24 Feb 16 22:16, you wrote to Moderator:   
      
    PH> On 02/01/16, Moderator pondered and said...   
      
    Mo>>   1. The purpose of this echo is to provide a place to discuss   
    Mo>>      public-keys for data privacy within FidoNet and elsewhere. We   
    Mo>> also   
    Mo>>      consider electronic signature possibilities using public-keys and   
    Mo>>      discuss data and software encryption and the various schemes and   
    Mo>>      programs that produce them.   
      
    PH> Would like to restart that conversation. :)   
      
   have at it :)   
      
    Mo>>   5. No Private flagged messages in Echomail! Encrypted traffic using   
    Mo>>      public-keys is permitted for the exercise so long as it is   
    Mo>>      on-topic. Don't send person-specific encrypted traffic. Such   
    Mo>>      specific traffic belongs in direct Netmail. Encrypted traffic   
    Mo>>      should be in the form of ASCII-armored or personal key encrypted   
    Mo>>      messages that can be read by anyone with PGP 2.6+ and your   
    Mo>>      public-key. Include your public-key in a separate message before   
    Mo>>      sending such test messages in case the other end doesn't have it   
    Mo>>      or make them aware of how to get it from your system. If you just   
    Mo>>      want to post your public-key, use PKEY_DROP Echo.   
      
    PH> Walk me through this Mark, I'm just learning about public/private keys and   
    PH> getting my head around all of this.   
      
   i'll try but it has been ages and ages... back then i was doing it with TimED   
   and the original phil zimmerman PGP on my OS/2 box... i've not even thought to   
   try it on this linux box but i have played about to see if i could get my   
   ancient signed keys copied over and used with today's privacy stuff... i don't   
   recall the results but it was a real ugly battle...   
      
    PH> So I have installed a gpg4win bundle on my pc and have created a   
    PH> public key which I can post here and you (or others) can then use to   
    PH> encrypt a message to send to me - right?   
      
   yes... your signature should also end up on one of the public keyring servers   
   so that anyone can retrieve it... the trick is interfacing with FTN software   
   if you want to use it in this environment... the body of the message, without   
   control lines, has to be saved to a temp file, pgp or gpg run on it to wrap   
   and sign it and then the temp file gets imported to replace the original... on   
   my TimED/2 system, i have the following options and commands...   
      
   [C]lear Signed   
     x:\pgp\pgp -ast +clearsig=on x:\timed\timed.msg > nul   
     move x:\timed.timed.asc x:\timed\timed.msg > nul   
      
   Encrypt [T]o   
     input /C /E ID to encrypt to : %%encto   
     x:\pgp\pgp -e x:\timed\timed.msg %encto   
     move x:\timed\timed.asc x:\timed\timed.msg   
      
   Encrypt [F]rom   
     set encfr=0xMyKeyId   
     input /C /E ID to encrypt to : %%encto   
     input /C /E ID to encrypt from : %%encfr   
     x:\pgp\pgp -es x:\timed\timed.msg %encto -u %encfr > nul   
     move x:\timed.timed.asc x:\timed\timed.msg > nul   
      
   [P]ublic Key   
     copy x:\timed\timed.msg+x:\pgp\mykey.asc x:\timed\timed.msg   
      
      
   ok... all the above is done using TimED's external editor capability... i   
   defined the editor as a BAT file... then we take steps to save a backup copy   
   of the message we're fixing to work on and clean up a few other intermediate   
   files to ensure they won't get in the way... then we fire up our external   
   editor (qedit in my case) and write our reply or create our new message...   
   when we exit the external editor, then the BAT file offers us some options to   
   do PGP things to the message or add a signature of which one of several can be   
   selected from or we can abort the message completely... the PGP things we can   
   do are listed next...   
      
   "[C]lear Sign" signs the message file that it is fed... the resulting file has   
   a different extension that we must move to the original file that the   
   reader/editor is expecting...   
      
   "Encrypt [T]o" uses the 4DOS "input" command to get a string from the keyboard   
   and save it to an environment variable... the /C clears the buffer of stray   
   keystrokes... /E allows us to edit the buffer... the rest is the prompt... if   
   i were to encrypt a message to you, then i would type in your ID... the pgp   
   "-e" option encrypts a plaintext file with the recipient's public key... then   
   the text file is encrypted using your public key... the last step is to move   
   the file to the original name...   
      
   "Encrypt [F]rom" does the same as "Encrypt [T]o" except that it encrypts with   
   the recipient's public key as well as signing with my private key...   
      
   "[P]ublic key" just adds my ascii public key to the message so that others can   
   add it to their keyrings...   
      
      
   it should be noted that TimED does also provide direct access to these   
   functions via its execrypt, exesign, and execryptsign options... IIRC, those   
   were introduced later after the above method using the external editor and   
   kewl BAT file majik... i've just never switched over although i do have   
   something that i used to use in the exesign which was another BAT file   
   allowing me to select a mood and have that added to the message as another   
   control line ;)   
      
   eg: ^AMOOD: Fat and Sassy :)   
      
    PH> But if I were to post and encrypted message here it would be of no use   
    PH> to anyone unless I had encrypted it using someone elses public key (so   
    PH> they could unlock it) - right?   
      
   it works two ways...   
      
   1. if you post a message encrypted with your PRIVATE key, anyone with your   
   PUBLIC key can decrypt it... that proves it was you that encrypted it...   
   2. if you post a message encrypted with my PUBLIC key, only i will be able to   
   decrypt it...   
      
   then there's signing a message instead of encrypting it... signing wraps the   
   message and places a digital signature at the bottom... others use your public   
   key to verify that you really did sign the message *and* that it hasn't been   
   altered in transit... signing is very common and generally seen in message   
   posting areas... encrypted stuff may be used more in private transactions,   
   though... i'm not sure there is a metric for counting those...   
      
   you can also encrypt and sign a message as seen in the above "Encrypt [F]rom"   
   option...   
      
   we have to make sure that in FTNs, and other places like news groups and   
   mailing lists, that we are having the tool to emit ascii and not binary... it   
   is possible to encrypt a message and the result is binary which is sent but   
   trying to get binary into a message and get it back out without altering it is   
   tricky at best... much easier to use ascii which is already formatted and   
   wrapped to 70 characters and ready to post anywhere...   
      
   )\/(ark   
   PGP Fingerprint 0xB60C20C5   
      
   Always Mount a Scratch Monkey   
      
   ... Chemists don't die, they just stop reacting!   
   ---   
    * Origin:  (1:3634/12.73)