Last updated on 2022-10-21, Fri, 08:53 PM

Due to sanctions, the blogger’s Internet access and payment methods are severely affected, and the contact information below may be unavailable at any time. Please be aware.

Thank you for your support.

Before We Start

If you are not familiar with PGP and GnuPG, I strongly recommend you read this series.

It’s made up of three articles, a good tutorial of GnuPG written in Chinese.

You can also learn from the handbook by gnupg.org.

Acquire Public Key

This key will expire on 2024-07-15.

If the key was not renewed and no new key was released by that time, I would probably be imprisoned or even dead then.

You can get it here, from the key pool of openpgp.org

or from GitHub

I once shared an article about PGP uid collision, which since then inspired a lot of people to exploit their computers for calculating a cool PGP uid. But this also brings a higher risk of MITM attack. I deeply apologize for that.

Considering the current capability of common brute force solutions, it’s no longer a reliable method using 16-char hex uid to verify the identity.

Thus, the fingerprints and the date of all the subkeys have to be verified.

(The timestamp should be around 2021-09-07 02:20 UTC, when the hex unix timestamp should start with 61 36 cc. BTW the key was signed again at 2021-12-24 17:22 UTC.)

first of all, verify the fingerprint of the key for certification.

$ gpg --show-keys --fingerprint h3arn.gpg

A output like this is expected

pub   ed25519 2021-09-07 [C]
      3648 64A3 A1AF 4174 D9BD  E7C6 6076 CBBA 23E9 8A57
uid                      H3arn (Hearn's PGP key v2.0) <root@h3a.moe>
sub   ed25519 2021-09-07 [S]
sub   cv25519 2021-09-07 [E]
sub   ed25519 2021-09-07 [A]

If correct, import the key. then verify the subkeys.

gpg --fingerprint --with-subkey-fingerprints root@h3a.moe

A output like this is expected, all four fingerprints must match the result below.

pub   ed25519 2021-09-07 [C] [expires: 2024-07-15]
      3648 64A3 A1AF 4174 D9BD  E7C6 6076 CBBA 23E9 8A57
uid           [ultimate] H3arn (Hearn's PGP key v2.0) <root@h3a.moe>
sub   ed25519 2021-09-07 [S] [expires: 2024-07-15]
      B71D A984 8E17 C6E7 72A3  C3C4 FD11 06C9 445D 42D0
sub   cv25519 2021-09-07 [E] [expires: 2024-07-15]
      1EA5 4FFF 224C 5519 A0F8  130E 04FA DDFF 8143 BEAE
sub   ed25519 2021-09-07 [A] [expires: 2024-07-15]
      6B72 542F 15EE BE1A D86F  B2E5 44F2 450F 50BF E621

Check it and set trust level.

Caution: Don’t Rely on PGP Plugins. Use GnuPG Itself.

I strongly recommend you encrypt and sign the message prior to pouring the content into your email.

It doesn’t cost you much time to encrypt the message beforehand.

Output some ASCII code. For the same input, the ASCII output is larger than binary by one third.^[1]

$ gpg -o encrypted.txt -r root@h3a.moe --armor --sign --encrypt raw.txt

Output binary.

$ gpg -o $FILENAME.gpg -r root@h3a.moe --sign --encrypt $FILENAME

Last but not least, append your oublic key in your message if you never contacted me in this way before.

My portals

e-mail:         root[at]h3a[dot]moe
Telegram bot:   [at]h3a_portal_bot

Have fun.

From the tips in the setting panel of Kleopatra ↩

#PGP #GnuPG

[Pinned] How to Contact Me

https://blog.h3a.moe/en/src/d07363/

Author

H3arn

Posted on

2021-09-11, Sat, 12:18 PM

Updated on

2022-10-21, Fri, 08:53 PM

Licensed under

Fix Task List Rendering for hexo-renderer-kramed Previous

TEST Next