From Newsgroup: sci.crypt

Good evening ladies and gentlemen,

I have released a new version of mfv.

https://github.com/Ch1ffr3punk/mfv

It supports now, same as WKD for OpenPGP, a .well-known/yubicrypt/
directory. The advantage of this is that no third-parties can tamper
with yubicrypt certificates unnoticed, like it is possible with WKD/OpenPGP.

The advantage of yubicrypt ove OpenPGP is:

1. No learning curve required and easier to use than Kleopatra.

2. Not writing to an SSD when writing and encrypting messages.

3. One recipient only, like with postcards or letter writing,
so that the message is not encrypted to third-parties.

4. No metadata in encrypted payloads, like in OpenPGP, where you
have to use tricks, which won't work in Kleopatra.

5. A YubiKey is mandatory, so that yubicrypt users know that their
communication partners take security of private keys serious.

6. Key pair generation with Yubico Authenticator is easy and it
does not required key-id's like in OpenPGP with a full name
and email address etc. A nickname for the CN field is enough.

7. yubicrypt is aimed at elderly people, non-tech people or people
with a disability, which do not like the high learning curve of
OpenPGP.

8. public yubicrypt certificate filenames can be anything, like a
nickname etc. with the extension .crt.

9. yubicrypt is a portable app, so you can use it in an Internet
Caf|- or public library etc., stored on a USB stick.

And now an output session of mfvc (binaries for Windows and Linux
are available under Releases):

C:\Users\xxxxxxxxxxx\Desktop>mfvc oc2mx.net --dns --yubicrypt --save --download ====================================================================== DOWNLOADING PROOF FILES (Mode: normal) ======================================================================
Server URL: https://oc2mx.net

Trying: https://oc2mx.net/.well-known/mfv/merkle_metadata.json ... rLo
Trying: https://oc2mx.net/.well-known/mfv/merkle_metadata.json.ots ... rLo Trying: https://oc2mx.net/.well-known/mfv/dns.txt ... rLo
Trying: https://oc2mx.net/.well-known/mfv/dns.txt.ots ... rLo ----------------------------------------------------------------------
Proof Files Summary:
Mode: normal
Files downloaded: 4
Total size: 4.5 KiB
Downloaded files:
rCo merkle_metadata.json
rCo merkle_metadata.json.ots
rCo dns.txt
rCo dns.txt.ots

====================================================================== DOWNLOADING yubicrypt CERTIFICATES ====================================================================== Downloading yubicrypt: .well-known/yubicrypt/ch1ffr3punk.crt ... rLo Downloading yubicrypt: .well-known/yubicrypt/ch1ffr3punk.crt.ots ... rLo

yubicrypt Download Summary:
Files downloaded: 2
Total size: 1.8 KiB
Downloaded files:
rCo .well-known/yubicrypt/ch1ffr3punk.crt
rCo .well-known/yubicrypt/ch1ffr3punk.crt.ots

yubicrypt files downloaded: 2

====================================================================== CONTINUING WITH VERIFICATION (--dns/--save specified) ======================================================================
Starting STRICT verification of: https://oc2mx.net (Mode: normal)
URL Domain: oc2mx.net
STRICT MODE: No domain migration allowed
SECURITY NOTE: Only .well-known/yubicrypt/ is verified from .well-known/
All other .well-known/ contents are excluded for security ----------------------------------------------------------------------
Querying DNS for Merkle hash...
DNS hash found: 6f8c047a4cfd27a6e927dee653f99eb304a4d3cf

Fetching metadata from server...
Metadata found. Created: 2026-04-03 18:40:10 UTC (Unix ET: 1775241610) Original file count: 13 (included)
Metadata domain: oc2mx.net
Excluded files: 4

Collecting current files from server...

====================================================================== yubicrypt CERTIFICATE VERIFICATION ======================================================================
1 yubicrypt certificate(s) found with respective .ots file(s)

RIPEMD-160 hashes:
1. bf828af51027ea9c740adba0406ab93d5c42fc95 (.well-known/yubicrypt/ch1ffr3punk.crt)
====================================================================== Calculating hashes and Merkle root...

Performing STRICT hash verification... ====================================================================== VERIFICATION SUCCESSFUL ======================================================================
Server URL: https://oc2mx.net
Verification Date: 2026-04-03 19:44:53 UTC (Unix ET: 1775245493)
URL Domain: oc2mx.net
Metadata Domain: oc2mx.net
Excluded Files: 4

STATUS: All files unchanged and domain binding correct.
NOTE: 4 files excluded from verification (including most .well-known/)

DOMAIN VERIFICATION (STRICT MODE): ----------------------------------------------------------------------
URL Domain: oc2mx.net
Metadata Domain: oc2mx.net
Domain Match: Perfect

HASH VERIFICATION: ----------------------------------------------------------------------
Original Root Hash: 6f8c047a4cfd27a6e927dee653f99eb304a4d3cf
Calculated Merkle Root: 8ef4fda05034359846b1c0a712de05fe21e44d1d
Calculated Final Hash: 6f8c047a4cfd27a6e927dee653f99eb304a4d3cf (with domain: oc2mx.net)
Root Hash Match: true
Metadata Created: 2026-04-03 18:40:10 UTC (Unix ET: 1775241610)
Original File Count: 13 (included)
Current File Count: 13 (included)
Excluded Paths: 4 (not verified)
Original Total Size: 25.8 KiB
Current Total Size: 25.8 KiB

DNS VERIFICATION: ----------------------------------------------------------------------
DNS Hash: 6f8c047a4cfd27a6e927dee653f99eb304a4d3cf
DNS Source: dns
DNS Query Time: 2026-04-03 19:44:54 UTC (Unix ET: 1775245494)
DNS Hash Valid: true
DNS Hash Match: true

UNCHANGED FILES: 13 files ======================================================================
FINAL VERDICT: VERIFICATION SUCCESSFUL
All files are intact and domain binding is correct.
yubicrypt certificates are included in the integrity check. ======================================================================

Detailed verification report saved to: verification_oc2mx_net_20260403_194453.json

C:\Users\xxxxxxxxxxx\Desktop>

I hope you like mfv and mfvc and of course the easy to use yubicrypt!

Regards
Stefan
--
https://oc2mx.net
--- Synchronet 3.21f-Linux NewsLink 1.2

From Newsgroup: sci.crypt

Stefan Claas wrote:

The advantage of yubicrypt ove OpenPGP is:

1. No learning curve required and easier to use than Kleopatra.

2. Not writing to an SSD when writing and encrypting messages.

3. One recipient only, like with postcards or letter writing,
so that the message is not encrypted to third-parties.

4. No metadata in encrypted payloads, like in OpenPGP, where you
have to use tricks, which won't work in Kleopatra.

5. A YubiKey is mandatory, so that yubicrypt users know that their
communication partners take security of private keys serious.

6. Key pair generation with Yubico Authenticator is easy and it
does not required key-id's like in OpenPGP with a full name
and email address etc. A nickname for the CN field is enough.

7. yubicrypt is aimed at elderly people, non-tech people or people
with a disability, which do not like the high learning curve of
OpenPGP.

8. public yubicrypt certificate filenames can be anything, like a
nickname etc. with the extension .crt.

9. yubicrypt is a portable app, so you can use it in an Internet
Caf|- or public library etc., stored on a USB stick.

10. Optional message padding with 4KB blocks (ISO conform),
so that third-parties can not guess the length of the message
content.

11. No "kindergarden" old fashioned WoT, as yubicrypt users
in the EU can eIDAS certify their public yubikey encryption
or signing certificate. See:

<https://github.com/Ch1ffr3punk/yubicrypt/releases/download/v0.2.0/yubisigner-signing-certificate-eIDAS-certified.pdf>
--
Regards
Stefan

--- Synchronet 3.21f-Linux NewsLink 1.2

From Newsgroup: sci.crypt

Nym Mail wrote:

Stefan Claas wrote:

The advantage of yubicrypt ove OpenPGP is:

1. No learning curve required and easier to use than Kleopatra.

2. Not writing to an SSD when writing and encrypting messages.

3. One recipient only, like with postcards or letter writing,
so that the message is not encrypted to third-parties.

4. No metadata in encrypted payloads, like in OpenPGP, where you
have to use tricks, which won't work in Kleopatra.

5. A YubiKey is mandatory, so that yubicrypt users know that their
communication partners take security of private keys serious.

6. Key pair generation with Yubico Authenticator is easy and it
does not required key-id's like in OpenPGP with a full name
and email address etc. A nickname for the CN field is enough.

7. yubicrypt is aimed at elderly people, non-tech people or people
with a disability, which do not like the high learning curve of
OpenPGP.

8. public yubicrypt certificate filenames can be anything, like a
nickname etc. with the extension .crt.

9. yubicrypt is a portable app, so you can use it in an Internet
Caf|- or public library etc., stored on a USB stick.

10. Optional message padding with 4KB blocks (ISO conform),
so that third-parties can not guess the length of the message
content.

11. No "kindergarden" old fashioned WoT, as yubicrypt users
in the EU can eIDAS certify their public yubikey encryption
or signing certificate. See:

<https://github.com/Ch1ffr3punk/yubicrypt/releases/download/v0.2.0/yubisigner-signing-certificate-eIDAS-certified.pdf>

12. Collecting of public keys not required when verifying signatures.
--
https://oc2mx.net
--- Synchronet 3.21f-Linux NewsLink 1.2