From: jason carr Area: Public Key Encryption To: L P 20 Feb 95 22:22:56 Subject: Offline Readers & Pgp UpdReq -----BEGIN PGP SIGNED MESSAGE----- L P wrote in a message to All: LP> What QWK mail offline readers that incorporate PGP are you LP> using that you especially like? What do you particularly LP> like/dislike about them? Where can I FREQ them to try them? Well... just about any OLR would work, I'd imagine. Just call a .bat file or PGPBLUE as the external editor. I use BWave when I'm remote, but that's just because I happen to have it lying around registered. I'm not aware of any OLRs out there with a PGP interface built right in. jason ... I have a firm grip on reality. Now I can strangle it. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: PGP_ECHO: CypherEcho to the gods... iQCVAwUBL0mHZUjhGzlN9lCZAQHtQwQAmedKH6Y1ItIgXJgjajem7vCWTwr2cMP+ 9mVhOLwP6/jf1dyBWKEMdOMbzILuuJP9H7RREjMwPEfXMyP+E2PRfHBCtoAr6NTm axuQftCnj+7E9SXo/w/pLrS6PM3J1QqtzB0qPRbH9XEw6z13hDsmBBoG6pDbufAF IZPSmgJPpgY= =ogxY -----END PGP SIGNATURE----- ... Key fingerprint = 60 97 B2 AE 7D 90 11 2F 05 1C 35 98 E9 B9 83 61 201434369420143436942014343694201434369420143436942014343694718 From: jason carr Area: Public Key Encryption To: Mike Ellis 20 Feb 95 22:27:02 Subject: PGPblue UpdReq -----BEGIN PGP SIGNED MESSAGE----- ME> Ok I just got Public Key and PGP blue going for the first ME> time. But i'm left with a few questions. If I JUST sing a ME> message and it is altered, can the person receiving the ME> message tell that it has been altered Yes. That's one of the main functions of a public key system like PGP. >> and if so do they need ME> me PublicKey to do it? Yes. It will be identified as a signature even without the your key, but cannot be checked for tampering/grunging without it. ME> Also what is the difference between PGP -s and PGP -sa to a ME> text file? Thanks, =====from the docs===== To sign a plaintext file with your secret key, type: pgp -s textfile [-u your_userid] Note that [brackets] denote an optional field, so don't actually type real brackets. ... PGP attempts to compress the message after signing it. Thus the signed file will likely be smaller than the original file, which is useful for archival applications. However, this renders the file unreadable to the casual human observer, even if the original message was ordinary ASCII text. It would be nice if you could make a signed file that was still directly readable to a human. This would be particularly useful if you want to send a signed message as E-mail. ... Many electronic mail systems only allow messages made of ASCII text, not the 8-bit raw binary data that ciphertext is made of. To get around this problem, PGP supports ASCII radix-64 format for ciphertext messages, similar to the Internet Privacy-Enhanced Mail (PEM) format, as well as the Internet MIME format. This special format represents binary data by using only printable ASCII characters, so it is useful for transmitting binary encrypted data through 7-bit channels or for sending binary encrypted data as normal E-mail text. This format acts as a form of "transport armor", protecting it against corruption as it travels through intersystem gateways on Internet. PGP also appends a CRC to detect transmission errors. Radix-64 format converts the plaintext by expanding groups of 3 binary 8-bit bytes into 4 printable ASCII characters, so the file grows by about 33%. But this expansion isn't so bad when you consider that the file probably was compressed more than that by PGP before it was encrypted. To produce a ciphertext file in ASCII radix-64 format, just add the "a" option when encrypting or signing a message, like so: pgp -esa message.txt her_userid ==================== jason ... I'd love to, but my favorite commercial is on TV. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: PGP_ECHO: CypherEcho to the gods... iQCVAwUBL0mM40jhGzlN9lCZAQGrFwQArKYVOrFSgubUdbDMy+dr1zn8U+P1hokB 8qxsDP01v7Ox2/0apkng1jK0Ur9Um8vIehzNPHararQ25b6VNpQqef9avA60WZdk VR7uj0KEG7EK+4+kiJ2OhKQBYwl83GDaxLWi18ylZq67qvvimqbaoGwKnDkdqehA sY/HoBbUHTo= =vjl4 -----END PGP SIGNATURE----- ... Key fingerprint = 60 97 B2 AE 7D 90 11 2F 05 1C 35 98 E9 B9 83 61 201434369420143436942014343694201434369420143436942014343694718 From: Richard Dale Area: Public Key Encryption To: Mike Ellis 20 Feb 95 10:51:10 Subject: PGPblue UpdReq ME>*is altered, can the person receiving the message tell that it has ME>*been altered and if so do they need me PublicKey to do it? If they indeed check it to see if it's from you, PGP will advise that the message has been altered and that their key isn't on your ring and which ring do you want it to check? You can just press ENTER and go on. I've checked several of my signatures. The first line or two is similar or identical in all of them, but most of the signature is different. It's a kind of "checksum" against the message. ME>*Also what is the difference between PGP -s and PGP -sa to a text file? the "a" makes the output ASCII in the switches such as -ea, etc. * 1st 2.00b #567 * I am Homer of Borg! Prepare to be. . .Ooooooo! Donuts! 201434369420143436942014343694201434369420143436942014343694718 From: Scott Meine Area: Public Key Encryption To: Mike Ellis 20 Feb 95 17:27:00 Subject: Re: Pgpblue UpdReq -----BEGIN PGP SIGNED MESSAGE----- - -==>> On 02-17-95 09:32, Mike Ellis said to All <<==- - -==>> Subj.: PGPblue <<==- ME> Ok I just got Public Key and PGP blue going for the first time. ME> But i'm left with a few questions. If I JUST sing a message and it ME> is altered, can the person receiving the message tell that it has ME> been altered and if so do they need me PublicKey to do it? ME> Also what is the difference between PGP -s and PGP -sa to a text file? ME> Thanks, ME> Mike, When you Sign a message, the reader can verify whether it has been altered, but only if they have added your Public Key to their keyring. I "think" the a in '-sa' specifies the signed or encrypted file should be in ASCII format. Like if you wanted to send a binary file by e-mail. But, I'm not sure. If I am correct, there would be no difference when signing a text file, as it is already in ASCII format. I just recently started messing around with PGP and PGP Blue myself. Scott -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBL0kedRmwj/NFAcrBAQH/sQL/Z5OYVNwr3zmlkVYwjhCETL0rzPFQIrBM T2DbQu/b7pIFWc+8/Hdzwv9pgHqYAZeqVBRgZMvweANT8okSWTRfAOk3riKJWKSD JpUOw0VB4FqL5EcIKOESkhE174F/5oyV =9cBy -----END PGP SIGNATURE----- ~~~ PGPBLUE 2.0 ... If ET married Peter Cetera he'd be ET CETERA. ___ Blue Wave/QWK v2.12 201434369420143436942014343694201434369420143436942014343694718 From: Gordon Campbell Area: Public Key Encryption To: jason carr 20 Feb 95 10:19:22 Subject: Do you guys think this type of thing is constructive? CommeUpdReq On (18 Feb 95) jason carr wrote to all... jc> Public key digital signatures (PGP signatures, in this case) are not jc> used for secrecy. Quite the opposite, they are used to authenticate jc> the message. jc> I'm not trying to convince you to allow the sigs, but rather pointing jc> out a possible [error? inconsistency? misunderstanding?] in the jc> rules. Well-reasoned and non-threatening though it may be, it probably won't do a heck of a lot of good. Most people who are confused about this sort of thing either aren't willing or able to understand the need/purpose for sigs. Cheers, .....G ... Avoid clichs like the Plague. 201434369420143436942014343694201434369420143436942014343694718 From: L P Area: Public Key Encryption To: Shawn Mcmahon 20 Feb 95 08:59:00 Subject: Unauthorized Info Gatheri UpdReq -----BEGIN PGP SIGNED MESSAGE----- <<***** On 02-20-95, SHAWN MCMAHON wrote to ARMANDO ORTIZ: *****>> SM> AO> PGP is illegal outside of the United States. SM> SM>Where did you get this rubbish? SM> SM>MIT's versions are illegal to export; that's it. Everybody else's SM>versions are completely legal in most countries. Curious. For someone writing a program related to PGP and making legal proclamations about it, Armando doesn't know much about it. This creates a definite credibility problem. BTW, here's an excerpt from the README.1st doc from PGP 2.6.i -- the international version. This view from the world outside of the U.S. should tell us something: PGP 2.6.i is not approved by MIT or PRZ or NSA or the Pope or anyone else. However, it should be possible to use it legally by anyone in the free world (i.e. all countries except USA, IRAQ and a few others). Most of the code was exported illegally from the USA, but once exported anyone may use it freely. So it goes, L P : WANTED -- A good woman who can clean, cook, fish, dig worms, & sew, : : and who owns a good fishing boat & motor. Please send photo : : of boat & motor. : ...--BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAgUBL0j33F3p8JHts+exAQFSWQP/Qied02Woh3YxXKrrfDa8fVk82Q/8B1O4 8IqN18bOtZlXLUJQ45mVCeWfDGrkhI5CDfrrk6bQkS/jkjvCTwUvLKmXaXVya4kP hNUHdzp4kv29/szMG0F4GXuiGPaCfOBUOz/JF9SmGuOjHdmjiqsJpKlG52WlsPsP qwSx9Xv/0aY= =1Pu+ ...--END PGP SIGNATURE----- ~~~ VbReader V1.4 # Origin: Who's Askin'? Matanuska-Susitna Valley, AK (1:17/75.0) * Origin: PODNet <-> FidoNet EchoGate! (93:9600/0.0) SEEN-BY: 107/946 147/1077 259/212 382/7 640/217 3611/19 9600/0 9608/0 9609/0 201434369420143436942014343694201434369420143436942014343694718 From: Ian Hebert Area: Public Key Encryption To: All 21 Feb 95 06:05:10 Subject: Is Big Brother watching y UpdReq ************* Original From: AN139408@ANON.PENET.FI * FORWARDED * To: ALL * MESSAGE * Date/Number: 02/11/95 - 0009145 ************* On: HOMEBASE - 3299 - alt.security. |29 ----------------------------------------------------------------------- *@SUBJECT:Is Big Brother watching you? Message-ID: <084404Z11021995@anon.penet.fi> Newsgroup: alt.security.pgp Organization: Anonymous contact service Folks: Many of you seem terribly worried by the notion that the NSA or one of its "secret arms" is working hard day and night to crack PGP. Perhaps even CSIS is hard at work struggling to read your mail. Maybe they are, maybe they aren't. Maybe they've cracked PGP, maybe they haven't. Maybe they just look in through the back door. The important question in all of this is: "Why would anyone want to read your mail?" For example: What would happen if a security agency opened every piece of mail in the Postal Service system next Tuesday? What would they find? They might find a certain amount of material which exposed criminal/subversive activity on the part of a few individuals. To get to that handful of material they would have to wade through mountains of drek. Those that would be exposed in such a sweep would be either members of the lunatic squad (dangerous because they could hurt anybody) or idiots (dangerous because they might hurt themselves) or amateurs (dangerous because they could turn pro). The real pros, the ones to look out for, would never be caught in such a heavy handed way. It takes finesse to catch a pro. The first step in that delicate game is identifying your target. Now, you might argue that it is much easier to "open" e- mail. Perhaps. And perhaps it would be easy to sort the wheat from the chaff. However, the same material would be found here as would be found in the hypothetical sweep of the postal service: lunatics, idiots and amateurs. Catching a pro this way would be an incredible long shot. For example, let's say that one on the many pieces of e-mail that floats through the channels has the following ciphertext: -----BEGIN PGP MESSAGE----- Version: 2.6 hGwDZ6iKZICrzrUBAwCFSLMi2ZX4sd99AXYKLUHoEVEvVGvzXhX15fKkNMPrCrXz LwNNNY7NFyzHyA3Mdsc019xg7lKyKpJhBq1wCOV088nzBWwy5+DM6yL86CHCiBpS YWVjC3f0H5/WfbwIxVGmAAAAW8S+qEUMEjW7vdjXFBYqsUkbkdXIPZqzbG/Ou8LV X3P98HeWeXC6G4AzcNnT47lKPR8p956Mjcagu0v8FbceYSqea26CJt47A42og5+K Qo7hfXgefOdQahRI6TM= =D1Ju -----END PGP MESSAGE----- They, whoever "they" are, use their PGP secret decoder key and come up with the plaintext: Let's get together at our favorite motel and renew our passion. How are "they" going to decide if this is just one of the thousands of pieces of drek that gets e-mailed every day or a message that really means: Meet at prearranged location 6-13 to review final plans for the operation. If you think that there is a way to make a proper discernment the please let someone in the intelligence community know, it will save everyone a lot of work. Many security services would consider it a nice bonus to be able to easily crack a target's PGP code. Short of that if a security service really wants information on a target there are more mundane approaches, time honored and proven. ------------------------------------------------------------------------- To find out more about the anon service, send mail to help@anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin@anon.penet.fi. 201434369420143436942014343694201434369420143436942014343694718 From: Chris Adams Area: Public Key Encryption To: Alan Pugh 21 Feb 95 00:21:08 Subject: My key and a story... UpdReq On (18 Feb 95) Alan Pugh wrote to Gordon Campbell... GC> Y'know, I really don't have any idea. It was the first time I tried it GC> and somehow it actually came out as 2048. I've messed around with it a GC> couple of times since and have always got 2047. AP> were you using pgp2.61 (an unofficial version)? it does not contain AP> the bug that stops 2.6.2 from creating 2048-bit keys. i've had it AP> successfully create a 4k-bit key as well. -just playing around with AP> it though. it's _far_ too slow to use on my current computer. What speed? ... Holodeck, run program "Kill_Wesley_One." 201434369420143436942014343694201434369420143436942014343694718 From: Chris Adams Area: Public Key Encryption To: Shawn McMahon 21 Feb 95 16:35:50 Subject: Quotes as passphrase UpdReq On (19 Feb 95) Shawn McMahon wrote to Chris Adams... CA> Probably. How would multitasking with something OS/2 affect it? It SM> seems CA> that swapping a few different programs in and out would complicate SM> their CA> job a bit keeping things straight. SM> They don't read your RAM, just your screen. (And, maybe, your keyboard.) SM> Multitasking wouldn't mean much. Actually, it could. What if you piped it all in from batch files? Anyway, they do read more than that. It is actually possible to monitor your CPU, based on the RF it puts off. I was just thinking that something like OS/2 with 20 apps open would complicate that job a LOT. ... Fact: Picard is the Sysop, Data the System, Wesley top .GIF D/L'er. 201434369420143436942014343694201434369420143436942014343694718 From: Chris Adams Area: Public Key Encryption To: L P 21 Feb 95 16:37:40 Subject: Unauthorized Info Gatheri UpdReq -----BEGIN PGP SIGNED MESSAGE----- On (19 Feb 95) L P wrote to Chris Adams... LP> You are right -- the developer's reasons regarding discriminating by age LP> were based upon speculation and his own prejudices. But, you'll notice I'd tend to think that younger is better, to a point... LP> that the developer never really was interested in your age since he LP> doesn't have any procedure for verifying it. This was a key question in LP> his response that he avoided answering. Yeah. The whole thing was hokey. ... Don't forget to remind me about ..... uhm.... well..ah... -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBL0qHlLf8VAamwaxpAQG2sQP+LhKJEuiNuqlZaHxSeMdlzHvqUwOQe9Hj b6HoXc2O+OOMn2wOuNgGxsUhp2ib6yQHUaQ12bDYj1E5h9/OW9vgblahjNC4/QH1 H6z99MPdxedf8ZMuXwhQ6e6qQ9lU/rLVK+f/P3mWgdK2cOXyKJVAFu1IGOOjnfch OVgb+F8r9PQ= =Sw6p -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Richard Dale Area: Public Key Encryption To: Glen Todd 21 Feb 95 16:05:10 Subject: Can I Freq Pgp? UpdReq GT>*I don't know that complete transparency is the ticket -- too much chance of GT>*leaving something unprotected by mistake -- but I'd definitely like to see a This is true. I tend to forget that I play with PGP, ZIP and UU encoders every day, so I'm fairly familiar with the precautions of working on a copy of a file, not leaving the password in the environment, etc. I would say it would be incredibly dangerous to put PGP in the hands of about 90% of the people I've ever met who work with a computer. * 1st 2.00b #567 * Saddam Hussein still has his job. Do you? 201434369420143436942014343694201434369420143436942014343694718 From: Shawn McMahon Area: Public Key Encryption To: David K. M. Klaus 22 Feb 95 11:24:08 Subject: PGP-related filename conventions in FidoNetUpdReq Despite the stern warnings of the tribal elders, David K. M. Klaus said this to Christopher Baker: DKMK> What about PGP for the 8-bit Apple II and the Apple DKMK> IIgs? We unreconstructed Apple II users like DKMK> communications privacy, too, y'know. DKMK> Is there a C compiler available? (Before anybody laughs, be advised that I used to do Modula 2 homework on an Apple ][+, long ago.) 201434369420143436942014343694201434369420143436942014343694718