Vk3jed wrote to Bbsing.Bbs <=-

Perfect! It worked.

BBS systems can have secure message communication! :)

Cool, what was the total process?

Sorry Vk, I went dark for awhile due to projects I was working on, and you may have the process already.

Ah .. so if I can remember the total process...
Here is the general process.

make sure you have a pgp/gpg key, post your public key for the initial async encryption ... this is the type where you receive someone's posted public key and then add that to your keystore, then craft a message for that person's key.

Now if its just synchronous then... they've sent you a shared single key.

Here on the bbs or fido, .. other packet mails you can post the message using gpg output of ascii armor ... which is basically clear text. This text you'll also use to post your key but you can use binary formats. I like the armor text style because its really versatil.

So if we were trading messages and we did not have a single shared key we would use asynchronous encryption to trade the key, or via phone ... something like that.

1) get gnupgp
2) create a private key 4096 bit
a) smaller key sizes allow for easier signature line use, but may cost
in compromised communicates if cracked.
3) output your public key to a file in armor text
4) place your public key in a signature line
5) anyone can get your public key and send you a private message that only you can unlock.

openssl allows for armor text as well, but from the perspective of regular message communications like this one, only synchronous encryption (shared key).


--- MultiMail/Linux v0.49
* Origin: Electronic Warfare BBS | bbs.ewbbs.net | CBNET HQ (21:1/138)

On 07-31-19 21:24, Bbsing.Bbs wrote to Vk3jed <=-

Vk3jed wrote to Bbsing.Bbs <=-

Perfect! It worked.

BBS systems can have secure message communication! :)

Cool, what was the total process?

Sorry Vk, I went dark for awhile due to projects I was working on, and
you may have the process already.

Ah .. so if I can remember the total process...
Here is the general process.

I know it for one on one, but for group communications, what happens?



... Is this now?
=== MultiMail/Win v0.51
--- SBBSecho 3.03-Linux
* Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (21:1/109)

On 01 Aug 2019 at 06:21p, Vk3jed pondered and said...

I know it for one on one, but for group communications, what happens?

Good question... perhaps we can work on something ? :)

--- Mystic BBS v1.12 A43 2019/03/03 (Windows/32)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)

On 08-01-19 21:59, Avon wrote to Vk3jed <=-

On 01 Aug 2019 at 06:21p, Vk3jed pondered and said...

I know it for one on one, but for group communications, what happens?

Good question... perhaps we can work on something ? :)

Yeah. :)


... I don't hallucinate anymore, the Thing driving the UFO cured me...
=== MultiMail/Win v0.51
--- SBBSecho 3.03-Linux
* Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (21:1/109)

Vk3jed wrote to Bbsing.Bbs <=-

On 07-31-19 21:24, Bbsing.Bbs wrote to Vk3jed <=-

Vk3jed wrote to Bbsing.Bbs <=-

Perfect! It worked.

BBS systems can have secure message communication! :)

I know it for one on one, but for group communications, what happens?

As many public keys you have, .. maybe you scraped/captures them from bbses or other places, any public key contained in the encrypted message, will allow all those with matching private keys to view/decrypt the message.

Say you have created a message addressed to 3 people. During the process of assigning who should received the message [recipients], .. and you can add lots of them.
When you post the ascii armor message on the BBS or wherever they have to actually download the message to the location where the private key exists.

This means offline mail reader or something like that.
The problem with private keys is they can't get into the possession of anyone but the owner, otherwise there is no non-repudiation! That is really important, and it has been mentioned in another post at some point about Proton mail and ... I think it was keybase.

The short is .. on a bbs, like old school types, I don't know how it would work for that. I think there are ways, like software to create an encrypted tunnel into a stateless container that is only active for the time when the user is decrypting and reading the message.

Lets say you upload your private key in the tunnel, (which I do all the time .. ssh tunnels) import it to the keyring and have the message imported to the container, the user decrypts, reads, then exits, and the container vanishes. Same would work for composition, and the output is the message to the bbs.

The big flaw is trust, .. and if you've used containers, or cloud based systems, you know the owners of those systems ultimately have control of them, but.. that doesn't mean you can't create an encrypted container somehow or within an encrypted file system that the user supplies the key for like an ssl key.


--- MultiMail/Linux v0.49
* Origin: Electronic Warfare BBS | bbs.ewbbs.net | CBNET HQ (21:1/138)

On 08-01-19 21:34, Bbsing.Bbs wrote to Vk3jed <=-

As many public keys you have, .. maybe you scraped/captures them from bbses or other places, any public key contained in the encrypted
message, will allow all those with matching private keys to
view/decrypt the message.

Hmm, OK. :) So multiplie ciphertexts, each a copy of the same plaintext

This means offline mail reader or something like that.
The problem with private keys is they can't get into the possession of anyone but the owner, otherwise there is no non-repudiation! That is really important, and it has been mentioned in another post at some
point about Proton mail and ... I think it was keybase.

Offline mail does work well for PGP/GPG. I used to have a PGP add-on for Bluewave back in the day. A similar add-on could work for GPG and Multimail. It hooked the editor, the offline reader would call the encryption system, and if you wanted to write a message, the system would then pass control to the actual editor.

The short is .. on a bbs, like old school types, I don't know how it would work for that. I think there are ways, like software to create an encrypted tunnel into a stateless container that is only active for the time when the user is decrypting and reading the message.

Yeah, good question. :)


... I DID IT! I invented the unadoptable tagline! Try it. Won't work.
=== MultiMail/Win v0.51
--- SBBSecho 3.03-Linux
* Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (21:1/109)

Vk3jed wrote to Bbsing.Bbs <=-

Hmm, OK. :) So multiplie ciphertexts, each a copy of the same
plaintext

No.., one cyber text, but within the encoded message exists multiple public keys.
I haven't tried to actually identify a public key in a cyber text message outside of the gnugp functions. .. you can imagine though, the more public keys aka recipients, the larger the cyber text message can get.

Offline mail does work well for PGP/GPG. I used to have a PGP add-on
for Bluewave back in the day. A similar add-on could work for GPG and Multimail. It hooked the editor, the offline reader would call the encryption system, and if you wanted to write a message, the system
would then pass control to the actual editor.

I have not tried bluewave yet.

VK, you doing anything with encryption these days?

--- MultiMail/Linux v0.49
* Origin: Electronic Warfare BBS | bbs.ewbbs.net | CBNET HQ (21:1/138)

On 02 Aug 2019 at 11:48p, Bbsing.Bbs pondered and said...

VK, you doing anything with encryption these days?

I'm looking to do some more in this space in the coming months... have a few ideas we might be able to test out. When I do, can I pick your brains about them? :)

Best, Paul

--- Mystic BBS v1.12 A43 2019/03/03 (Windows/32)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)

On 08-02-19 23:48, Bbsing.Bbs wrote to Vk3jed <=-

Vk3jed wrote to Bbsing.Bbs <=-

Hmm, OK. :) So multiplie ciphertexts, each a copy of the same
plaintext

No.., one cyber text, but within the encoded message exists multiple public keys.
I haven't tried to actually identify a public key in a cyber text
message outside of the gnugp functions. .. you can imagine though, the more public keys aka recipients, the larger the cyber text message can get.

But given that encryption is normally done by a combination of public and private keys in pairs, how does that work?

Offline mail does work well for PGP/GPG. I used to have a PGP add-on
for Bluewave back in the day. A similar add-on could work for GPG and Multimail. It hooked the editor, the offline reader would call the encryption system, and if you wanted to write a message, the system
would then pass control to the actual editor.

I have not tried bluewave yet.

I should have a working PGP/Bluewave setup in my old backups somewhere. Have to see if it can be tweaked to use GPG.

VK, you doing anything with encryption these days?

No, though I have the capability using Enigmail on Thunderbird, and a personal gated feed for this echo.


... Stick: A boomerang that doesn't work.
=== MultiMail/Win v0.51
--- SBBSecho 3.03-Linux
* Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (21:1/109)

On 08 Aug 2019, Avon said the following...

I'm looking to do some more in this space in the coming months... have a few ideas we might be able to test out. When I do, can I pick your
brains about them? :)

What would you think about a "Puzzle of the Week" sort of thing, in which a short, random plaintext is encrypted each week, using variable encryption techniques, for folks to try to crack? No RSA-level stuff (which I'm
guessing is the intended subject for this area), but start out with
simple substitution cryptograms and progress from there. Thoughts?

Jeff.

--- Mystic BBS v1.12 A43 2019/03/03 (Raspberry Pi/32)
* Origin: Perceptronica (21:1/180)

On 07 Aug 2019 at 11:18p, jeff pondered and said...

What would you think about a "Puzzle of the Week" sort of thing, in
which a short, random plaintext is encrypted each week, using variable encryption techniques, for folks to try to crack? No RSA-level stuff (which I'm guessing is the intended subject for this area), but start
out with simple substitution cryptograms and progress from there. Thoughts?

I like the idea and I'm really open to anything.

:)

--- Mystic BBS v1.12 A43 2019/03/03 (Windows/32)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)

Avon wrote to Bbsing.Bbs <=-

On 02 Aug 2019 at 11:48p, Bbsing.Bbs pondered and said...

VK, you doing anything with encryption these days?

I'm looking to do some more in this space in the coming months... have
a few ideas we might be able to test out. When I do, can I pick your brains about them? :)

Best, Paul

Of course.

ttyl8r

BBSING

--- MultiMail/Linux v0.49
* Origin: Electronic Warfare BBS | bbs.ewbbs.net | CBNET HQ (21:1/138)

Vk3jed wrote to Bbsing.Bbs <=-

On 08-02-19 23:48, Bbsing.Bbs wrote to Vk3jed <=-

Vk3jed wrote to Bbsing.Bbs <=-

Hmm, OK. :) So multiplie ciphertexts, each a copy of the same
plaintext

No.., one cyber text, but within the encoded message exists multiple public keys.
I haven't tried to actually identify a public key in a cyber text
message outside of the gnugp functions. .. you can imagine though, the more public keys aka recipients, the larger the cyber text message can get.

But given that encryption is normally done by a combination of public
and private keys in pairs, how does that work?

What I haven't done is look at a few file attributes where adding more public keys increases the size of the ascii armor file.

If it does increase, then you could possibly assume mathematically that the difference between the same message with 1 recipient vs 2 recipient where recipient 1 is in both messages, the difference would be recipient 2 and you would be able to obtain their public key.

How to find out? .. well it may be possible via gnupg.
If you are in the recipient list, .. maybe remove all your secret keys from your key ring, and attempt to decrypt using gnupg and see what keys its asking for. Once you find out, then you can re-import your key and attempt to pull the other recipients public key out.

A major problem exits due to salting. Where salting makes each encrypted message unique so how to overcome that where you have the original message, your public key, and some other unknown key inside the message, the deduction starts with (the message + your public key) - (unknown recipient public key. salt .. now you have this other unknown.

I will have to spin up a vm and attempt these test. I've never tried it. I'm sure someone has already thought of this and tested it, but I've never research it before.

In cases of cracking .. its best to just obtain the users key ring, and attempt brute force on each secret key.

Offline mail does work well for PGP/GPG. I used to have a PGP add-on
for Bluewave back in the day. A similar add-on could work for GPG and Multimail. It hooked the editor, the offline reader would call the encryption system, and if you wanted to write a message, the system
would then pass control to the actual editor.

I will have to attempt to enable pgp for multimail.

... BBSING
--- MultiMail/Linux v0.49
* Origin: Electronic Warfare BBS | bbs.ewbbs.net | CBNET HQ (21:1/138)

On 08-08-19 10:51, Bbsing.Bbs wrote to Vk3jed <=-

I will have to spin up a vm and attempt these test. I've never tried
it. I'm sure someone has already thought of this and tested it, but
I've never research it before.

I'm not up with encryption to this level. :) But curious what you find.

In cases of cracking .. its best to just obtain the users key ring, and attempt brute force on each secret key.

Yes, but we were discussing sending a message to multiple recipients.

Offline mail does work well for PGP/GPG. I used to have a PGP add-on
for Bluewave back in the day. A similar add-on could work for GPG and Multimail. It hooked the editor, the offline reader would call the encryption system, and if you wanted to write a message, the system
would then pass control to the actual editor.

I will have to attempt to enable pgp for multimail.

I haven't seen an interface for GPG available for Multimail yet.


... Don't argue with he who buys ink by the gallon.
=== MultiMail/Win v0.51
--- SBBSecho 3.03-Linux
* Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (21:1/109)

... Don't argue with he who buys ink by the gallon. === MultiMail/Win

He might be a tatooist.


*** THE READER V4.50 [freeware]

---
* Origin: Ooooh look a "Default origin line" kill it quick (21:3/105)

... Don't argue with he who buys ink by the gallon. === MultiMail/Win

He might be a tatooist.

On Tatooine.


--- NiKom v2.5.0
* Origin: Delta City (deltacity.se, Vallentuna, Sweden) (21:2/130.0)

Re: Re: Decoding this...
By: Joacim Melin to Spectre on Tue Aug 13 2019 07:23 pm

He might be a tatooist.

On Tatooine.

Isn't that where all the best tattoo artists go to study their craft?

Nightfox

On 08-13-19 23:22, Spectre wrote to Vk3jed <=-

... Don't argue with he who buys ink by the gallon. === MultiMail/Win

He might be a tatooist.

Haha good point. :)


... What if I told you you can't hurt the newcomers?
=== MultiMail/Win v0.51
--- SBBSecho 3.03-Linux
* Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (21:1/109)

Vk3jed wrote to Bbsing.Bbs <=-

On 08-08-19 10:51, Bbsing.Bbs wrote to Vk3jed <=-

I will have to attempt to enable pgp for multimail.

I haven't seen an interface for GPG available for Multimail yet.

Me either, and this is what makes things a little more difficult to use all the time. In fact its that level of difficulty and the fact that the huge mail providers don't want to make encryption easy for their users, that prevent everyone from adopting it now.

--- MultiMail/Linux v0.49
* Origin: Electronic Warfare BBS | bbs.ewbbs.net | CBNET HQ (21:1/138)

Re: Re: Decoding this...
By: Joacim Melin to Spectre on Tue Aug 13 2019 07:23 pm

He might be a tatooist.

On Tatooine.

Isn't that where all the best tattoo artists go to study their craft?

Nightfox

So I hear.


--- NiKom v2.5.0
* Origin: Delta City (deltacity.se, Vallentuna, Sweden) (21:2/130.0)

On 08-13-19 16:38, Bbsing.Bbs wrote to Vk3jed <=-

Vk3jed wrote to Bbsing.Bbs <=-

On 08-08-19 10:51, Bbsing.Bbs wrote to Vk3jed <=-

I will have to attempt to enable pgp for multimail.

I haven't seen an interface for GPG available for Multimail yet.

Me either, and this is what makes things a little more difficult to use all the time. In fact its that level of difficulty and the fact that
the huge mail providers don't want to make encryption easy for their users, that prevent everyone from adopting it now.

It just needs to be a wrapper for the editor function to make all the GPG functions available. Or alternatively, work with the Multimail developer to have GPG support integrated in, in a similar manner to the Enigmail plugin for Tnunderbird.


... All wiyht. Rho sritched mg kegtops awound?
=== MultiMail/Win v0.51
--- SBBSecho 3.03-Linux
* Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (21:1/109)

Vk3jed wrote to Bbsing.Bbs <=-

I haven't seen an interface for GPG available for Multimail yet.

Me either, and this is what makes things a little more difficult to use all the time. In fact its that level of difficulty and the fact that
the huge mail providers don't want to make encryption easy for their users, that prevent everyone from adopting it now.

It just needs to be a wrapper for the editor function to make all the
GPG functions available. Or alternatively, work with the Multimail developer to have GPG support integrated in, in a similar manner to the Enigmail plugin for Tnunderbird.

I've never even spoke/emailed/messaged with a developer before.

There is a first for everything.

BBSING

--- MultiMail/Linux v0.49
* Origin: Electronic Warfare BBS | bbs.ewbbs.net | CBNET HQ (21:1/138)

On 08-15-19 16:48, Bbsing.Bbs wrote to Vk3jed <=-

I've never even spoke/emailed/messaged with a developer before.

I have, it can be very productive if you're both on the same wavelength.


... To be, or not to be, those are the parameters.
=== MultiMail/Win v0.51
--- SBBSecho 3.03-Linux
* Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (21:1/109)

Re: Re: Decoding this...
By: Avon to Bbsing.Bbs on Thu Aug 08 2019 12:52 pm

On 02 Aug 2019 at 11:48p, Bbsing.Bbs pondered and said...

VK, you doing anything with encryption these days?

I'm looking to do some more in this space in the coming months... have a few ideas we might be able to test out. When I do, can
pick your brains about them? :)

Best, Paul

Of course, but my problem is I don't get on BBSs consistently.
Have you done any more work on encryption?
--- SBBSecho 3.15-Linux
* Origin: Electronic Warfare BBS | bbs.ewbbs.net | CBNET HQ (21:1/138)

I love encryption it's actually all I do I wrote a custom key that seems to keep the other guys out of my stuff. Apparently a simple cipher like aes-ecb w my key is good enough. It uses a custom algorithm to encrypt.

--- ENiGMA 1/2 v0.0.14-beta (linux; x64; 16.16.0)
* Origin: Xibalba -+- xibalba.l33t.codes:44510 (21:1/121)