age - simple encryption tool age-encryption.org
I'm quite surprised that age's interface doesn't provide for signing of messages.
https://age-encryption.org/v1 For between participants, the payload is self authenticating by nature of the crypto... you received it, from somewhere, that may also have included some more identity inside, it decrypted, done. For standalone clearsign maybe user could encrypt a hash of the signable content, to a separate publicly published age secret keypair that they gave provenance, that anyone could then decrypt, but that is convoluted, and is in conflict with standard of teaching people to never publish any secret key. Much better to use pgp, signify, minisign or whatever else for public sigs. As for age, people can play with this key which will expire and be destroyed on or before 2022-04-30... age19nr5khmhtwe0jp0f2yvh2cevsqaev5tjkq0zw5t5ruy2uvrgfsysl7r6ch
On 1/21/22, grarpamp <grarpamp@gmail.com> wrote:
I'm quite surprised that age's interface doesn't provide for signing of messages.
For between participants, the payload is self authenticating by nature of the crypto... you received it, from somewhere, that may also have included some more identity inside, it decrypted, done.
Receiving an encrypted message doesn't indicate the sender is the same person who encrypted previous messages at all, or that the message was even made in one unit by one person, does it?
For standalone clearsign maybe user could encrypt a hash of the signable content, to a separate publicly published age secret keypair that they gave provenance, that anyone could then decrypt, but that is convoluted, and is in conflict with standard of teaching people to never publish any secret key.
I think this might be an error because others could also encrypt a hash tto this key, since it's public.
Much better to use pgp, signify, minisign or whatever else for public sigs.
Curious what norms exist for using signify/minisgn. Seems formats are kind of left up to the user.
As for age, people can play with this key which will expire and be destroyed on or before 2022-04-30...
age19nr5khmhtwe0jp0f2yvh2cevsqaev5tjkq0zw5t5ruy2uvrgfsysl7r6ch
$ echo -n age19nr5khmhtwe0jp0f2yvh2cevsqaev5tjkq0zw5t5ruy2uvrgfsysl7r6ch | sha256sum 6d3b98cf0f1c9319f1f31a0682e4529e9f63e6e6a5de79995176875ab7185ada - $ age --armor -r age19nr5khmhtwe0jp0f2yvh2cevsqaev5tjkq0zw5t5ruy2uvrgfsysl7r6ch [a single line of [data] that produces this: $ echo -n [data] | sha256sum 85fc5fdedcdf8df8925855bbd0e72eb0b942c1ed290088c72a6d4fdc98ea722f - ] -----BEGIN AGE ENCRYPTED FILE----- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4ZXZPMk0ya3oxRnVDamRV U1VnUmN5ZFY3bVpPWEEwZWxic2pBQjA4ckFNCklqYXU0SmYyRDNPcnE2NFE0U1Jz SUpJWXRaRnBkNDQvZGo4ZlRDMkpnL3cKLS0tIFpjM0VRTXlqNmF4Ti91Qk1CazRp OGJFbFVHWklLZ0hjY0NsN01xSnI3eW8KgvSUQT+Qw0lbwUyczRq35nrGQDVfiDLJ BYheOy+zh2i/ZvCDyrnxrrkS+tNJuS8b47hwMmSsgo5JQumdejapcTpnNyYtjpIC G5GftkhrPtYow/XzVc6zMFPenxG9Lm8= -----END AGE ENCRYPTED FILE-----
On 1/23/22, k <gmkarl@gmail.com> wrote:
Receiving an encrypted message doesn't indicate the sender is the same person who encrypted previous messages at all
If sender included a context proof, a psk, or a chain inside each subsequent msg for the receiver it would.
or that the message was even made in one unit by one person
A good decrypt seems to be one "unit", and no tool can prove what was behind the senders "unit", could be duress or hack.
others could also encrypt a hash tto this key, since it's public.
Yes it's silly, yet who knows what their model might be.
Curious what norms exist for using signify/minisgn. Seems formats are kind of left up to the user.
What usage exist? OpenBSD uses it. Search signify / minisign for more.
I received this private reply from you that doesn't look right and ignores the encrypted message in the same email. On 1/27/22, grarpamp <grarpamp@gmail.com> wrote:
On 1/23/22, k <gmkarl@gmail.com> wrote:
Receiving an encrypted message doesn't indicate the sender is the same person who encrypted previous messages at all
If sender included a context proof, a psk, or a chain inside each subsequent msg for the receiver it would.
or that the message was even made in one unit by one person
A good decrypt seems to be one "unit", and no tool can prove what was behind the senders "unit", could be duress or hack.
others could also encrypt a hash tto this key, since it's public.
Yes it's silly, yet who knows what their model might be.
This is maybe the part that looks most wrong. What are you talking abour?
Curious what norms exist for using signify/minisgn. Seems formats are kind of left up to the user.
What usage exist? OpenBSD uses it. Search signify / minisign for more.
By this I meant, how do I send you a signed message?
participants (3)
-
grarpamp
-
k
-
Undiscussed Horrific Abuse, One Victim & Survivor of