Re: Kong Re: Please Beta test my communications cryptography product.

-- 177 At 5:00 PM -0800 12/4/97, James A. Donald wrote:
At 07:06 PM 12/12/97 -0800, Bill Stewart wrote:
The web page says that the first beta had some problems,
Beta 2 is now out. Please uninstall your old copy, using "Add/Remove programs" in the control panel, before installing the new copy, as overinstall does not work. (If you forgetfully overinstall, a warning comes up, but most people cheerfully disregard the warning)
- Signed Message: Delimiter, Message Body, ECC Public Key, ECC Sig. I didn't notice what hash was used for the signatures -- SHA?
SHA: I failed to document that, will add it to the documentation.
Multiple recipient form works, but the user interface to use it does not yet exist which makes it kind of useless. Coming soon.
Yes: However the name is only hashed in a cryptographically weak manner, so a third party could change the name in a cleartext message. However if the message is cleartext there is nothing to stop him from copying the body and giving it any signature he pleases, so this does not actually gain the attacker anything. After all, that is what cleartext is. If he changes the name it looks to the user and Kong like a new and different signature.
-- Yes: For example this message contains a nested message. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG J14rDU1EjUofOmSoHg1Ye0GF6/+6wdvxmCwMryE4 1jNcIP5kRfVPada+5w8zfIGEodi2Mrz80ZbvXsK1
Not worried about, which is probably a seriously bad idea. Will fix in a later release. In a later release I will canonicalise carriage returns to Microsoft conventions, but not whitespace. As this is alas, a Borg only product, and will remain so for some time, such canonicalisation will not break existing signed documents.
This affects not only reliability of signatures after emailing, but also affects signing binary files.
Signing binary files is not yet supported, and will not be for some time.
Yes
If so, is there some easy way to use the 40-char string, e.g. type in a copy from the bottom of a business card?
Yes If Kong says a signature is good, and the public key agrees with a business card then the guy who wrote the business card is claiming to be the author of the message. Actually you do not have to check all 43 characters. It is sufficient to check the first ten characters, or any ten characters.
If two keys have the same passphrase, but a different secret file, then they will be two completely different keys. However, the same passphrase, and the same file, means the same key. The secret file is merely concatenated with the secret file
5) Is the format of the signature freeform, or do the newlines and whitespace have to be in their official locations?
Minor flexibility. You can add or remove leading blanks, and use either lf or cr or both. It is not totally rigid, but it is pretty rigid. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG Uy36NbrQf/3FKV77cTtzFrHxsy0dcx9l6Svy/Fl5 xP+I6vLpjTgacrHEqXoD3gv+HF9Tx4Zl+0yDGhQF
participants (1)
-
jamesd@echeque.com