Just wanted to ask a few questions regarding the use of PGP and this forum. I did have a search about the forums, but couldn't find much, but just in case I missed something, I placed this thread in the Water Cooler (probably belongs here anyway :p). Anyway, to the questions. I was wondering if it is acceptable to post a reply in an open thread that is encrypted. For example in the other thread of mine about the electronic timer, could I post an encrypted reply to one of the participants, or is that generally considered a forum no-no. Also, what quallifies as a valid post in the PGP Messages For NBK. Obviously one wouldn't post an encrypted message to NBK asking him how the weather is over there. Finally, what is the process for distributing a new PGP public key. I do recall reading that NBK will only accept new keys if they are signed by the old key. Is this a forum wide method, or just up to the individuals concerned. Basically I am interested in all the little forum do's and dont's so I can survive for the longest possible time (:p) and hopefully bring more sound and valid information into this forum. Thanks.

[/quote]
Anyway, to the questions. I was wondering if it is acceptable to post a reply in an open thread that is encrypted. For example in the other thread of mine about the electronic timer, could I post an encrypted reply to one of the participants, or is that generally considered a forum no-no.
[/quote]

NO. That's what e-mail is for. Encrypting a reply is pointless anyways, since the Vbulletin board software rearranges the PGP message into a form that does not decrypt if you try to copy/paste it from the tread.

ONLY if you can view the text in the editing window is it possible to do so, and only the person who posted it (or staff) can do that, no one else. It used to be possible for someone other than the poster to open the editing window on someone elses posts (thought they couldn't change it) so it could have been done under UBB.

The other way would to as an attachment but, again, only staff can do that. :)


Also, what quallifies as a valid post in the PGP Messages For NBK. Obviously one wouldn't post an encrypted message to NBK asking him how the weather is over there.


Again, that's what e-mail is for. forumscan@yahoo.com The "PGP Messages for NBK" thread is not for just anyone to jump into, and don't bother asking why. If you have to ask, you don't need to know.


Finally, what is the process for distributing a new PGP public key.


You've got a sig line, don't you? And your PGP key is in it, correct? Question answered. :p IF you mean keyservers, reading the fuckin' manual that comes with PGP.


I do recall reading that NBK will only accept new keys if they are signed by the old key. Is this a forum wide method, or just up to the individuals concerned.


That's just me, but it's prudent paranoia.

Say someone got arrested by the JBTs. They find out that this person has been using PGP for all their messages with you, so they can't read them, and dude isn't giving up his passphrase. After using dictionary attacks against his passphrase, trying to brute-force it is deemed unlikely to succeed.

So...they simply create a new key, tell you they lost the old one, and could you please refresh their memory on your last discussion 'cause they can't read their old message any longer. ;)

Clever, eh? But, but requiring people to sign new keys with their old keys, this ensures that the new key isn't an imposters.

'Course, in order to sign a new key, they have to use the old key, in which case why do they need a new key? Various reasons I won't bother with.

You'll want to make several keys ahead of time and sign them with each other, to provide continuity, and use different passphrases for each one so that cracking one doesn't compromise the others.

In any case, you MUST backup your keyring (public and private) to various places, both physical and 'net, so you never lose them, otherwise you are up shit creek without a paddle. :eek:

Thanks NBK. I actually dont blame you for being so cautious about peoples public keys. As for PGP, I did RTFM :p