Closed bloat closed 10 years ago
maxtaco
commented
10 years ago I whipped this up on OSX. sig is the file that has the signature in it. Tested on my twitter proof.
BTW, I think your mistake is that you have to convert the output of shasum back to binary, which i did below via xxd -r.
cat sig | gpg --dearmor | shasum -b -a256 | awk ' { print "0:", $1 } ' | xxd -g0 -r -c256 | base64 | head -c 36
bloat
commented
10 years ago That works on Linux too. Thanks very much for the quick response! It'd be great to see that on the website at some point.
Thanks Andrew
maxtaco
commented
10 years ago Good idea! On Oct 8, 2014 5:36 PM, "Andrew Cowper" notifications@github.com wrote:
That works on Linux too. Thanks very much for the quick response! It'd be great to see that on the website at some point.
Thanks Andrew
— Reply to this email directly or view it on GitHub https://github.com/keybase/keybase-issues/issues/1126#issuecomment-58431927 .
ghost
commented
10 years ago Why are you converting back and fourth? ASCII -> binary -> hex -> binary -> base64
At least the first binary (dearmor) could have been let while maintaining a working chain with maximum information of the hash
maxtaco
commented
10 years ago @dtiersch, are you asking as a general question about how twitter (and DNS and HackerNews) signature shortening works, or how it was done with this shell pipeline?
ghost
commented
10 years ago I'm more interested in why this rather long pipeline was chosen, there are certainly more direct ways to get a verification string, eg.
cat sig | shasum -a256 | head -c 36as the most intuitive one
maxtaco
commented
10 years ago I think the gpg --dearmor step is key, because all of the framing and GPG comments, and even the checksum, don't really provide any additional information. So dearmor strips all of them out. It also makes the hash operation indifferent to changes in whitespace that base64-decoding ignores. If we took the hash over the base64-decoding, then we'd likely see weird failures on Windows (\r\n) or something.
We wanted the hash to be in base64 so we could fit as much as possible into a tweet (hah, it should have been base256-encoding over UT8-characters). So we could have taken the base64 of the sha256 hex output, but that seemed weird to me.
If you did this programmatically in Python or node it would be fewer steps and more natural, I think.
Hi Keybase
I'd like to manually verify a tweet. I have got the public key from keybase, and I can decrypt the cyphertext from the link in the tweet.
The question is, how to go from the cyphertext to the hash in the tweet?
The proof says: "the first 27 bytes, web safe, of base64(SHA-256(binary(contents)))"
Its not clear to me exactly how to go about doing this on a linux command line. I've tried using gpg --dearmor, followed by sha256sum, followed by base64 - but the hash did not come out the same.
Any hints?
I think it would be good to have detailed instructions on how to do these steps so we do not have to rely on keybase's client to verify and use keys.
Thanks very much Andrew Cowper