yarmo/yarmo.eu
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix blog post
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
Yarmo Mackenbach 2020-06-25 14:43:25 +02:00
parent 0602d51f16
commit 6e341b2484
1 changed files with 6 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
content/blog/2020/06/2020-06-17--opsv.md
View File

@ -33,8 +33,7 @@ Let's say I, Yarmo, would really like the world to know that I like pineapple. U
The signed statement: The signed statement:
```text <pre class="select-all"><code>-----BEGIN PGP SIGNED MESSAGE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256 Hash: SHA256
I like pineapple. I like pineapple.
@ -54,7 +53,7 @@ Ab4hF7kO4z0Vh3JaKzcHey0pOzdNCPpAHZ51sAoAnFDM4PdMBgQxxVweCMu4KYMZ
FN8sNn42oY/b7gDmwCelVhgD+rvUn/a8+B7CDmCp+wIquyrjrTt00voATcb+ZPMJ FN8sNn42oY/b7gDmwCelVhgD+rvUn/a8+B7CDmCp+wIquyrjrTt00voATcb+ZPMJ
pTXJ/NcM pTXJ/NcM
=rqTX =rqTX
``` -----END PGP SIGNATURE-----</code></pre>
Use this as "Signature" on [OPSV](https://opsv.foss.guru/). Use this as "Signature" on [OPSV](https://opsv.foss.guru/).
@ -82,8 +81,7 @@ Remove the contents from the "Public Key (3: HKP)" field. It again verifies BUT
The signature below does not contain a `userId`: The signature below does not contain a `userId`:
```text <pre class="select-all"><code>-----BEGIN PGP SIGNED MESSAGE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256 Hash: SHA256
I like pineapple. I like pineapple.
@ -102,7 +100,7 @@ VIGVVFnlWujNYYotmxys84OtE6ePfVRwHasIOLfknVq64RVo68Y1Pgw/KPXSb1k6
dpm3RnjsbCFgZqEpclrEh2SD1e8eCjrNcouWK3jIfOkaWB2xk1KvNmdyQQTs3dkP dpm3RnjsbCFgZqEpclrEh2SD1e8eCjrNcouWK3jIfOkaWB2xk1KvNmdyQQTs3dkP
/CpKcCJiNVvY9ogWxg9aUuQZUn4WvCvaEkmP4dfkk9s8yAKPQf8= /CpKcCJiNVvY9ogWxg9aUuQZUn4WvCvaEkmP4dfkk9s8yAKPQf8=
=QqCq =QqCq
``` -----END PGP SIGNATURE-----</code></pre>
Once again, the signature verifies. And again, it only verifies against the information contained within itself so **that doesn't prove anything about its authenticity**. Anyone can write this and the signature will return verified. Once again, the signature verifies. And again, it only verifies against the information contained within itself so **that doesn't prove anything about its authenticity**. Anyone can write this and the signature will return verified.
@ -116,8 +114,7 @@ One could not sign a statement with my private key: I, and only I, have access t
One could however simply take any of my signed messages and change the content. Like so: One could however simply take any of my signed messages and change the content. Like so:
```text <pre class="select-all"><code>-----BEGIN PGP SIGNED MESSAGE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256 Hash: SHA256
I like privacy invasion. I like privacy invasion.
@ -137,7 +134,7 @@ eSLMMJ5cTuM60c0GSIPOxzBBsMRwa0HmEQ3HKgpnpkVYxoA00/hq91kuNavqUqM+
OyOgbb21woPAG+S4OCHkOINEAooeCfhpSFtmpa87sUcfvDHUuX1ivL4rYoQO3cT2 OyOgbb21woPAG+S4OCHkOINEAooeCfhpSFtmpa87sUcfvDHUuX1ivL4rYoQO3cT2
gNfjdSiB gNfjdSiB
=tqZV =tqZV
``` -----END PGP SIGNATURE-----</code></pre>
Given the wording of the statement, you naturally doubt the origin of it being me. You run it through OPSV and indeed, this is not what I wrote! Given the wording of the statement, you naturally doubt the origin of it being me. You run it through OPSV and indeed, this is not what I wrote!