Crul

@[email protected]

Moved to @Crul

This profile is from a federated server and may be incomplete. View on remote instance

[Thread, post or comment was deleted by the author]

    •
    Crul ,

    Mandatory Chris Hadfield’s Space Oddity from ISS link

    How does a signing a post with a pgp key prove that you are actually the person behind the post?

    I saw that people on the dark web would sign their posts with a PGP key to prove that their account has not been compromised. I think I understand the concept of how private and public keys work but I must be missing something because I don’t see how it proves anything....

    Crul , (edited )

    EDIT: changed encryption / decryption to signing / veryfing. Thanks for the corrections

    Not an expert, those who know more please correct me.

    From what I understand, what they post is not a PGP key, but the same content published in clear text signed with their private key. That way anyone can verify it with the author’s public key to check it has been generated with the private one (that only one person should have).

    Crul ,

    Isn’t that for when you want to send a message to someone so only the recipient can read it?

    If I understand correctly, OP is asking about signatures to prove the posted content comes from a specific source.

    Anyway, thanks for the review!

    Crul ,

    Sorry, but I still think I’m saying the same thing as in that paragraph:

    [from your link] a sender can use a private key together with a message to create a signature

    • [from my post] the same content published in clear text encrypted with the[ir] private key

    [from your link] Anyone with the corresponding public key can verify

    • [from my post] anyone can decrypt it with the author’s public key
    Crul ,

    You said encryption occurs with the public key and decryption occurs with the private

    I’m sad that I edited some typos on my original message because now you will probably think I changed it. But I said the opposite.

    Anyway, there is probably some missunderstanding here and I don’t think this conversation is useful.

    Thanks for the feedback.

    Crul ,

    Sorry, I’m very confused. Both of us seem very confident in our positions, so clearly one of use is c/confidentlyincorrect…

    I will wait until a third party helps us identify who is wrong and I will be very happy to correct any mistake if that’s the case.

    Crul ,

    We may be getting somewhere…

    what they post is not a PGP key, but the same content published in clear text encrypted with their private key.

    So they are not excrypting it, but do we agree that with signatures the author uses their private key + the clear message to generate “something”?

    That way anyone can decrypt it with the author’s public key to check it has been encrypted with the private one (that only one person should have).

    … so then anyone can use the author’s public key to check that “something” against the clear mesage to confirm the author’s identity?

    If that’s the case, then my error is that the operation to generate the signature is not an encryption. So, may I ask… what is it? A special type of hash?

    Thanks again. I will edit my original comment with the corrections once I understand it correctly.

    Crul ,

    Thanks for mediating!

    What I’m getting from this dicussion is that, when signing, the operations are not encryption and decryption, but … hashing and hash-veryfing?

    Crul ,

    Thanks, now it’s clear.

    I corrected my original comment.

    Crul ,

    Thanks! re-corrected again.

    Crul ,

    Source (I think) for the image:

    PSA, you can add subreddits as an RSS to view without supporting Reddit

    There’s still some subreddits I’d like to view as their communities haven’t swapped over yet. Like you guys, I obviously don’t want to support Reddit in any way shape or form. Surprisingly, they have not gutted RSS feeds yet. Simply add .rss at the end of the domain. Example...

    Crul ,

    This works for (almost?) any reddit URL:

    Note that in the last 3 URLs, the .rss is added before the ?, in all other cases it’s at the end.

    Crul ,

    Oh, I also forgot:

    Very useful for moderators (of not-very-large subs).

    Crul ,

    The RSS Feed with the comments of a post is on [POST URL]/comments.rss. Example:

    www.reddit.com/r/…/comments.rss

    The first entry is the post with the content and the next ones are the comments (all). Of course there is no nesting structure in the RSS, you need to go to reddit for that.

    EDIT: There most probably be a limit in the number of elements of a feed, so if you try that with a post that already has a lot of comments, you will probably see only the last N ones. But if you add the RSS Feed of the comments of new post to your RSS Reader, it will most probably store all the elements over time, so you will have all of them there (and not only the last N ones)… unless the comments are posted too fast and/or the updating frequency of your RSS Reader is too slow.

    Crul ,

    This only works for reading the content, but you cannot post or comment via RSS.

    EDIT: Also, RSS feeds only contain the last N elements, so the apps would need to store all the data from Reddit… which is not practical.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • All magazines
    •