Forum: Too Lazy BBS

Who's Online
Recent Visitors
- Kawasu
  Thu Oct 16 10:17:15 2025
  from Mena, Ar via Telnet
- Geek2
  Thu Oct 16 06:39:58 2025
  from Euclid, Oh via Telnet
- Amr
  Tue Oct 14 21:13:21 2025
  from Fayetteville, Nc via Telnet
- Amr
  Tue Oct 14 20:34:34 2025
  from Fayetteville, Nc via Telnet

System Info

Sysop:	Amessyroom
Location:	Fayetteville, NC
Users:	27
Nodes:	6 (0 / 6)
Uptime:	43:09:56
Calls:	631
Calls today:	2
Files:	1,187
D/L today:	24 files (29,813K bytes)
Messages:	175,377

How does one create a digital sig to sign a post?

From Fritz Wuehler@fritz@spamexpire-202510.rodent.frell.theremailer.net to alt.privacy.anon-server,alt.privacy on Sun Oct 12 18:54:19 2025

From Newsgroup: alt.privacy

A PGP public sig is much too large to use.

Sample of what I see signing a usenet post.

--- Digital Signature ---
OThxFc450sbAOrCMzbb72qQ7lehFySEQ/

lFaF8vuqkeG5WfHyF9e9UT5wbeLMbU6SIR2dwHrQiBjxipUckMNcB==

?

--- Synchronet 3.21a-Linux NewsLink 1.2

From Stefan Claas@bounce.me@radio-eriwan.ru to alt.privacy.anon-server,alt.privacy on Sun Oct 12 17:30:57 2025

From Newsgroup: alt.privacy

Fritz Wuehler wrote:

A PGP public sig is much too large to use.

Sample of what I see signing a usenet post.

--- Digital Signature ---
OThxFc450sbAOrCMzbb72qQ7lehFySEQ/

lFaF8vuqkeG5WfHyF9e9UT5wbeLMbU6SIR2dwHrQiBjxipUckMNcB==

?

This signature probably requires that you need the public
key to verify it.

Another approach with larger signatures is using yubicrypt,
which embedds the key in the signature, so that you don't
have to collect the keys and additionally yubicrypt shows
you an identicon, so that you know those come from your
friends. Thus allowing you anonymous signatures, when not
giving away the public key.

https://github.com/Ch1ffr3punk/yubicrypt

Regards
Stefan

-----BEGIN ED25519 SIGNATURE----- 1b3b2ffc05ffd4b3783442a628b27db14066ce48727e05480b476b7376a73e28 304c98578a89193305d5d69efa1ffd8477b91ef33a7d89ab46caa4a8d8c475e4 9a3185fc22bab88bf102f77ef91b3fcb5605c5377184bac12f47cd6cdb9e7f06
-----END ED25519 SIGNATURE-----
--
-y-+ -a-+-U-U-+-+ -U -+-A-#-+-#-i-A.

--- Synchronet 3.21a-Linux NewsLink 1.2

From SEC3@admin@sec3.net to alt.privacy.anon-server,alt.privacy on Sun Oct 12 15:13:44 2025

From Newsgroup: alt.privacy

On 10/12/25 12:54, Fritz Wuehler wrote:

A PGP public sig is much too large to use.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

If your PGP key is the newer type ECC (Elliptic-curve cryptography)
you will notice the signature blurb is much smaller in size than
that generated by the older RSA keys. See this signature.
-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQQFZEhMii49uusNvoXJTUIzVag4YwUCaOv8sQAKCRDJTUIzVag4 Y+CWAQC5AGLZRkzuqeZmuuu2deb6r2Ab8+kjNM52o/UipXX8SAEA/YQHuPGbM56m Z+xQaNBF8T0ERNNAPnwOUVPdrD9KqwI=
=7pJ0
-----END PGP SIGNATURE-----
--
SEC3

YAMN Help Tutorial - https://www.sec3.net/yamnhelp/
--- Synchronet 3.21a-Linux NewsLink 1.2

From SEC3@admin@sec3.net to alt.privacy.anon-server,alt.privacy on Sun Oct 12 15:40:50 2025

From Newsgroup: alt.privacy

On 10/12/25 15:13, SEC3 wrote:

On 10/12/25 12:54, Fritz Wuehler wrote:

A PGP public sig is much too large to use.

If your PGP key is the newer type ECC (Elliptic-curve cryptography)
you will notice the signature blurb is much smaller in size than
that generated by the older RSA keys.<snip>

But far more important than the size of a signature
is to provider your recipient with a way to verify it.
A PGP sgnature can only be verified if the author's
PGP public key is made available for the reader.

Mine can be downloaded here: <https://keys.openpgp.org/vks/v1/by-fingerprint/0564484C8A2E3DBAEB0DBE85C94D423355A83863>
--
SEC3

YAMN Help Tutorial - https://www.sec3.net/yamnhelp/
--- Synchronet 3.21a-Linux NewsLink 1.2

From Stefan Claas@bounce.me@radio-eriwan.ru to alt.privacy.anon-server,alt.privacy on Sun Oct 12 20:28:04 2025

From Newsgroup: alt.privacy

SEC3 wrote:

But far more important than the size of a signature
is to provider your recipient with a way to verify it.
A PGP sgnature can only be verified if the author's
PGP public key is made available for the reader.

But unfortunately this does not prove that they
key belongs to a person who claims it belongs to
him, if not publicity signed by third parties.

My yubicrypt certificates, for example, are eIDAS
certified, so that the whole world knows the keys
belong to me. An advantage IMHO the old PGP WoT
does not have.

<https://github.com/Ch1ffr3punk/my-yubicrypt-certificates/blob/main/my-yubicrypt-certificates.pdf_signed.pdf>
--
Regards
Stefan

--- Synchronet 3.21a-Linux NewsLink 1.2

From Fritz Wuehler@fritz@spamexpire-202510.rodent.frell.theremailer.net to alt.privacy.anon-server,alt.privacy on Mon Oct 13 16:27:52 2025

From Newsgroup: alt.privacy

In article <1c16decf7cc3cc14784afa80cd176c08@msgid.frell.theremailer.net>
Fritz Wuehler <fritz@spamexpire-202510.rodent.frell.theremailer.net> wrote:

A PGP public sig is much too large to use.

Sample of what I see signing a usenet post.

--- Digital Signature ---
OThxFc450sbAOrCMzbb72qQ7lehFySEQ/

lFaF8vuqkeG5WfHyF9e9UT5wbeLMbU6SIR2dwHrQiBjxipUckMNcB==

?

Thanks all for aswering. I'm figuring it all out.

--- Synchronet 3.21a-Linux NewsLink 1.2

From Stefan Claas@bounce.me@oc2mx.net to alt.privacy.anon-server,alt.privacy on Mon Oct 13 18:18:15 2025

From Newsgroup: alt.privacy

Fritz Wuehler wrote:

In article <1c16decf7cc3cc14784afa80cd176c08@msgid.frell.theremailer.net> Fritz Wuehler <fritz@spamexpire-202510.rodent.frell.theremailer.net> wrote:

A PGP public sig is much too large to use.

Sample of what I see signing a usenet post.

--- Digital Signature ---
OThxFc450sbAOrCMzbb72qQ7lehFySEQ/

lFaF8vuqkeG5WfHyF9e9UT5wbeLMbU6SIR2dwHrQiBjxipUckMNcB==

?

Thanks all for aswering. I'm figuring it all out.

You're welcome!

Regards
Stefan
--
https://tilde.club/~pollux/
--- Synchronet 3.21a-Linux NewsLink 1.2