sadly, I may have to leave TB 2.0.0.24
when my Win10 pc is ready to use. :(

--- Thunderbird 2.0.0.24 (Windows/20100228)
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

On 1/9/2020 5:20 PM, between "Wilfred van Velzen : August Abolins":

Further to your preceding message, you sent it signed with
SHA1.

Yeah, I already thought so. It's the default in my older
gpg version. Let me try and change that...

TB 2.0.0.24 warned me with this:

gpg command line and output:
C:\Program Files\gnupg\bin\gpg.exe
gpg: Signature made 01/09/20 17:20:12 Eastern Standard Time
gpg: using RSA key 3BB37DA84A97932B
gpg: BAD signature from "Wilfred van Velzen <wvvelzen@gmail.com>" [unknown]

It is warning me that you are not the person who claims to have written
that?

Maybe the new and old gpg programs are using different local key files
on your pc?

../|ug

--- Thunderbird 2.0.0.24 (Windows/20100228)
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

Hi August,

On 2020-01-10 05:39:12, you wrote to me:

Below is my reply to your message. It's not encrypted
only signed (but not clearsigned). Anyone with gpg can
decode it and view it's contents. If they have my public
key they can verify it was me who wrote it. Why you would
want to do it this way, I don't know. I can't think of a
use-case for it...

I will believe that when I get an -s signed message from someone for
whom I do not have a key. Maybe mark will oblige, as I do not have his key.

I tested it on another user account on my linux machine that hasn't got yours or mine keys installed in it's gpg configuration. I get:

------------------------------------------------------------------------------ # gpg <signed.msg.txt
Hi August,

On 2020-01-09 22:37:05, you wrote to me:

EXTERNUTIL 1 /home/fido/bin/fido_gpg.sh @file -sa ;sign

Stupid question. Why would you just sign a message without the -e for encryption?

I was thinking the same thing. ;-)

Let's try it out on this reply.

Bye, Wilfred.

gpg: Signature made Thu Jan 9 21:58:24 2020 CET using RSA key ID 4A97932B
gpg: Can't check signature: No public key
# ------------------------------------------------------------------------------

You could try the same thing on windows. ;)

Btw: This is a good example when it's usefull to run gpg without options! ;)

Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

Hi August,

On 2020-01-10 05:55:01, you wrote to me:

Further to your preceding message, you sent it signed with
SHA1.

Yeah, I already thought so. It's the default in my older
gpg version. Let me try and change that...

TB 2.0.0.24 warned me with this:

gpg command line and output:
C:\Program Files\gnupg\bin\gpg.exe
gpg: Signature made 01/09/20 17:20:12 Eastern Standard Time
gpg: using RSA key 3BB37DA84A97932B
gpg: BAD signature from "Wilfred van Velzen <wvvelzen@gmail.com>"

[unknown]

It is warning me that you are not the person who claims to have written that?

No, than it would say something different. This just means the cleartext, has been changed from it's original when you verify it.

Maybe the new and old gpg programs are using different local key files
on your pc?

Nope.

I just tested the original text on my windows pc at work, and I get:

gpg: WARNING: no command supplied. Trying to guess what you mean ...
gpg: Signature made 01/09/20 23:20:12 W. Europe Standard Time
gpg: using RSA key 3BB37DA84A97932B
gpg: Good signature from "Wilfred van Velzen <wvvelzen@gmail.com>" [full]
gpg: aka "Wilfred van Velzen <wilfred@vvlzn.nl>" [unknown]
gpg: aka "[jpeg image of size 5943]" [unknown]

So...?

Maybe Tommi and/or Mark can try to verify it.

Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

On 10/01/2020 3:18 a.m., Wilfred van Velzen : August Abolins wrote:

I tested it on another user account on my linux machine that
hasn't got yours or mine keys installed in it's gpg
configuration. I get:

------------------------------------
# gpg <signed.msg.txt

[snip]

Btw: This is a good example when it's usefull to run gpg
without options!

Very nice. Thanks for explaining and showing that.

I'll have to try that on a virgin pc with a fresh TB/Enigmail/gpg
installation with no keys.

--- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

On 10/01/2020 3:21 a.m., Wilfred van Velzen : August Abolins wrote:

TB 2.0.0.24 warned me with this:

gpg command line and output: C: \Program
Files\gnupg\bin\gpg.exe gpg: Signature made 01/09/20 17:20:12
Eastern Standard Time gpg: using RSA key 3BB37DA84A97932B gpg:
BAD signature from "Wilfred van Velzen <wvvelzen@gmail.com>"
[unknown]

I just tested the original text on my windows pc at work, and I
get:

gpg: WARNING: no command supplied. Trying to guess what you
mean... gpg: Signature made 01/09/20 23:20:12 W. Europe
Standard Time gpg: using RSA key 3BB37DA84A97932B gpg: Good
signature from "Wilfred van Velzen <wvvelzen@gmail.com>" [full]
gpg: aka "Wilfred van Velzen <wilfred@vvlzn.nl>" [unknown] gpg:
aka "[jpeg image of size 5943]" [unknown]

So...?

Maybe Tommi and/or Mark can try to verify it.

According to the dates (and time), we have exactly the same version of
your keys. So, if Tommi (or me) signed your key, and I refreshed your
keys on my systems, then the error "BAD signature" message to me would
go away?

BAD signature sounds misleading. It's that you just don't have anyone
to have vouched for you yet?

Man.. there is a plethora of terminology in this environment to get
familiar with.

--- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

Hi August,

On 2020-01-10 17:23:42, you wrote to me:

I tested it on another user account on my linux machine that
hasn't got yours or mine keys installed in it's gpg
configuration. I get:

------------------------------------
# gpg <signed.msg.txt

[snip]

Btw: This is a good example when it's usefull to run gpg
without options!

Very nice. Thanks for explaining and showing that.

I'll have to try that on a virgin pc with a fresh TB/Enigmail/gpg installation with no keys.

You should be able to just create a new user on your current windows pc. That new user shouldn't use the configuration/keys of your current user.

Or if you don't want to do that, just create a new virtual machine.

Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

Hi August,

On 2020-01-10 17:33:30, you wrote to me:

gpg: WARNING: no command supplied. Trying to guess what you
mean... gpg: Signature made 01/09/20 23:20:12 W. Europe
Standard Time gpg: using RSA key 3BB37DA84A97932B gpg: Good
signature from "Wilfred van Velzen <wvvelzen@gmail.com>" [full]
gpg: aka "Wilfred van Velzen <wilfred@vvlzn.nl>" [unknown] gpg:
aka "[jpeg image of size 5943]" [unknown]

So...?

Maybe Tommi and/or Mark can try to verify it.

According to the dates (and time), we have exactly the same version of your keys. So, if Tommi (or me) signed your key, and I refreshed your keys on my systems, then the error "BAD signature" message to me would
go away?

No. 'BAD signature' really means a bad signature!

BAD signature sounds misleading. It's that you just don't have anyone
to have vouched for you yet?

Nope that isn't it!

When I try to check a signature on a message that was signed with a key which I
haven't signed yet I get for instance:

gpg: Signature made do 09 jan 2020 22:18:14 CET using RSA key ID 5789589B
gpg: Good signature from "August Abolins <august@kolico.ca>" [unknown]
gpg: aka "August Abolins <august@R_E_M_O_V_Ekolico.ca>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: D0EB 2A29 5204 F316 7EB2 503C EF0E 8965 5789 589B

That still says 'Good signature'! But gives a warning about the key.


Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

On 1/10/2020 11:04 AM, between "Wilfred van Velzen : August Abolins":

According to the dates (and time), we have exactly the same
version of your keys. So, if Tommi (or me) signed your key,
and I refreshed your keys on my systems, then the
error "BAD signature" message to me would go away?

No. 'BAD signature' really means a bad signature!

What made it report BAD for me? It was exactly the same pub key pair
between us. The exact time and date proved that.

--- Thunderbird 2.0.0.24 (Windows/20100228)
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

Hi August,

On 2020-01-11 02:07:22, you wrote to me:

According to the dates (and time), we have exactly the same
version of your keys. So, if Tommi (or me) signed your key,
and I refreshed your keys on my systems, then the
error "BAD signature" message to me would go away?

No. 'BAD signature' really means a bad signature!

What made it report BAD for me? It was exactly the same pub key pair between us. The exact time and date proved that.

So if the keys weren't the problem. Something must have changed in the plain text that was signed, before it reached you, that made it fail the verify...

Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

On 11/01/2020 5:31 a.m., Wilfred van Velzen : August Abolins wrote:

What made it report BAD for me? It was exactly the same pub key
pair between us. The exact time and date proved that.

So if the keys weren't the problem. Something must have changed
in the plain text that was signed, before it reached you, that
made it fail the verify...

So, when it says "BAD signature", it's talking about the signature of
the message?

Hmmm. A single char difference (maybe the odd =20 char) gets
introduced) and messes up the "signature" of the message.

I see that happening when I need to copy/paste the contents of a PGP
block and paste it into my BlackBerry's pgp decryptor window. It always
seem to return an error and never decrypts.

--- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

Hi August,

On 2020-01-11 19:12:27, you wrote to me:

What made it report BAD for me? It was exactly the same pub key
pair between us. The exact time and date proved that.

So if the keys weren't the problem. Something must have changed
in the plain text that was signed, before it reached you, that
made it fail the verify...

So, when it says "BAD signature", it's talking about the signature of
the message?

Yes.

Hmmm. A single char difference (maybe the odd =20 char) gets
introduced) and messes up the "signature" of the message.

Yes.

I see that happening when I need to copy/paste the contents of a PGP
block and paste it into my BlackBerry's pgp decryptor window. It always seem to return an error and never decrypts.

Ok...

Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 07/01/2020 8:10 a.m., mark lewis : August Abolins wrote:

encrypted and/or signed messsges are allowed in this echo...
AFAIK, this is the only echo that allows such

I recently updated my Win7 pc to TB 68 + the corresponding
Enigmail/GPG plugin.

But signed clear-text email seems to be rolling out with:

gpg command line and output:
C:\Program Files\gnupg\bin\gpg.exe
gpg: invalid armor header: Â \r\n
gpg: invalid armor header: Â \r\n


Signed clear-text messages from other people in this echo look good
and process properly.

So, I am testing one originating from this new TB68/Enigmail combo to
see if the "invalid armor header" is a problem here.

I'd hate to roll back TB. But maybe all I have to do is rollback the
Enigmail plugin version?


- --
Quoted with Reformator/Quoter. Info = https://tinyurl.com/sxnhuxc
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEE0OsqKVIE8xZ+slA87w6JZVeJWJsFAl4scOIACgkQ7w6JZVeJ WJugNQf/TcvM1zQJi8hN42CQDCtsTbX0hu2B/Smg3k/zy6aCB5FabIRGxgQCt3C0 yROmIvUpLLwQQ8MMwzYqQfvb25ifmt1NwCNHl2sPSQVeIUQPaU/6PNeikgSNhmXH w7SxK7upP17sAjIY3sG+lOto2S6HgDtt8MVyZrbr4BAUK6EfG475oTsKgo3jezTc ALa2W3tVByYS6TlnvuyqEFJkbShw6ddl+lIclYsK3A8B0y4S+rOLlklUyloUbVY1 u4BBpQAyWXzwLb9Mfm7W/X0pcCzlxCEtn4RXblMg9o7UnVNviYupc31HbLCAo/FO 61EYIA3M6lOe/QCfx6jk62qF+xFNLg==
=iByN
-----END PGP SIGNATURE-----

--- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

Hi August,

On 2020-01-25 18:46:39, you wrote to mark lewis:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 07/01/2020 8:10 a.m., mark lewis : August Abolins wrote:

encrypted and/or signed messsges are allowed in this echo...
AFAIK, this is the only echo that allows such

I recently updated my Win7 pc to TB 68 + the corresponding
Enigmail/GPG plugin.

But signed clear-text email seems to be rolling out with:

gpg command line and output:
C:\Program Files\gnupg\bin\gpg.exe
gpg: invalid armor header: Â \r\n
gpg: invalid armor header: Â \r\n

Signed clear-text messages from other people in this echo look good
and process properly.

So, I am testing one originating from this new TB68/Enigmail combo to
see if the "invalid armor header" is a problem here.

I'd hate to roll back TB. But maybe all I have to do is rollback the Enigmail plugin version?

- --
Quoted with Reformator/Quoter. Info = https://tinyurl.com/sxnhuxc -----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEE0OsqKVIE8xZ+slA87w6JZVeJWJsFAl4scOIACgkQ7w6JZVeJ WJugNQf/TcvM1zQJi8hN42CQDCtsTbX0hu2B/Smg3k/zy6aCB5FabIRGxgQCt3C0 yROmIvUpLLwQQ8MMwzYqQfvb25ifmt1NwCNHl2sPSQVeIUQPaU/6PNeikgSNhmXH w7SxK7upP17sAjIY3sG+lOto2S6HgDtt8MVyZrbr4BAUK6EfG475oTsKgo3jezTc ALa2W3tVByYS6TlnvuyqEFJkbShw6ddl+lIclYsK3A8B0y4S+rOLlklUyloUbVY1 u4BBpQAyWXzwLb9Mfm7W/X0pcCzlxCEtn4RXblMg9o7UnVNviYupc31HbLCAo/FO 61EYIA3M6lOe/QCfx6jk62qF+xFNLg==
=iByN
-----END PGP SIGNATURE-----

I'm getting:

gpg: Signature made za 25 jan 2020 17:46:26 CET using RSA key ID 5789589B
gpg: BAD signature from "August Abolins <august@kolico.ca>" [unknown]

On this one...

Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 1/25/2020 3:42 PM, between "Wilfred van Velzen : August Abolins":

I recently updated my Win7 pc to TB 68 + the corresponding
Enigmail/GPG plugin.

But signed clear-text email seems to be rolling out with:

gpg command line and output:
C:\Program Files\gnupg\bin\gpg.exe
gpg: invalid armor header: Â \r\n
gpg: invalid armor header: Â \r\n

I'm getting:

gpg: Signature made za 25 jan 2020 17:46:26 CET using RSA key ID

5789589B

gpg: BAD signature from "August Abolins <august@kolico.ca>" [unknown]

On this one...

THANK YOU.

Something is wrong with TB 68 + Enigmail. I am guessing it might have
to do with using UTF-8 for message encoding with that system.

The invalid "Â" char in the PGP block is suspect of that cause.

- From my quick initial research, there is supposed to be the equivalent
of a &nbsp; where the "Â" shows up in the block.

Meanwhile, this time, THIS message is originating from the TB 20.0.0.4.
I am using UTF-8 message encoding, like I have configured for these
nntp message areas here.

Let's see how the signed clear-text behaves.


-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEE0OsqKVIE8xZ+slA87w6JZVeJWJsFAl4s+E8ACgkQ7w6JZVeJ WJts8wgApfinpTTIUpnag4dTVFFXRo21CW847SRm/xuNCWbvBRaxLTxDhf3gV5wo RsiRMCTx1hoFYaS1ZpWg0ZixcbasHvAfz5OBX3wN8is9NW94lxaQOhUYxoi2vZ9C dvN10bvTWoorWfCYt7kkbdFfVkJynEb8vO2HfCBcy6XxRz+a4BNgqs3qNPs36Juv YN/w8qlWYFPEOr0HuLCulpHBqDvPT1r/aS7yK7MIE6B2v36GPYT4DxKQGNyQP3HE GziAzVlzJVumt5HpLT9wjgPdn6VvOTPM4EPkxLcN0z1fsZHY/h5RhkcgrAFnRUhp qfD2gJI4TomJY03c7aTc8/3wMiFUug==
=VfXg
-----END PGP SIGNATURE-----

--- Thunderbird 2.0.0.24 (Windows/20100228)
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

Hi August,

On 2020-01-26 04:24:19, you wrote to me:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Let's see how the signed clear-text behaves.

This signature was ok...

Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

On 1/26/2020 7:12 AM, between "Wilfred van Velzen : August Abolins":

AA> Let's see how the signed clear-text behaves.

This signature was ok...

Thanks for confirming. That one went out with UTF-8 encoding, but my
own copy (viewing locally) did not verify! :(

gpg command line and output:
C:\Program Files\gnupg\bin\gpg.exe
gpg: Signature made 01/25/20 21:24:15 Eastern Standard Time
gpg: using RSA key D0EB2A295204F3167EB2503CEF0E89655789589B
gpg: BAD signature from "August Abolins <august@kolico.ca>" [ultimate]


So, it seems that clear-text signing is only gonna work if I avoid UTF-8 charset and stick with ISO 8859-1.

--- Thunderbird 2.0.0.24 (Windows/20100228)
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)