radiosilence
commented
13 years ago Is there a user key required with PGP? I think it could be a great usage of local storage if there's a JS library to handle it once configured.
Open Natanael90 opened 13 years ago
radiosilence
commented
13 years ago Is there a user key required with PGP? I think it could be a great usage of local storage if there's a JS library to handle it once configured.
radiosilence
commented
13 years ago Essentially what I'll do is PGP comments will be hidden by default with a notice saying something like "there are PGP comments in this thread, please configure PGP/enable JS)
Natanael90
commented
13 years ago Huh? I'm not entirely sure on what you are asking for. Of course there has to be at least one keypair involved.
Here's what to look for:
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: [Software name]
[Long block of base64] -----END PGP PUBLIC KEY BLOCK-----
Note that there can be more then just "Version:" at the top, and that it's not always there either. Signature:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
[Message]
-----BEGIN PGP SIGNATURE----- Version: PGP Universal 1.2.2
[base64 encoded signature] -----END PGP SIGNATURE-----
The signatures don't need to be "connected" to teh message that way. The same note about version data applies.
There are no need to hide the encrypted messages completely, just "collapse" them. Like this: http://roshanbh.com.np/examples/exapandable-panel/
radiosilence
commented
13 years ago So essentially anyone that had "set up" PGP would be able to decrypt the message, and it would be more to demonstrate identity? James
On 7 June 2011 14:02, Natanael90 < reply@reply.github.com>wrote:
Huh? I'm not entirely sure on what you are asking for. Of course there has to be at least one keypair involved.
Here's what to look for:
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: [Software name]
[Long block of base64] -----END PGP PUBLIC KEY BLOCK-----
Note that there can be more then just "Version:" at the top, and that it's not always there either. Signature:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
[Message]
-----BEGIN PGP SIGNATURE----- Version: PGP Universal 1.2.2
[base64 encoded signature] -----END PGP SIGNATURE-----
The signatures don't need to be "connected" to teh message that way. The same note about version data applies.
There are no need to hide the encrypted messages completely, just "collapse" them. Like this: http://roshanbh.com.np/examples/exapandable-panel/
Reply to this email directly or view it on GitHub: https://github.com/radiosilence/wire/issues/13#comment_1315538
radiosilence
commented
13 years ago I guess the great thing about using JS is that my system can be agnostic as to whatever is thrown at it :) James
On 7 June 2011 14:03, James Cleveland jamescleveland@gmail.com wrote:
So essentially anyone that had "set up" PGP would be able to decrypt the message, and it would be more to demonstrate identity? James
On 7 June 2011 14:02, Natanael90 < reply@reply.github.com>wrote:
Huh? I'm not entirely sure on what you are asking for. Of course there has to be at least one keypair involved.
Here's what to look for:
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: [Software name]
[Long block of base64] -----END PGP PUBLIC KEY BLOCK-----
Note that there can be more then just "Version:" at the top, and that it's not always there either. Signature:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
[Message]
-----BEGIN PGP SIGNATURE----- Version: PGP Universal 1.2.2
[base64 encoded signature] -----END PGP SIGNATURE-----
The signatures don't need to be "connected" to teh message that way. The same note about version data applies.
There are no need to hide the encrypted messages completely, just "collapse" them. Like this: http://roshanbh.com.np/examples/exapandable-panel/
Reply to this email directly or view it on GitHub: https://github.com/radiosilence/wire/issues/13#comment_1315538
Natanael90
commented
13 years ago Uh, encrypted PGP messages can only be decrypted by the intended recipient. If I give you my public key and you encrypt something to it, only I can decrypt it. That's the point with this whole public/private key thing, and also why it's called asymmetric.
Signatures are usually used to prove that it was you who wrote the message.
(You SERIOUSLY have to read up on security and crypto. I'm afraid you're going to get half of everything wrong.)
radiosilence
commented
13 years ago Aye, fair enough. So I guess PGP would be limited to direct messages. Can PGP messages be sent to lots of people? I'll do some reading but I'm fucking hung over today, but don't worry I have like 2 months with fuck all to do except code things so I'll get it done. James
On 7 June 2011 14:10, Natanael90 < reply@reply.github.com>wrote:
Uh, encrypted PGP messages can only be decrypted by the intended recipient. If I give you my public key and you encrypt something to it, only I can decrypt it. That's the point with this whole public/private key thing, and also why it's called asymmetric.
Signatures are usually used to prove that it was you who wrote the message.
(You SERIOUSLY have to read up on security and crypto. I'm afraid you're going to get half of everything wrong.)
Reply to this email directly or view it on GitHub: https://github.com/radiosilence/wire/issues/13#comment_1315577
Natanael90
commented
13 years ago There are several ways.
One is to just sign it. Then those who have your public key will be able to confirm you wrote the text.
If you want encryption, there are several ways: One: For short messages, encrypt it several times and publish each encrypted version for every person you are sending it to. Two: For long messages, encrypt the message with an AES key, publish the AES encrypted message, and encrypt the key with each persons public PGP key. Then you have only one long encrypted message, and the key that is relatively short (256 bits = 64 hexadecimal characters) is repeated for each person..
There are many easy to do it.
radiosilence
commented
13 years ago That makes sense. Would you be willing to work on some of the JS once I get started with it? :) James
On 7 June 2011 14:18, Natanael90 < reply@reply.github.com>wrote:
There are several ways.
One is to just sign it. Then those who have your public key will be able to confirm you wrote the text.
If you want encryption, there are several ways: One: For short messages, encrypt it several times and publish each encrypted version for every person you are sending it to. Two: For long messages, encrypt the message with an AES key, publish the AES encrypted message, and encrypt the key with each persons public PGP key. Then you have only one long encrypted message, and the key that is relatively short (256 bits = 64 hexadecimal characters) is repeated for each person..
There are many easy to do it.
Reply to this email directly or view it on GitHub: https://github.com/radiosilence/wire/issues/13#comment_1315615
Natanael90
commented
13 years ago I'm not so good on the coding part yet. Have never really gotten started with that yet. I do understand the concepts and stuff though. I guess I could get something working.
radiosilence
commented
13 years ago That's cool, I've been doing the code for a while so I guess you could be helpful in making sure I'm implementing the concepts right :) James
On 7 June 2011 14:23, Natanael90 < reply@reply.github.com>wrote:
I'm not so good on the coding part yet. Have never really gotten started with that yet. I do understand the concepts and stuff though. I guess I could get something working.
Reply to this email directly or view it on GitHub: https://github.com/radiosilence/wire/issues/13#comment_1315652
See the encrypted comment here: http://wire.0xf.nl/event/5
PGP signatures/encrypted messages always use the same formatting and should be detected. I think that most of them should be "collapsed" by default, since they can be large. There should be an "expand all" option though, that could be useful for people who use addons like FireGPG.