Young Hands
ossasepiaeuloratrilemaspykedtrinquetrilema-hanbotagriculturalsupremacy
34m15h 46m16d 20h 19m3h 13m12h 8m3d 5m10h 43m
Ossasepia



101 entries found in trilema for 'clearsign' :

mp_en_viaje: moreover, how do bitcoin transactions figure into it ? are you talking about "the clearsigning proposal" as in, http://billymg.com/2020/01/mp-wp-patch-viewer-and-code-shelf/comment-page-1/#comment-75 ?
jfw: mp_en_viaje: well a signature can't sign itself, yes? so there is some transformation from clearsigned file to hash input.
ossabot: Logged on 2020-02-04 01:38:36 mircea_popescu: so given bvt's recent and indeed quite shiny work on a new v : is there any interest in actually attempting something like the new clearsign scheme ?
jfw: http://logs.ossasepia.com/log/trilema/2020-02-04#1957893 - diana_coman observes I need more practice at figuring things out through discussion / asking than quietly on my own. Anyway, in my latest I've attempted to sort out my thoughts on the matter. There are some questions there on the clearsigning
ossabot: Logged on 2020-02-17 18:32:25 dorion: perhaps mod6 takes the lead to implement the clearsigned scheme on his keccak regrind of the trb tree.
dorion: spyked is rebuilding trb shortly, so if mod6 leads the way, followed by jfw and spyked that's at least 3 people scrutinizing the clearsigning scheme, tools and likely many of the same patches within the same timeframe.
dorion: perhaps mod6 takes the lead to implement the clearsigned scheme on his keccak regrind of the trb tree.
ossabot: Logged on 2020-02-04 01:38:36 mircea_popescu: so given bvt's recent and indeed quite shiny work on a new v : is there any interest in actually attempting something like the new clearsign scheme ?
mircea_popescu: so given bvt's recent and indeed quite shiny work on a new v : is there any interest in actually attempting something like the new clearsign scheme ?
feedbot: http://www.loper-os.org/?p=3657 << Loper OS -- "Finite Field Arithmetic." Chapter 20D: "Litmus" Errata: Support for Nested Clearsigned Texts.
mircea_popescu: The GPG we inherited fucks clearsigned text blocks inside a larger text block being clearsigned as it is clearsigned for reasons that appear to be related to retardation. << well theoretically it's related to in-band signalling, but practically it was too hard to have a proper parser, take CLOSING signature as the signature, had to have 1step parser which "does not know what to do" if it encounters five dashes mid-documen
BingoBoingo: The MPEx stat without the measures GPG takes to fuck clearsigned inside clearsigned is also available here
feedbot: http://www.loper-os.org/?p=3646 << Loper OS -- "Finite Field Arithmetic." Chapter 20C: Support for 'Clearsigned' GPG texts in "Litmus."
BingoBoingo: mircea_popescu: Waiting for deedbot to go from acceptance to deeding. I've got the MPEx statement with my involvement note attached on top submitted to deedbot. (Clearsigned statement on its own here since GPG doesn't like making nested signatures). For whatever it may be worth, I've also got my client to sign [http://logs.ossasepia.com/log/t
lobbes: http://logs.ericbenevides.com/log/trilema/2019-09-19#1937380 << ty, I always appreciate n00b tips (I in fact only learned of the "gpg --decrypt signed.txt >> unsigned.txt" method for clearsigned files a mere few months ago, so you never can be too careful)
lobbes: though still puzzled why last clearsigned version didn't deed... I checked a few more times for sanity and the sig verified for me
mod6: Yeah, I get the pizarro ip for both A and MX records. Just in case, I have posted the clearsigned report to my website for viewing: http://mod6.net/2018/December/31/btcf_address_201812.txt
asciilifeform: grr jurov , 'Signature verification on clearsigned text failed, discarding. Review the message in your sent mail folder for wordwrap or similar mutilations of clearsigned text.'
asciilifeform: jurov's thing gets me a 'Signature verification on clearsigned text failed, discarding. Review the message in your sent mail folder for wordwrap or similar mutilations of clearsigned text' despite the fact that i used the www front end ( therealbitcoin.org/mailman/post/btc-dev ) and attached all 3 as attachment
asciilifeform: mod6: it seems to reject my clearsigned readme ( which verifies locally, i've nfi )
mod6: jurov: Ah, alright, thanks for checking. It's weird because I did check the clearsigned file before sending, verified fine. Mail Client / ML must have magled it.
jurov: mod6: when you have such complicated text, it's best to keep it clearsigned in a file.
jurov: mod6: the clearsigned text has bad signature
a111: Logged on 2018-04-27 15:41 mircea_popescu: http://btcbase.org/log/2018-04-27#1805922 << if you're going to "--clearsign" why not "-aer uid" for the same money ?
mircea_popescu: http://btcbase.org/log/2018-04-27#1805922 << if you're going to "--clearsign" why not "-aer uid" for the same money ?
jurov: shinohai: send me clearsigned request, incl. date and whether it should be done always from now on.
mod6: jurov: I sent an email to the ML, but isn't showing up. I can confirm that the clearsigned data verifies on my end.
mircea_popescu: whereas when it comes to clearsigned matter, you CAN find yourself in a b and a is not applicable.
asciilifeform: this thread is incidentally pretty great , it is exactly the one from 2016 but with the sides switched. ( earlier it was mircea_popescu who insisted -- in the orig 'clearsigning' thread -- on human-eye-readables )
a111: Logged on 2017-12-07 11:24 mircea_popescu: mod6 mind adding the "no clearsigned material in patches -- you got the .sig for that" and "no '--- ' anywhere, you have been warned" rules to it ; and phf / everyone mind making it stick ?
mircea_popescu: mod6 mind adding the "no clearsigned material in patches -- you got the .sig for that" and "no '--- ' anywhere, you have been warned" rules to it ; and phf / everyone mind making it stick ?
mircea_popescu: take out the god damned clearsigns.
mircea_popescu: asciilifeform you shouldn't put gpg clearsigned bits in a patch in the first place.
mircea_popescu: alternately, of course... "no clearsigned material within patches". this may even be a right thing independently of the actual bug.
BingoBoingo: <shinohai> You write said submission, `aspell -c submission`, then clearsign the result with your gpg key. << You forgot "Proofread for its vs. it's, because aspell doesn't know"
shinohai: You write said submission, `aspell -c submission`, then clearsign the result with your gpg key.
mod6: http://btcbase.org/log/2017-05-25#1661674 << was thinking there, for those who would want it, a model where guy asks for N bytes of entropy via FG. would generate N bytes. base64 encode the binary entropy file (similar to trb deps), place the sha512 output hash of the base64 decoded file along with the ent & dieharder output in a clearsigned message, then PGP encrypt it to the requester.
asciilifeform: clearsigning suxxx
mod6: I think independant replication is in order myself; i.e. someone create a clearsigned message with multiple line feeds in there (\n), and see if the result is the same.
mod6: <+mod6> <+mod6> This is the actual pgp clearsigned data: http://p.bvulpes.com/pastes/9AAL7/?raw=true << this is what gets pasted into the comments section. 7bit ascii. << go to this link, copy the text, save locally, or however you want to do it, and see if it verifies.
mod6: <+mod6> This is the actual pgp clearsigned data: http://p.bvulpes.com/pastes/9AAL7/?raw=true << this is what gets pasted into the comments section. 7bit ascii.
mircea_popescu: ah but mod6 baby, you can't sign html and expect to verify the text a browser outputs cmon. whole fucking thing is a substitution engine for strings, how's the clearsign gonna be preserved.
mod6: This is the actual pgp clearsigned data: http://p.bvulpes.com/pastes/9AAL7/?raw=true
a111: Logged on 2017-04-05 22:36 danielpbarron: what is the proper way to deed such an item? clearsign the sha512sum ?
danielpbarron: what is the proper way to deed such an item? clearsign the sha512sum ?
Framedragger: ben_vulpes: sorry for being obtuse, but if by 'show signature' you mean print signature in ascii-armored way, why can't you `echo 'foo' | gpg --clearsign > a.txt`, then `cat a.txt | gpg --encrypt --recipient recipient-username > b.bin`, then `gpg --decrypt b.bin`? (this assumes gpg is interactive and will ask for password, so best to break it into multiple commands)
danielpbarron: txt | clearsign | encrypt # but why??
mircea_popescu: we started moving away from sha-1 to sha-512 digests for clearsigned messages what, coupla years back ?
mircea_popescu: not when it comes to clearsign, not when it comes to vpatches, never. text dude.
a111: Logged on 2016-12-28 10:37 jurov: http://btcbase.org/log/2016-12-28#1591566 << not a good idea, because if you pass something clearsigned/encrypted, gpg will decrypt it to stdout, so you end up parsing dangerous user input
jurov: http://btcbase.org/log/2016-12-28#1591566 << not a good idea, because if you pass something clearsigned/encrypted, gpg will decrypt it to stdout, so you end up parsing dangerous user input
mircea_popescu: asciilifeform there's something fundamentally visceral about the written page you're entirely inadherent to, as seen here and in the case of clearsigns etc. pass by reference is not the same as pass by value!
mod6: if I were him, this is what I would do: take the schematic blob, encode it, clearsign it with a note at the top and a hash of its output value. submit to deedbot. next, edit the code somewhere or prefereably create a README.txt that points to that deed, create a new fuckgoats_genesis.vpatch and fuckgoats_genesis.vpatch.alf.sig on nosuchlabs.com, point to them with your www.
Framedragger: asciilifeform: *for the time being*, can you not hash the package, and deedbot clearsigned hash of package?
asciilifeform: and yes, i'm aware that i can take whatever and package it up in a uuencoded+clearsigned turd. but this is insanity.
asciilifeform: mod6: v doesn't deal in clearsigned anythings
mod6: are you just trying to clearsign one vpatch then?
BingoBoingo suggests relaxing session of whittling with a sawzall to clear mind, shame microfiche can't be clearsigned.
mod6: That said, I'm not positive what is a favorable solution to this. For me, I guess I would have considered a disjointed genesis. All code in a genesis.vpatch, plus a comment in the code or README.txt file that points to a clearsigned, base64 encoded deed of the (repeatably extractabale) binary (image in this case).
ben_vulpes: either i remember a decrypted clearsign's hash not matching or am inventing the memory
mircea_popescu: trinque at the very least a result here could be where you machine-verify that X item deedbotted is equal to X' v-item through the process of a) X valid clearsigned b) X' valid detach0igned c) X = preprocessor(X')
mircea_popescu: trinque the clearsign iirc is a stricter operation ; but plenty of signedtxts emerge untouched from both processes.
trinque: so then if I've got a sig of an un-transformed item in ML, it may contain things the transformer would've stripped/modified if it were clearsigned
trinque: mircea_popescu: it seems to me the two paths (clearsign and detached-sign) sign completely different piles of bits, if the clearsign first goes through some transformer
trinque: so then the original item would have to have been detach-signed with line endings already mangled to get a clearsigned version that'd verify
trinque: I'd have to spelunk further to confirm, but it looks like clearsigning is canonicalize -> sign
mircea_popescu: trinque care to look into if you can bash the signature out of detachsig and attach it as clearsigned ?
mircea_popescu: q : can clearsigned document be created out of detachsig document ?
asciilifeform: it eats clearsigns neh ?
asciilifeform: the schem will be nonclearsigned, the sig -- posted. the boards -- physically wrapped in copies of the schem. is all i can offer.
mircea_popescu: so i'ma just wait here for you to p, and comment thar rather than try and spec a tmsr-rsa-clearsign ?
phf: mircea_popescu: the whole thing is "magic char" driven though. in this particular case the failure is not just from clearsign, but from a combination of clearsign and vpatch own magic chars.
mircea_popescu: would you agree the correct move here is to actually specify clearsign format for tmsr-rsa ?
a111: Logged on 2016-12-11 18:40 asciilifeform: WITHOUT THE IDIOT MUTILATION of clearsign
phf: trinque wants me to deedbot logs, and if it only takes clearsigns, that would be kind of tricky.
asciilifeform: i thought it only ate clearsigns.
asciilifeform: WITHOUT THE IDIOT MUTILATION of clearsign
mod6: I should clearsign the pubkey with my pgp-pubkey and deedbot this, aha?
mircea_popescu: trinque you can even have a system of "orders over X value or nth in a day have to be clearsigned" and have the user set X and n ?
asciilifeform: cat clearsigned_thing.txt | curl -H "Content-type: text/plain" --data-binary @- http://machine
asciilifeform: cat clearsigned_thing.txt | curl -H "Content-type: text/plain" --d @- http://machine
mod6: im not sure how that'd work out. you might be better off putting your key on your "blog" as detailed in the logs, then just putting in a clearsigned message stating that's where one can find your pub key.
PeterL: is there a way to make pgp use something other than sha1 for clearsigning?
mircea_popescu: Mariono it should have an option for "sign only" or "clearsign" or somesuch.
mod6: https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html << wtf. this guy doesn't clearsign these emails
mod6: i guess to me, that meant clearsigning a pgp signed message. guess i didn't try that.
gribble: (register <nick> <keyid>) -- Register your GPG identity, associating GPG key <keyid> with <nick>. <keyid> is a 16 digit key id, with or without the '0x' prefix. We look on servers listed in 'plugins.GPG.keyservers' config. You will be given a random passphrase to clearsign with your key, and submit to the bot with the 'verify' command. Your passphrase will expire in 10 minutes.
mod6: so anyway, i'll prepare the rest of these as well as a more refined disclaimer. clearsign them, and pass 'em around for some testing.
mod6: which, was my first trial. the only thing about this approach is that then to extract (uudecode), one must strip out the clearsigning text as well as the comment. not horrible, just an extra step.
mod6: <+mircea_popescu> mod6 how do you add comment with armor ? << yeah, there'd be no comment in the gpg armor'd artifacts. this would only be possible with using the uuencoded archives, placing a comment in the top, and then clearsigning the whole thing.
mircea_popescu: thanks fucking god gpg doesn't clearsign such nonsense.
mod6: So, a clearsigned manifest that holds the URL and the SHA512 that I attest is correct then, deedbotted?
mod6: So was thinking a clearsigned manifest could do the trick there.
mod6: I could create a clearsigned manifest that could reside on deedbot.org that could be also pulled down, verified and used.
mod6: clearsign+encrypt -> dpaste ?
copumpkin: I've been trying echo "STAT" | gpg -u <my key id> --clearsign | gpg --encrypt --armor -r 2FB7B452
mircea_popescu: a sort of clearsign for the web, if you will.
danielpbarron: btw his clearsigned thing got mangled by your site, davout ; easy fix to confirm is add two hyphens to each group of hyphens
mircea_popescu: You will be given a random passphrase to clearsign with your key <<< this is the wrong way to proceed. how about "we'll encrypt a random string to your key, which you must send back".
gribble: (register <nick> <keyid>) -- Register your GPG identity, associating GPG key <keyid> with <nick>. <keyid> is a 16 digit key id, with or without the '0x' prefix. We look on servers listed in 'plugins.GPG.keyservers' config. You will be given a random passphrase to clearsign with your key, and submit to the bot with the 'verify' command. Your passphrase will expire in 10 minutes.
asciilifeform mutters malignantly about the idiocy of clearsigning and 'plain text'

Random(trilema) | Download daily DB snapshot | Get Source Code