24 Feb 16 22:16, you wrote to Moderator:

 PH> On 02/01/16, Moderator pondered and said...

 Mo>>   1. The purpose of this echo is to provide a place to discuss
 Mo>>      public-keys for data privacy within FidoNet and elsewhere. We
 Mo>> also
 Mo>>      consider electronic signature possibilities using public-keys and
 Mo>>      discuss data and software encryption and the various schemes and
 Mo>>      programs that produce them.

 PH> Would like to restart that conversation. :)

have at it :)

 Mo>>   5. No Private flagged messages in Echomail! Encrypted traffic using
 Mo>>      public-keys is permitted for the exercise so long as it is
 Mo>>      on-topic. Don't send person-specific encrypted traffic. Such
 Mo>>      specific traffic belongs in direct Netmail. Encrypted traffic
 Mo>>      should be in the form of ASCII-armored or personal key encrypted
 Mo>>      messages that can be read by anyone with PGP 2.6+ and your
 Mo>>      public-key. Include your public-key in a separate message before
 Mo>>      sending such test messages in case the other end doesn't have it
 Mo>>      or make them aware of how to get it from your system. If you just
 Mo>>      want to post your public-key, use PKEY_DROP Echo.

 PH> Walk me through this Mark, I'm just learning about public/private keys and
 PH> getting my head around all of this.

i'll try but it has been ages and ages... back then i was doing it with TimED
and the original phil zimmerman PGP on my OS/2 box... i've not even thought to
try it on this linux box but i have played about to see if i could get my
ancient signed keys copied over and used with today's privacy stuff... i don't
recall the results but it was a real ugly battle...

 PH> So I have installed a gpg4win bundle on my pc and have created a
 PH> public key which I can post here and you (or others) can then use to
 PH> encrypt a message to send to me - right?

yes... your signature should also end up on one of the public keyring servers
so that anyone can retrieve it... the trick is interfacing with FTN software
if you want to use it in this environment... the body of the message, without
control lines, has to be saved to a temp file, pgp or gpg run on it to wrap
and sign it and then the temp file gets imported to replace the original... on
my TimED/2 system, i have the following options and commands...

[C]lear Signed
  x:\pgp\pgp -ast +clearsig=on x:\timed\timed.msg > nul
  move x:\timed.timed.asc x:\timed\timed.msg > nul

Encrypt [T]o
  input /C /E ID to encrypt to : %%encto
  x:\pgp\pgp -e x:\timed\timed.msg %encto
  move x:\timed\timed.asc x:\timed\timed.msg

Encrypt [F]rom
  set encfr=0xMyKeyId
  input /C /E ID to encrypt to : %%encto
  input /C /E ID to encrypt from : %%encfr
  x:\pgp\pgp -es x:\timed\timed.msg %encto -u %encfr > nul
  move x:\timed.timed.asc x:\timed\timed.msg > nul

[P]ublic Key
  copy x:\timed\timed.msg+x:\pgp\mykey.asc x:\timed\timed.msg


ok... all the above is done using TimED's external editor capability... i
defined the editor as a BAT file... then we take steps to save a backup copy
of the message we're fixing to work on and clean up a few other intermediate
files to ensure they won't get in the way... then we fire up our external
editor (qedit in my case) and write our reply or create our new message...
when we exit the external editor, then the BAT file offers us some options to
do PGP things to the message or add a signature of which one of several can be
selected from or we can abort the message completely... the PGP things we can
do are listed next...

"[C]lear Sign" signs the message file that it is fed... the resulting file has
a different extension that we must move to the original file that the
reader/editor is expecting...

"Encrypt [T]o" uses the 4DOS "input" command to get a string from the keyboard
and save it to an environment variable... the /C clears the buffer of stray
keystrokes... /E allows us to edit the buffer... the rest is the prompt... if
i were to encrypt a message to you, then i would type in your ID... the pgp
"-e" option encrypts a plaintext file with the recipient's public key... then
the text file is encrypted using your public key... the last step is to move
the file to the original name...

"Encrypt [F]rom" does the same as "Encrypt [T]o" except that it encrypts with
the recipient's public key as well as signing with my private key...

"[P]ublic key" just adds my ascii public key to the message so that others can
add it to their keyrings...


it should be noted that TimED does also provide direct access to these
functions via its execrypt, exesign, and execryptsign options... IIRC, those
were introduced later after the above method using the external editor and
kewl BAT file majik... i've just never switched over although i do have
something that i used to use in the exesign which was another BAT file
allowing me to select a mood and have that added to the message as another
control line ;)

eg: ^AMOOD: Fat and Sassy :)

 PH> But if I were to post and encrypted message here it would be of no use
 PH> to anyone unless I had encrypted it using someone elses public key (so
 PH> they could unlock it) - right?

it works two ways...

1. if you post a message encrypted with your PRIVATE key, anyone with your
PUBLIC key can decrypt it... that proves it was you that encrypted it...
2. if you post a message encrypted with my PUBLIC key, only i will be able to
decrypt it...

then there's signing a message instead of encrypting it... signing wraps the
message and places a digital signature at the bottom... others use your public
key to verify that you really did sign the message *and* that it hasn't been
altered in transit... signing is very common and generally seen in message
posting areas... encrypted stuff may be used more in private transactions,
though... i'm not sure there is a metric for counting those...

you can also encrypt and sign a message as seen in the above "Encrypt [F]rom"
option...

we have to make sure that in FTNs, and other places like news groups and
mailing lists, that we are having the tool to emit ascii and not binary... it
is possible to encrypt a message and the result is binary which is sent but
trying to get binary into a message and get it back out without altering it is
tricky at best... much easier to use ascii which is already formatted and
wrapped to 70 characters and ready to post anywhere...

)\/(ark
PGP Fingerprint 0xB60C20C5

Always Mount a Scratch Monkey

... Chemists don't die, they just stop reacting!
---
 * Origin:  (1:3634/12.73)