TIP: Click on subject to list as thread! ANSI
echo: public_keys
to: AUGUST ABOLINS
from: WILFRED VAN VELZEN
date: 2020-01-03 18:26:00
subject: Re: test
Hi August,

On 2020-01-03 18:20:39, you wrote to me:

 WvV>> I can now verify your message had a correct signature made with
 WvV>> this key:

 WvV>> wilfred@wilnux5: ~/tmp> gpg -- import aug.key gpg: key
 WvV>> 5789589B: public key "August Abolins
 WvV>> " imported gpg: Total number
 WvV>> processed: 1 gpg: imported: 1 (RSA: 1) wilfred@wilnux5

 AA> Cool!  I still have to learn how to do that here.

This was done by hand. I exported the message from golded to a file. Imported
the key from it, and then did the verify as the commands show...

 AA> I have used the pgp signing process in the long ago past, but now and
 AA> I am rusty and have only begun figuring out "the process" to use in
 AA> this new environment.

There are configuration lines in my golded config to do gpg/pgp functions, but
I can't remember when I last used them. Maybe never...

 AA> I like the Enigmail/OpenPGP integration in Thunderbird.

 AA> When pgp first came out found, I found it fascinating.

Me too.

 AA> I immediately wondered why *wouldn't* anyone want to use it on a
 AA> regular basic for email exchanges.

And in fidonet some systems wouldn't allow encrypted routed netmail messages to
pass their systems... I remember there was a lot of discussion going on about
that at the time.

 AA> I think my old public key is still out there. (I have not really
 AA> looked for it though. I don't remember the servers I used.)

Afaik most key-servers are connected to each other these days, and exchange
keys on a regular basis. So if your key is out there, it might be "everywhere".
;)

When I search for "abolins" on my (default) key-server it finds 27 keys as old
as from 1994. But none include a mention of "august".

 AA> The private key is probably still on a 3½ diskette, somewhere.

I have a lot of them still around (mainly Amiga formatted). Haven't tried them
in a few decades, and it would surprise me if they are still readable. ;)

 WvV>> The trust thing is sort of an issue. I can't just sign your key
 WvV>> (technically I could of course), because I can't verify it's
 WvV>> really you. Anyone could login to Tommy's nntp server
 WvV>> as 'August Abolins'. and "fake" email addresses are also easy
 WvV>> to create/get. And since you are not a node we can't even
 WvV>> exchange some crash netmails...

 AA> Well.. there *is* the email clue above.  ;)  A few email exchanges, and
the
 AA> analysis of the headers could be one way to get confidence whether the
 AA> email I claim to use above is really me or suspicious.

It would establish some trust I suppose. ;)

It would have helped if we already had email exchanges before this conversation
about keys though! ;)

 AA> There is still a trust issue in this whole process for sure. At least
 AA> one other person who could actually vouch that I am who I am would be
 AA> needed.

That would help!

 AA> W.r.t nntp, another "August Abolins" could come from many different
 AA> outside systems.  True.  But since registering on Tommi's system
 AA> requires human intervention, I don't think he would permit another me
 AA> to register on his system with exactly the same FN LN. So, technically
 AA> you could be confident that once you grab my public key from here,
 AA> future correspondences are from "the August Abolins originally seen on
 AA> Tommi's system." ?  :)

 AA> As a minimum, if Tommi were to sign my key, (since my messages are
 AA> originating on *his* system, and we can be sure that he's the *real deal*
 AA> operating his *own* system, and I had to be registered manually to have
 AA> access) then that would be a nice vote of confidence.

That would help. I already have Tommi's key(s):

wilfred@wilnux5:~/tmp> gpg -kv koivula
gpg: using PGP trust model
gpg: NOTE: signature key 2442E762 expired di 03 dec 2019 11:00:00 CET
gpg: NOTE: signature key 2442E762 expired di 03 dec 2019 11:00:00 CET
gpg: NOTE: signature key 2442E762 expired di 03 dec 2019 11:00:00 CET
pub   1024R/2442E762 2015-11-20 [revoked: 2019-12-02]
uid       [ revoked] Tommi Koivula 
uid       [ revoked] Tommi Koivula 
uid       [ revoked] Tommi Koivula 
sub   1024R/B8627807 2015-11-20 [revoked: 2019-12-02]

gpg: can't handle public key algorithm 22
gpg: can't handle public key algorithm 18
pub   4096R/56CDF35B 2017-10-27 [revoked: 2019-12-29]
uid       [ revoked] Tommi Koivula 
uid       [ revoked] Tommi Koivula 
uid       [ revoked] Tommi Koivula 
sub   4096R/3ECEC94C 2017-10-27 [revoked: 2019-12-29]

pub   4096R/B1F9FF53 2017-06-16 [expires: 2023-09-10]
uid       [ unknown] Tommi Koivula 
uid       [ revoked] Tommi Koivula 
uid       [ unknown] Tommi Koivula 
uid       [ unknown] Tommi Koivula 
uid       [ revoked] Tommi Koivula 
sub   4096R/7289F937 2017-06-16 [expires: 2023-09-10]

And I can already exchange (crash) netmail with him on a secure binkp
connection (we have a link).

 AA> There is another verification process I can suggest.  I'll cover that
 AA> later.  And maybe I'll encrypt that message!  

Cliffhanger! ;)

Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)
SOURCE: echomail via QWK@docsplace.org

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.