I recently have been playing around with GPG (its pretty fun!) And decided to make a hat with my public key on it!
Its a fun conversation starter at walmart, when somebody asks what it is? It activates my tism, and i get to talk about computer science! Its also important to teach others the importants of encryption especially as of one day ago the EFF made a post talking about yet another bill trying to go after encryption.
The keen eyed among you see i have blocked out certain parts of my key, this is because i have a key for this hat exclusively and would like to see if anybody i talk to about encryption in real life bothers to email me. I know its not much but i enjoy it!
I laser etched the leather, and hand stitched it to the hat.
I know this is more kinda clothing stuff, but it just didnt feel right posting a hat with a gpg key on a fasion/clothing community.
Hope you enjoy My little project >:) hehe
Put an nfc tag there, you can insert it behind the leather. Write the same key on it and that way you could tip your hat onto someonea phone for a quick transfer for later communications.
With the way you stitched it, you could easily push one of the flat flexible ones there without having to mess with the stitches
Thats a fucking metal idea.
You expect somebody to write that down?
Nah photos, would be better and or theres an app that can import gpg keys from photos. I dont quite remember what it is tho
I guess I, too, am still not certain why you would censor it. The whole point to the public key is to publish it. Most people upload their’s to multiple public key servers.
They meant that they wanted to do a test to see if they would get any gpg-encrypted emails from people who saw the hat in real life; the “experiment” doesn’t work if you allow internet strangers to email you too, as then you don’t know where a person may have gotten the email address/key from
That makes sense
If they have it on a hat, in real life, then it’s linked to their real identity. They might just want to keep it separate from Lemmy.
True, but I think it would be extremely easy to identify them from the strings of dozens of identical letters still visible on the hat.
You would need to know the whole key to know. If there are blocks missing you cant get anything from a key. And you would half to see in in real life to corelate my user alias to my real identity. Which i originally going to use a key that i have for online accounts (a key for steamy) But i then realized that would then have my online account linked to my real identity
Yeah, if I met you I’d never know! It could be one of thousands others with the same hat!
Yeah, if you know part of a fingerprint you can look up keys, but I don’t know of a way to look up keys from partial keys.
Thats if the key was uploaded to a keyserver.
Yes? How else would you look up anything if it hadn’t been uploaded somewhere?
Back in the day, when forums were still a thing, I dumped a bunch of binary into my signature and waited for someone to figure out what it says. Eventually, someone did go through the trouble of converting it to hex, ASCII, HTML, ROT13, BASE64 or whatever random conversions I had access to at the time. Anyway, one day I got a message about it, and I was so delighted.
we did that back we i used usenet
That’s the kind of things I expect somebody to be into deciphering to have already a ~/Prototypes/deciphers/ directory with a bunch of scripts with the basics and maybe a testing script that iterates through them sorted by probability (maybe based on popularity) and checks output against keywords, e.g. stop words of increasing length then dictionaries.
TL;DR: I bet that person had automated that process.
You’re going to love Cyberchef
If I built a system like that, it would become really complicated, since I would just have to include all sorts of convoluted unicode trickery in it.
ӏ і κ е ț һ ï ʂ
like this
as long as there is mapping then it’s OK, it can be added as yet another filter
You should do this with the Lorem Ipsum text lol
People who don’t know might think it’s some based quote from a Caesar or something
Why is it censored? Also why no monospaced typeface?
Specific key for this hat, i wanted to share this idea. But i also wanted to see if any local people would email me. Also didnt want to paste my email adress online LMAO.
Also cause nerd fonts IM ADDICTED
deleted by creator
Yes im aware of how asymmetric encryption works. Theres a public and private key The public key encrypts the private decrypts. You make a web of trust off of signing others public keys verifying there identity.
I wanted a specific key pair for the hat for separation of online and in real life. I know you can’t learn much from an email, but still, Its my preference and it was i font that i liked and ended up picking. I understand it may not be your preference, please do not "yuck my yum’ there are BILLIONS of fonts out there and i picked the one i liked.
Which on a separate note, i originally made a hat patch with a public key but it was DSA 3036 (the max size key i dont know if thats the right number.) And i etched it on the leather, each letter was 0.04 of a inch and was basically unreadable. So i ended up going with the default gpg preset for ecc
Are you sure you understand how PGP works?
Are you sure you understand how PGP works?
Neat, you inspired me to post my cryptography bracelets https://lemmy.ml/post/31555517
I do like this a lot.
Since you sort of need to be there with the hat, it makes me wonder of you might get more response and/or geographic spread if you has some sort of leave behind. A sticker, or a card that you can slot in places.
I do think that leaving it as the gpg key is better, not a QR code. It helps ID this for nerds like you and me. I would never scan a wild QR.
Yeah qr codes would be the “easier way” But i never scan any of them because MALWARE
“Brad, I saw you cheating on Stacy at the club last night” [your pgp key here]
how did you choose which areas to redact? were you careful to be sure to get the parts that have the key’s name and email address?
It should be if there is chunks missing its unusable. At least thats my thinking, since gpg is usually a binary and ascii armor makes it human readable. As long as a person cannot guess the blacked out parts, there shouldnt be any data.
Kinda like binary if your missing bits of binary in a program it should be unreadable
–edit
im full of shit Its base64 and you can somewhat decode it
were you careful to be sure to get the parts that have the key’s name and email address?
It should be if there is chunks missing its unusable. At least thats my thinking, since gpg is usually a binary and ascii armor makes it human readable. As long as a person cannot guess the blacked out parts, there shouldnt be any data.
you are mistaken. A PGP key is a binary structure which includes the metadata. PGP’s “ascii-armor” means base64-encoding that binary structure (and putting the BEGIN and END header lines around it). One can decode fragments of a base64-encoded string without having the whole thing. To confirm this, you can use a tool like
xxd(orhexdump) - try pasting half of your ascii-armored key in tobase64 -d | xxd(and hit enter and ctrl-D to terminate the input) and you will see the binary structure as hex and ascii - including the key metadata. i think either half will do, as PGP keys typically have their metadata in there at least twice.Yeah i realized this after i got to work and lookup up what gpg uses for ascii armor. Its base64, i used base64 -d and i could get some parts of my key. The photo has been updated to remove alot more of the key.
Major fuckup on my part.
But i learned that ASCII armor is base64 i guess.
I think it would be cool to encode your key as like a qr code so that folks can scan it.
Kinda loses the aesthetic of the classic gpg armor though
Yeah i thought about that! I have been playing with base64 encoding tho!
An email address might be good too unless part of the key
Could also be a short URL instead, e.g. https://lemmy.ml/post/31547467 or ideally something with keywords rather than UUID, even though here 8 digits isn’t too bad.
There’s a GitHub project for that: https://gist.github.com/joostrijneveld/59ab61faa21910c8434c
It’s more traditional to just print the key fingerprint.
Gpg? 😂
-
Pretty Good Privacy (PGP): The first implementation of a set of methods used for signing, encrypting, and decrypting texts, emails and files that ultimately became a standard called “OpenPGP” (RFC 4880), the program itself was commercial/proprietary. Sometimes “PGP” is also used to call the standard itself for short.
-
GNU Privacy Guard (GPG): A popular Free and Open Source program from the GNU project that uses/implements the OpenPGP standards
-
Pgp?
