Re: HELP...posting "self-decrypting" PGP message question???

vedaal_at_hush.com
Date: 10/19/04


Date: 18 Oct 2004 15:39:14 -0700

whoknows@idon'tknow.com wrote:

...
] I specificly want to post to a BBS on the web, not to Usenet. On
the Board
 I want to post to you can't post EXE. files. I am hopeing to post a
PGP
 message and have it self-decrpyt when it reaches the board so anyone
 visiting the board can read the message in plain text.

 Also, I was hopeing to add my PGP signature to my "self-decrypting"
PGP
 post on the board.

 I use PGP 8.01
...

if your message is going to be viewed by people who don't use pgp,
then your pgp signature is not helpful, and may even be confusing or
annoying

if your bbs people all use pgp,
then you can just 'clear-sign' the message,
and even non-pgp users can read it, but only pgp/gnupg users can
verify it

or, if really *all* the users have pgp/gnupg,
then there is something else that can do, that you call
'self-decrypting',
but in reality, it is only 'self-de-armoring'

you can make an 'armored signed message' that is an ascii message
block
of 64 characters/line that can be 'automatically'
be verified from the pgp 'current window'

it is automatically 'de-armored' and is displayed by pgp or gnupg
front ends,
and includes your signature, but requires a hex editor or other tools
to read it, if pgp/gnupg is not being used.

here is an example:

-----BEGIN PGP MESSAGE-----
Version: PGP 8.1 (key id: 0x85306D25 user id: vedaal@hush.com)
Comment: armored signed message, plaintext: 1234

owEBKwHU/okBFQMFAEF0O5hqBaC3hTBtJQEB/uYH/jgxJ06eYZsCIhRPhH4iDPVs
gL96P8ATZ/RRqhCY3DdeevcxVMEM4R1WSIPuqL4K/BVcc5FWZZsdm536sEcdVFPl
svtIDTmTJBfTvfD9Ajng9NMjIWmX5B5Edqw7qhWe+1tfdiOXvUmmR8DO3oP5IIGi
6S8f13WDSyhWXzzNa2qdTqHYNZPL+zD61fbO7jGF+rZXeKjC7BWloyQKO8keJWly
6UeP5qPak5v2q0c1vhPNdRc1rARNw0y8yJmt5IR6GtBO/uG+UWGzro2wiCnmUEuE
mBmBylVZ0svLBNvhb6g1dhlzfYY/LNnao9fSQDHncbNMKHtxliRB5EF1MrlF1SSs
EWIHcHQxLmFzYwAAAAAxMjM0
=9PmS
-----END PGP MESSAGE-----

the characters 'ow' at the beginning of the message block identify
it as an armored signed message

if you view it from the pgp 'current window',
pgp will try to download the key from the keyserver and then display
the
de-armored verified message.

if you interrupt pgp from connecting to the keyserver,(or if pgp can't
find the key,)
it will still display the message, but won't be able to verify it

although it is very easy to create armored signed messages from gnupg,
it is a little difficult to create this type of message in pgp 8.1,
as it can't be done from the current window,

but can still be done as follows:

[1] compose your message in notepad, and instead of saving it as a
.txt,
save it as *any* other extension
(for purposes of illustration, save it as message.asc )

[2] 'sign' message.asc from pgpmail

[3] in the pgpmail signing window,
check the following box: Text Output
and uncheck the box: Detached Signature

[4] your armored signed file will be saved as message.asc.asc
and is openable in notepad under the 'all files' setting

such questions are routinely dealt with and welcomed,
in the pgp newsgroups:
alt.security.pgp or comp.security.pgp.discuss

hth,
vedaal



Relevant Pages