diff --git a/content/blog/2020/06/2020-06-17--opsv.md b/content/blog/2020/06/2020-06-17--opsv.md index c1f9e0c..c3e6585 100644 --- a/content/blog/2020/06/2020-06-17--opsv.md +++ b/content/blog/2020/06/2020-06-17--opsv.md @@ -33,7 +33,8 @@ Let's say I, Yarmo, would really like the world to know that I like pineapple. U The signed statement: -
-----BEGIN PGP SIGNED MESSAGE-----
+```
+-----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA256
 
 I like pineapple.
@@ -53,7 +54,8 @@ Ab4hF7kO4z0Vh3JaKzcHey0pOzdNCPpAHZ51sAoAnFDM4PdMBgQxxVweCMu4KYMZ
 FN8sNn42oY/b7gDmwCelVhgD+rvUn/a8+B7CDmCp+wIquyrjrTt00voATcb+ZPMJ
 pTXJ/NcM
 =rqTX
------END PGP SIGNATURE-----
+-----END PGP SIGNATURE----- +``` Use this as "Signature" on [OPSV](https://opsv.foss.guru/). @@ -81,7 +83,8 @@ Remove the contents from the "Public Key (3: HKP)" field. It again verifies BUT The signature below does not contain a `userId`: -
-----BEGIN PGP SIGNED MESSAGE-----
+```
+-----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA256
 
 I like pineapple.
@@ -100,7 +103,8 @@ VIGVVFnlWujNYYotmxys84OtE6ePfVRwHasIOLfknVq64RVo68Y1Pgw/KPXSb1k6
 dpm3RnjsbCFgZqEpclrEh2SD1e8eCjrNcouWK3jIfOkaWB2xk1KvNmdyQQTs3dkP
 /CpKcCJiNVvY9ogWxg9aUuQZUn4WvCvaEkmP4dfkk9s8yAKPQf8=
 =QqCq
------END PGP SIGNATURE-----
+-----END PGP SIGNATURE----- +``` Once again, the signature verifies. And again, it only verifies against the information contained within itself so **that doesn't prove anything about its authenticity**. Anyone can write this and the signature will return verified. @@ -114,7 +118,8 @@ One could not sign a statement with my private key: I, and only I, have access t One could however simply take any of my signed messages and change the content. Like so: -
-----BEGIN PGP SIGNED MESSAGE-----
+```
+-----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA256
 
 I like privacy invasion.
@@ -134,7 +139,8 @@ eSLMMJ5cTuM60c0GSIPOxzBBsMRwa0HmEQ3HKgpnpkVYxoA00/hq91kuNavqUqM+
 OyOgbb21woPAG+S4OCHkOINEAooeCfhpSFtmpa87sUcfvDHUuX1ivL4rYoQO3cT2
 gNfjdSiB
 =tqZV
------END PGP SIGNATURE-----
+-----END PGP SIGNATURE----- +``` Given the wording of the statement, you naturally doubt the origin of it being me. You run it through OPSV and indeed, this is not what I wrote!