Collaborate Disseminate
The use-case is as follows:
There is a signer that have a claim or document D who wants any client to be able to verify that D has not been tampered with.
I suppose one way to do this is to use assymetric encryption where: E = encrypt(D, K… Continue reading Encrypting content with assymetric key pairs as a form of signing
Problem
For some reason I forgot the passphrase for my GnuPG signing subkey, but I have my master key stored in a separate device. Is there a way to regain access to my subkey? Or should I replace my old subkey with a new one hoping the ol… Continue reading Reset forgotten subkey password using master key?
Scenario A: Suppose I have an .exe file, the provider offers a sha1 txt file with hash value and this txt file is gpg signed. So I check if the hash value matches the exe file and then download the key either from the keyserver or directly… Continue reading Is it normal, that some companies just sign the txt file which contains the sha value of the program?
When one desires to share their public key openly, besides sharing just the key itself:
How does one verify that the key belongs to who it claims to be owned by?
What is the use case of the key’s fingerprint?
Is there a benefit to create … Continue reading Best practices for verifying authenticity of public key
I know about the trust web in PGP. When you sign a key, everybody that trusts you will trust the person with that key. But what is the point of self-signing a key when anybody else can do that with his own key-pair?
Continue reading Why a public key must be signed with its private pair in PGP
I don’t know much about how yubikeys work, but I’m trying to sign a commit with one of them and I don’t even know how to debug the problem. I got:
gpg –list-keys
/home/lz/.gnupg/pubring.kbx
—————————
pub ed25519 2018-1… Continue reading Can’t sign commit with yubikey, GPG missing something
I’m currently attempting to setup my personal GPG key suite for the next few years, and I’m running into a question I don’t have a ready answer for. I own 3 yubikeys, Primary/Secondary/Offsite Backup. I’d like to put a different GPG key on… Continue reading Managing multiple GPG keys
We started with openssl dgst to sign and verify packages successfully. Then we thought we should do a timestamped signatures. That’s when the process is bit unclear.
We used the openssl ts commands to independently produce and verify signa… Continue reading Using Openssl for Package signing with timestamp
I am testing several PKCS12 keystores with ECC type keys, generated by a CA with RSA key, to sign PDF documents. I have also tested with my own certificates from a demo CA certificate. I use Adobe Acrobat Reader DC 2022.001.20085 on Window… Continue reading Adobe uses CA signature type as identifier on signatures created with user certificates
I am testing several PKCS12 keystores with ECC type keys, generated by a CA with RSA key, to sign PDF documents. I have also tested with my own certificates from a demo CA certificate. I use Adobe Acrobat Reader DC 2022.001.20085 on Window… Continue reading Adobe uses CA signature type as identifier on signatures created with user certificates