Infrastructure support for GnuPG post-quantum keys
have at anonymous.sex
have at anonymous.sex
Tue Jan 7 07:49:11 CET 2025
On Mon, 06 Jan 2025 22:58:52 +0100, Steffen Nurpmeso
<steffen at sdaoden.eu> wrote:
>>>- Distribute the key along with your mail address using the Web Key
>>>directory.
>
>>aren't there also proposals to do this via special mime types?
>
>"Problem" is that .asc is not only used for key distribution, but also
>for normal signatures. Iirc this at least bites the original intent.
File “extension” means nothing here.
Web Key Directory (WKD) is this; it does not have any file extension:
https://wiki.gnupg.org/WKD
https://datatracker.ietf.org/doc/draft-koch-openpgp-webkey-service/
The proper MIME type for WKD is application/octet-stream, according to
§ 3.1 of WKD (draft 19) linked above.
**Important:** When you attach your key to mail, use the MIME type
application/pgp-keys. Consult your mail client’s manual for
instructions. It shouldn’t matter what the filename is; if the filename
is “iloveyou.doc.exe” and the MIME type is application/pgp-keys, a
proper receiving mail client will see it as a PGP key.
>A combination of DKIM and special email addresses which send emails
>which are signed and include the public key so that the email can be
>used to verify itself also seems a cryptographically verifiable thing
>(if it is).
No, it’s not. Please study cryptography before attempting protocol
design.
>(I still cannot believe that these post quantum things will all be so
>terribly huge data things.)
I attached a post-quantum thing to my prior list message, and it is
downloadable from the list server; observe the size and the correct MIME
type:
https://lists.gnupg.org/pipermail/gnupg-users/2025-January/067460.html
>-------------- next part --------------
>A non-text attachment was scrubbed...
>Name: have-post-quantum-anonymous-sex.asc
>Type: application/pgp-keys
>Size: 3106 bytes
>Desc: not available
>URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20250107/4732a382/attachment.key>
Fingerprint:
01A6D 81EEA D7EEE C393D EC140 1F489 4C154 E1B8E E32E9 059CA
That 3106 bytes is the ASCII-armored version of a blob with an ed448
primary certification and signing key (non-PQ), a ky1024_cv448 subkey
(PQ), one simple userid, and one trust signature from my ed25519 (v4)
key.
Requires GnuPG 2.5.1 or later.
>[i removed have at anonymous.sex; never did such..]
Rude. Shame on you.
--
# Remember these on Wednesday, January 15, 2025:
https://web.archive.org/web/19971024171609/http://www.eff.org/blueribbon.html
https://web.archive.org/web/19971114041230/http://www.eff.org/pub/Legal/Cases/ACLU_v_Reno/19970626_eff_cda.announce
https://www.supremecourt.gov/search.aspx?filename=/docket/docketfiles/html/public/23-1122.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 297 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20250107/7a0e98fe/attachment.sig>
More information about the Gnupg-users
mailing list