Fresh Keys, Get 'em while they're hot! Get your Encryption here!

[Bebek Sincap Ratatosk]

yep it worked cool stuff....
now i need a noob explanation and "how-to" for truecrypt and Stego,  i will still be clueless, but clueless with more new toys to play with..

LAWL

Trucrypt is pretty easy especially for Windows users cause its all GUI. Their website has a lot of good how to stuff but if you hit any snags, post and ask, I'm sure one of us can figure it out

[fomenter]

i crashed my computer the last time i tried to download and figure it out, i will have to give it another try it may be better now..

[Bebek Sincap Ratatosk]

i crashed my computer the last time i tried to download and figure it out, i will have to give it another try it may be better now..

I'd recommend using it on a thumbdrive or something like that for your first time. Don't just jump straight to "Encrypt Everything!!!"

[fomenter]

i think i was trying to encrypt an external storage drive but who knows what i fucked up i may have done all manner of silly things in the name of click it and See what happens to figure it out 

i just took a look, their site seems easier to understand now..

[Triple Zero]

i will make a key soon, promise still reading the documentation that comes with GnuPG (i like to read docs before I use a program that I think is important).

question, where or how does the private key get stored? how secure is that? shouldnt I put the private key (encrypted) on a portable data carrier like a USB stick or something, and not keep it on my HD for extra security?

[Bebek Sincap Ratatosk]

i will make a key soon, promise still reading the documentation that comes with GnuPG (i like to read docs before I use a program that I think is important).

question, where or how does the private key get stored? how secure is that? shouldnt I put the private key (encrypted) on a portable data carrier like a USB stick or something, and not keep it on my HD for extra security?

The keys are stored in keyrings. secring.gpg and pubring.gpg. In *nix its under the .gnupg directory. I'm not sure about windows since I'm not in front of a Windows box ATM.

You can store them on a key fob, or create a 'secure disk' with Trucrypt on your local disk and store it in there. On my work system, I have PGPDisk and the keys live in a PGPDisk that I mount before I encrypt stuff and unmount when I'm done with it.

On linux I have a Trucrypt volume for that... but I might move over to a thumbdrive solution... it just makes it more tricky to integrate with a tool like FireGPG or similar... as they expect the keys to be available at some specific location... I didn't see anything on FireGPG that let you modify the location.

[Requia ☣]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

One of the nicer bits of this isn't even secrecy, but identity
verification.  Mods can't secrit edit my messages now.


Also a PiTA for me to edit them though, and smileys cause it to fail.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Use GnuPG with Firefox : http://getfiregpg.org (Version: 0.7.6)

iEYEARECAAYFAkpX0g0ACgkQVSQziwksKA2WwwCgzhPqqK4IBTwlvjZ4iXhpYRbN
f50AoLPKJhwLd/mCMi4hJs93/N0TOBuQ
=6NF3
-----END PGP SIGNATURE-----

[Requia ☣]

Rat can you read and identify this?

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Use GnuPG with Firefox : http://getfiregpg.org (Version: 0.7.6)

hQIOAydcdYwJEau/EAf/W9V0lwINk4s7h+ZX6B6+RMOIYpZJfw+NkiCf7cJkiPjX
ibnJl2hOuibsxKTXzwEtXg7801wALjKdc3cd9weFdhD7HTgLxz71GlPC5e1ctSD6
M9ferDqEWWorLYV/pxqgPtEp4WwBMCtr4dBw5Q32X5zfbUc+Oe/n6ktn0VEB6Px2
p94wVxU9/vNdYjupb73LFL2VMx8Ri3IxwLXdvcT41wBNxppUIMq6HyrWMcGIFnEr
x7rh02ZP/3f6adeBIdbA0P0dkevKikF6pT80fLGfWOlYiXi19VChh9DWOS4EYINY
XiztHREOgLuIZXv1iw8pBdrGdJdhUf8BeVqBMX751gf+PuQOPZ4h/l33MltPwd02
CQ37EunI/TQBjR/M4B8FObeTDd9MuO+Ye6WpzxVG+HbYxJr+Fm6vtv/TAGn25S5/
s64DBY3mmcdmf/qmsIwepR1ivWAnJ+rqLreLsK6hLrK495xDqclF//hbu1THQub3
WiVHIfHBcXUfuTDM0aoeBE+vN/ztEErVHRoQQed3GEAmI71Px8gi5y20D8tBGRrB
Dp7wiF10nd788YbhQBfG6wFPT8zF95HkS3rHe82da4jlwBmCIYHKi6buVwY73g3H
5Tb7vw1et80hKQVV050ATPcxLjx7qG1JdpVUGa1lFEarzgZ45Y/n7LL20Pin7Me/
DtK5AdUPiqzvg2Ys8DNTQinXxygAycGdnvMGZ3Nm34SaY00zQ+vFriVBvF2IoQU5
jlRm+3JzfthOS/Gr2AiWp5BbnNwhB0IUdaLpgVYFGNHt6TBvQ0jxAJ5jAUFsC15x
YUxsv/ptEBN9ywgwKciuksT98HxVDkmqlbBj3DAdhtkCyqG13xf5uze5kFuwz2LX
NuqE+CVNHrNOKUPZ5oqlvpJefQYZxd6jDB82O1zzVFLaTRvEIwv41tipD2Y=
=HXPQ
-----END PGP MESSAGE-----

[Bebek Sincap Ratatosk]

Rat can you read and identify this?

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Use GnuPG with Firefox : http://getfiregpg.org (Version: 0.7.6)

hQIOAydcdYwJEau/EAf/W9V0lwINk4s7h+ZX6B6+RMOIYpZJfw+NkiCf7cJkiPjX
ibnJl2hOuibsxKTXzwEtXg7801wALjKdc3cd9weFdhD7HTgLxz71GlPC5e1ctSD6
M9ferDqEWWorLYV/pxqgPtEp4WwBMCtr4dBw5Q32X5zfbUc+Oe/n6ktn0VEB6Px2
p94wVxU9/vNdYjupb73LFL2VMx8Ri3IxwLXdvcT41wBNxppUIMq6HyrWMcGIFnEr
x7rh02ZP/3f6adeBIdbA0P0dkevKikF6pT80fLGfWOlYiXi19VChh9DWOS4EYINY
XiztHREOgLuIZXv1iw8pBdrGdJdhUf8BeVqBMX751gf+PuQOPZ4h/l33MltPwd02
CQ37EunI/TQBjR/M4B8FObeTDd9MuO+Ye6WpzxVG+HbYxJr+Fm6vtv/TAGn25S5/
s64DBY3mmcdmf/qmsIwepR1ivWAnJ+rqLreLsK6hLrK495xDqclF//hbu1THQub3
WiVHIfHBcXUfuTDM0aoeBE+vN/ztEErVHRoQQed3GEAmI71Px8gi5y20D8tBGRrB
Dp7wiF10nd788YbhQBfG6wFPT8zF95HkS3rHe82da4jlwBmCIYHKi6buVwY73g3H
5Tb7vw1et80hKQVV050ATPcxLjx7qG1JdpVUGa1lFEarzgZ45Y/n7LL20Pin7Me/
DtK5AdUPiqzvg2Ys8DNTQinXxygAycGdnvMGZ3Nm34SaY00zQ+vFriVBvF2IoQU5
jlRm+3JzfthOS/Gr2AiWp5BbnNwhB0IUdaLpgVYFGNHt6TBvQ0jxAJ5jAUFsC15x
YUxsv/ptEBN9ywgwKciuksT98HxVDkmqlbBj3DAdhtkCyqG13xf5uze5kFuwz2LX
NuqE+CVNHrNOKUPZ5oqlvpJefQYZxd6jDB82O1zzVFLaTRvEIwv41tipD2Y=
=HXPQ
-----END PGP MESSAGE-----


Why yes, yes I could. And I agree with Mr. Barnum

[PeregrineBF]

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.9 (GNU/Linux)

mQGiBEYWuK0RBADX1yxRjhLFqHBwaZ3a1h6M932HU/Gfn5HbsHal3nG/cpRfR6pk
IitEn5aNeKSR8T6W2yJmGUWT8PZ0hu/ICln52DbIdLYoaefr+6IMJMKqE3fPz7Q+
uzhnmJ3lkcS9aysbijjAQ+9mqWnG10LL2U6blo/DcAUCEPk/Q1WFXNlf+wCg5ApZ
di4WUv9PfSLtTAzMdWtfSxsD/2+wBL5c7KHY4Am0lbX6hma5tcxGfwcEjpwMgwtG
6z91594hA8ylsqDD0uOCqIxr1K36yzpDaZWDiTum2542JakLLIc0jLFhVOzXJjhO
Y/sBshfmAvA+wQ4K3t7MrC+TLA7bsnCEod1VBX+4Jj5ZoGl/d0DYD/7Nr9SHbo+A
iRVdA/0ba0CI4hBrOjfQp1Vziwpey1n1+7MqCK6vWL1AVn4D5HcaHBxGT7rpIpsX
GHszDSjCMDepL3XX6Dt3VCU9YEbV4seesLH0YLXieojTIkw7UfuGAdnDg+2Ddg4F
+QKVKzrHQbSLVVfPrvupZUO1qqhddZx+xO3/VfCUiMUThwLtK7QrQ2FybCAiU0FJ
IiBNaXRjaGVsbCA8cGVyZWdyaW5lYmZAZ21haWwuY29tPohgBBMRAgAgBQJGFrit
AhsDBgsJCAcDAgQVAggDBBYCAwECHgECF4AACgkQf//iPmSrRDq/vwCeIqMbVkzX
o2Aeu8DuODCJKQriRVMAoJ06UdHugpCWXXafzE67Szyn+8jNuQINBEYWuK0QCACu
OHXBMqKKjVwxMXFwXYiLwAjdyp4TCax1HGA+tTRr/birkS933hR6d7r5GbtHzB6J
/sKihqM2oh+y4tC2q7S1XYeaW64Z62v4jzbeykA2z3zNYuwU9ZPgCDhH8boJ1Pmz
dea+0fjKCbocuOdfIdYH0iYIj21P5kK8tNzGUqDkGaBg7jhAh+HQCkwUp/Ogk5HD
Hj8hMuqUaV63XPPWnpFlDOTcd1SYEs5Olo8Db1Qc7b6hGNwHJUMNYToj5q7HfDeY
2UZet/LrUJK9T5ICVQL+zTDVYLTEnHijm8q+gG10tkdBn88kKJGv1YlaKjRkCXfs
er7dZNYjsxOw+kjr9qFbAAMFB/9cPJlPvcaCSZMXn1CQWK0mnvSDC0rxeo9mfLMO
WqkGf+oU4xydQp7L0w8dmPJTGJ/pSPJkf81DjoQ3r0f+SXB5d6toGdyQqBMHDal0
194iqqPS9tsYSL+YOQ5C6zjZ1wZ3oCQrbPvmTkShVgImbVX2LHPOyonwkApK0xDr
xdBTTSnpucW2sUiu3SGr2lYJ8z7XVO3jkceX233rpr/4EGwV/79umwZrMKW2iJT1
gTM2HEKJV7xHC9ATYqC0ffNez+n4MxrEYIkEGELzUX5tZ5JcUcCGiomZuZEIOuSI
RXG4QWxyKrtYh6OkQL41f3if/K7arYH2ODJb+RpxDEza9g+CiEkEGBECAAkFAkYW
uK0CGwwACgkQf//iPmSrRDoC8wCcD8htjhb4yZPyNWkuudLEApbWhC0An1KNZiY5
OJpx/xgvUECvV230kIH5
=NVlE
-----END PGP PUBLIC KEY BLOCK-----


One other thing to be aware of is the existence of keyservers. They're places to store keys, say hkp://subkeys.pgp.net. With a key exported to a keyserver one can query that server for the key id/name to get the keys of that person.

[Triple Zero]

this is my AIM OTR fingerprint: 0E6C9AB9 15ABC4A2 B424B4FE 2356D4E3 F32F01A6

edit: and my screenname on AIM is tripzilch

edit2: I'm not entirely sure if this still works cause I might have uninstalled this AIM OTR thing.

[Bebek Sincap Ratatosk]

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.9 (GNU/Linux)

mQGiBEYWuK0RBADX1yxRjhLFqHBwaZ3a1h6M932HU/Gfn5HbsHal3nG/cpRfR6pk
IitEn5aNeKSR8T6W2yJmGUWT8PZ0hu/ICln52DbIdLYoaefr+6IMJMKqE3fPz7Q+
uzhnmJ3lkcS9aysbijjAQ+9mqWnG10LL2U6blo/DcAUCEPk/Q1WFXNlf+wCg5ApZ
di4WUv9PfSLtTAzMdWtfSxsD/2+wBL5c7KHY4Am0lbX6hma5tcxGfwcEjpwMgwtG
6z91594hA8ylsqDD0uOCqIxr1K36yzpDaZWDiTum2542JakLLIc0jLFhVOzXJjhO
Y/sBshfmAvA+wQ4K3t7MrC+TLA7bsnCEod1VBX+4Jj5ZoGl/d0DYD/7Nr9SHbo+A
iRVdA/0ba0CI4hBrOjfQp1Vziwpey1n1+7MqCK6vWL1AVn4D5HcaHBxGT7rpIpsX
GHszDSjCMDepL3XX6Dt3VCU9YEbV4seesLH0YLXieojTIkw7UfuGAdnDg+2Ddg4F
+QKVKzrHQbSLVVfPrvupZUO1qqhddZx+xO3/VfCUiMUThwLtK7QrQ2FybCAiU0FJ
IiBNaXRjaGVsbCA8cGVyZWdyaW5lYmZAZ21haWwuY29tPohgBBMRAgAgBQJGFrit
AhsDBgsJCAcDAgQVAggDBBYCAwECHgECF4AACgkQf//iPmSrRDq/vwCeIqMbVkzX
o2Aeu8DuODCJKQriRVMAoJ06UdHugpCWXXafzE67Szyn+8jNuQINBEYWuK0QCACu
OHXBMqKKjVwxMXFwXYiLwAjdyp4TCax1HGA+tTRr/birkS933hR6d7r5GbtHzB6J
/sKihqM2oh+y4tC2q7S1XYeaW64Z62v4jzbeykA2z3zNYuwU9ZPgCDhH8boJ1Pmz
dea+0fjKCbocuOdfIdYH0iYIj21P5kK8tNzGUqDkGaBg7jhAh+HQCkwUp/Ogk5HD
Hj8hMuqUaV63XPPWnpFlDOTcd1SYEs5Olo8Db1Qc7b6hGNwHJUMNYToj5q7HfDeY
2UZet/LrUJK9T5ICVQL+zTDVYLTEnHijm8q+gG10tkdBn88kKJGv1YlaKjRkCXfs
er7dZNYjsxOw+kjr9qFbAAMFB/9cPJlPvcaCSZMXn1CQWK0mnvSDC0rxeo9mfLMO
WqkGf+oU4xydQp7L0w8dmPJTGJ/pSPJkf81DjoQ3r0f+SXB5d6toGdyQqBMHDal0
194iqqPS9tsYSL+YOQ5C6zjZ1wZ3oCQrbPvmTkShVgImbVX2LHPOyonwkApK0xDr
xdBTTSnpucW2sUiu3SGr2lYJ8z7XVO3jkceX233rpr/4EGwV/79umwZrMKW2iJT1
gTM2HEKJV7xHC9ATYqC0ffNez+n4MxrEYIkEGELzUX5tZ5JcUcCGiomZuZEIOuSI
RXG4QWxyKrtYh6OkQL41f3if/K7arYH2ODJb+RpxDEza9g+CiEkEGBECAAkFAkYW
uK0CGwwACgkQf//iPmSrRDoC8wCcD8htjhb4yZPyNWkuudLEApbWhC0An1KNZiY5
OJpx/xgvUECvV230kIH5
=NVlE
-----END PGP PUBLIC KEY BLOCK-----


One other thing to be aware of is the existence of keyservers. They're places to store keys, say hkp://subkeys.pgp.net. With a key exported to a keyserver one can query that server for the key id/name to get the keys of that person.

Right. However, with keyservers you also need to consider Trust. I could upload a key to a keyserver and claim to be PeregrineBF. If someone is just hitting the keyserver, they might grab my key instead of yours. This is where key signing comes in handy, for example:

Let's pretend that we can trust the keys in this thread. Let's further pretend that all the Discoridans here have installed GPG and want to communicate with other Discordians.

Right now, those of us that have imported keys should sign those keys as trusted and indicates that we trust those keys. These signed keys can be uploaded to the key server.

When "N00bieofEris" joins and wants to send encrypted email to Requia, he could get the key from the key server. He will see that its signed by Ratatosk and PeregrineBF. So he PM's us and asks us to send him our keys. Now he can trust our keys, check them against Requia's Signatures, and thus trust Requia's keys.

That's what we call a web of trust.

[Triple Zero]

I'm ashamed to admit I still haven't generated my own keypair the reason being that without a piece of software or email plugin that allows me to use it easily, I won't use it at all and I will lose those keys somewhere collecting dust.

And maybe by the time I will use it, I could have accidentally stored my private key at some place that got leaked?

Stupid excuse hm.

Cause if I get this right, the private key is only stored encrypted using a symmetric cipher (with a passphrase), so I could write down the passphrase on a slip of paper and store that in my wallet (I have a very secure wallet).

I just saw on gnupg.org there is a software package called gnupg for windows, which includes soemthibng called clawmail which has gnupg built in I might see how that suits me.

[Requia ☣]

It occurs to me I need to set up ecryption for the new email client.  Whoops.

[rong]

be sure to drink your ovaltine