| Sysop: | Amessyroom |
|---|---|
| Location: | Fayetteville, NC |
| Users: | 27 |
| Nodes: | 6 (0 / 6) |
| Uptime: | 40:27:58 |
| Calls: | 631 |
| Calls today: | 2 |
| Files: | 1,187 |
| D/L today: |
24 files (29,813K bytes) |
| Messages: | 174,392 |
--- Digital Signature ---lFaF8vuqkeG5WfHyF9e9UT5wbeLMbU6SIR2dwHrQiBjxipUckMNcB==
OThxFc450sbAOrCMzbb72qQ7lehFySEQ/
A PGP public sig is much too large to use.
Sample of what I see signing a usenet post.
--- Digital Signature ---lFaF8vuqkeG5WfHyF9e9UT5wbeLMbU6SIR2dwHrQiBjxipUckMNcB==
OThxFc450sbAOrCMzbb72qQ7lehFySEQ/
?
A PGP public sig is much too large to use.
Sample of what I see signing a usenet post.
--- Digital Signature ---lFaF8vuqkeG5WfHyF9e9UT5wbeLMbU6SIR2dwHrQiBjxipUckMNcB==
OThxFc450sbAOrCMzbb72qQ7lehFySEQ/
?
A PGP public sig is much too large to use.
Sample of what I see signing a usenet post.
--- Digital Signature ---lFaF8vuqkeG5WfHyF9e9UT5wbeLMbU6SIR2dwHrQiBjxipUckMNcB==
OThxFc450sbAOrCMzbb72qQ7lehFySEQ/
The GNU Privacy Handbook[end quoted plain text]
Chapter 1. Getting Started
Making and verifying signatures
A digital signature certifies and timestamps a document. If the document is >subsequently modified in any way, a verification of the signature will fail. A >digital signature can serve the same purpose as a hand-written signature with the
additional benefit of being tamper-resistant. The GnuPG source distribution, for
example, is signed so that users can verify that the source code has not been >modified since it was packaged.
Creating and verifying signatures uses the public/private keypair in an >operation different from encryption and decryption. A signature is created using
the private key of the signer. The signature is verified using the corresponding
public key. For example, Alice would use her own private key to digitally sign >her latest submission to the Journal of Inorganic Chemistry. The associate editor
handling her submission would use Alice's public key to check the signature to >verify that the submission indeed came from Alice and that it had not been >modified since Alice sent it. A consequence of using digital signatures is that
it is difficult to deny that you made a digital signature since that would imply
your private key had been compromised.
The command-line option --sign is used to make a digital signature. The document
to sign is input, and the signed document is output.
alice% gpg --output doc.sig --sign doc
You need a passphrase to unlock the private key for
user: "Alice (Judge) <alice@cyb.org>"
1024-bit DSA key, ID BB7576AC, created 1999-06-04
Enter passphrase:
The document is compressed before signed, and the output is in binary format. >Given a signed document, you can either check the signature or check the >signature and recover the original document. To check the signature use the -- >verify option. To verify the signature and extract the document use the --decrypt
option. The signed document to verify and recover is input and the recovered >document is output.
blake% gpg --output doc --decrypt doc.sig
gpg: Signature made Fri Jun 4 12:02:38 1999 CDT using DSA key ID BB7576AC
gpg: Good signature from "Alice (Judge) <alice@cyb.org>"
Clearsigned documents
A common use of digital signatures is to sign usenet postings or email messages.
In such situations it is undesirable to compress the document while signing it.
The option --clearsign causes the document to be wrapped in an ASCII-armored >signature but otherwise does not modify the document.
alice% gpg --clearsign doc
You need a passphrase to unlock the secret key for
user: "Alice (Judge) <alice@cyb.org>"
1024-bit DSA key, ID BB7576AC, created 1999-06-04
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[...]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v0.9.7 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjdYCQoACgkQJ9S6ULt1dqz6IwCfQ7wP6i/i8HhbcOSKF4ELyQB1
oCoAoOuqpRqEzr4kOkQqHRLE/b8/Rw2k
=y6kj
-----END PGP SIGNATURE-----
Detached signatures
A signed document has limited usefulness. Other users must recover the original
document from the signed version, and even with clearsigned documents, the signed
document must be edited to recover the original. Therefore, there is a third >method for signing a document that creates a detached signature. A detached >signature is created using the --detach-sig option.
alice% gpg --output doc.sig --detach-sig doc
You need a passphrase to unlock the secret key for
user: "Alice (Judge) <alice@cyb.org>"
1024-bit DSA key, ID BB7576AC, created 1999-06-04
Enter passphrase:
Both the document and detached signature are needed to verify the signature. The
--verify option can be to check the signature.
blake% gpg --verify doc.sig doc
gpg: Signature made Fri Jun 4 12:38:46 1999 CDT using DSA key ID BB7576AC
gpg: Good signature from "Alice (Judge) <alice@cyb.org>"
Encrypting and decrypting documents
GnuPG public key repositories are online services where users can upload and >share their public keys, allowing others to encrypt messages or verify >signatures. These repositories help facilitate secure communication by enabling[end quoted "search assist"]
users to find and import public keys easily. linuxbabe.com jfrog.com
GnuPG Public Key Repository Overview
GnuPG (GNU Privacy Guard) is a tool for secure communication and data storage. >It uses a public-private key pair for encryption and signing. Public keys can be
shared and are stored in public key repositories.
Key Repositories
GnuPG supports various public key servers where users can upload and retrieve >public keys. Here are some popular options:
Keyserver Name Description
hkps://keyserver.ubuntu.com Default keyserver for Ubuntu users certserver.pgp.com A widely used keyserver for key exchange keys.openpgp.org A general-purpose keyserver for OpenPGP keys
Using Public Key Repositories
1. Importing a Public Key: You can import a public key from a keyserver using
the command:
gpg --keyserver <keyserver-url> --recv-keys <key-id>
2. Sending Your Public Key: To share your public key, use:
gpg --keyserver <keyserver-url> --send-keys <key-id>
3. Verifying Keys: Always verify the fingerprint of a public key with the owner
to ensure its authenticity. Use:
gpg --fingerprint <user-id>
Best Practices
Personal Distribution: Ideally, share your public key directly with contacts.
Email Verification: When uploading your key, verify your email to allow others
to find your key by email address.
Using GnuPG and its public key repositories enhances security in digital >communications.
jfrog.com linuxbabe.com
A PGP public sig is much too large to use.-----BEGIN PGP SIGNED MESSAGE-----
On 10/12/25 12:54, Fritz Wuehler wrote:
A PGP public sig is much too large to use.
If your PGP key is the newer type ECC (Elliptic-curve cryptography)
you will notice the signature blurb is much smaller in size than
that generated by the older RSA keys.<snip>
But far more important than the size of a signature
is to provider your recipient with a way to verify it.
A PGP sgnature can only be verified if the author's
PGP public key is made available for the reader.
A PGP public sig is much too large to use.
Sample of what I see signing a usenet post.
--- Digital Signature ---lFaF8vuqkeG5WfHyF9e9UT5wbeLMbU6SIR2dwHrQiBjxipUckMNcB==
OThxFc450sbAOrCMzbb72qQ7lehFySEQ/
?
In article <1c16decf7cc3cc14784afa80cd176c08@msgid.frell.theremailer.net> Fritz Wuehler <fritz@spamexpire-202510.rodent.frell.theremailer.net> wrote:
A PGP public sig is much too large to use.
Sample of what I see signing a usenet post.
--- Digital Signature ---lFaF8vuqkeG5WfHyF9e9UT5wbeLMbU6SIR2dwHrQiBjxipUckMNcB==
OThxFc450sbAOrCMzbb72qQ7lehFySEQ/
?
Thanks all for aswering. I'm figuring it all out.