OpenBCM V1.07b12 (Linux)

Packet Radio Mailbox

DB0FHN

[JN59NK Nuernberg]

 Login: GUEST





  
DL1NC  > PGP      06.07.02 13:12l 49 Lines 2200 Bytes #999 (0) @ WW
BID : 27CDB0ZKA009
Read: DB0FHN DG8NGN GUEST DL7NDR
Subj: Re:public-key.ASC, how?
Path: DB0FHN<DB0ZWI<DB0CHZ<OK0PKL<DB0MRW<DB0BOX<DB0ZKA
Sent: 020702/1353z @:DB0ZKA.#BAY.DEU.EU [Augsburg JN58ki] bcm1.44k
From: DL1NC @ DB0ZKA.#BAY.DEU.EU  (Robert)
To:   PGP @ WW
X-Info: Received from 213.7.146.124 by HTTP-frontend

Hello Ian,

>I recently dug out a floppy containing pgp2.6.2i. Among other things it
>contains public keys in the format callsign.ASC.

oh wow, quite an old version. Most people now use PGP 6.5.8 (Windows) or GPG
1.0.6 (Unix). PGP7 is closed-source, so not appropriate.

>I can't find anything in the docs about how to create a G0TEZ.ASC.

.asc just means "ASCII armored", i.e. 7 bit data. gpg gives this with the -a
flag added. I'm not sure, which flag pgp 2.6.x needs, but it could be the same.

>The floppy dates back to when people were signing packet messges with a
>pgp signature. I think that sysops decided that, even with a public key,
>this was breaking the rules on encryption so it never caught on.

Here in Germany, signing your messages is becoming common practice. There has
been too much callsign abusage been going on. BBS-passwords are too insecure
and/or require too much work for the sysop.

We have started a CA (certifying authority) for ham's keys in DL. Show us your
fingerprint, ID and radio license and receive a signature. Since we can't verify
forign documents, we have restrained our efforts to DL. Information about that
is available (in German only) in board PGP@DL and on
http://1409.org/projects/pgpca/ .

I have heard of GB-sysops deleting PGP-signed mails because they contained
"encrypted data". Well, there are two ways of using PGP:

  * encrypting data (only the intended receiver can decrypt it)
  * signing data (everybody can verify that the mails comes from the
    named sender).

Of course, in ham radio we __only__ use the second function. The first function
is illegal, no discussion.

Now if you take an exact look at how a signature is created, then you'll see
that PGP generates a hash over your message and encrypts it in a way that only
your private key can. Everybody out there can take this signature, decrypt it
and compare it to the hash of the received message. If they match, then the
message was signed by the given key. So it *is* a kind of encryption, but not
the BadThing(TM) many people thought (still think?).

73, Robert
 


Read previous mail | Read next mail

 16.09.2025 20:37:01lGo back Go up