Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  nodelist  faq  login

Like punning, programming is a play on words.


computers / news.admin.hierarchies / Experiment with a new control key for fr.*

SubjectAuthor
* Experiment with a new control key for fr.*Julien_ÉLIE
`- Re: Experiment with a new control key for fr.*Julien_ÉLIE

1
Subject: Experiment with a new control key for fr.*
From: Julien_ÉLIE
Newsgroups: news.software.nntp, news.admin.hierarchies
Organization: TrigoFACILE -- http://www.trigofacile.com/
Date: Mon, 16 Nov 2020 22:29 UTC
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!news.trigofacile.com!.POSTED.2a01cb0800a77500f13147d364e12c5b.ipv6.abo.wanadoo.fr!not-for-mail
From: iul...@nom-de-mon-site.com.invalid (Julien_ÉLIE)
Newsgroups: news.software.nntp,news.admin.hierarchies
Subject: Experiment with a new control key for fr.*
Date: Mon, 16 Nov 2020 23:29:10 +0100
Organization: TrigoFACILE -- http://www.trigofacile.com/
Message-ID: <rouufm$j0v$1@news.trigofacile.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Mon, 16 Nov 2020 22:29:10 -0000 (UTC)
Injection-Info: news.trigofacile.com; posting-account="julien"; posting-host="2a01cb0800a77500f13147d364e12c5b.ipv6.abo.wanadoo.fr:2a01:cb08:a7:7500:f131:47d3:64e1:2c5b";
logging-data="19487"; mail-complaints-to="abuse@trigofacile.com"
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.0; rv:68.0)
Gecko/20100101 Thunderbird/68.12.1
X-Mozilla-News-Host: snews://news.individual.net:563
Content-Language: fr
View all headers
Hi all,

Though RSA may finally appear to be a better choice, I've sent earlier today a checkgroups for the fr.* hierarchy, signed with an ed25519 key.

It will be the opportunity to report any compatibility failure.
If some news administrators here are willing to test this key, please do not hesitate.



Here are a few technical details that may be of help.
Feel free to add anything you find it useful.  It will be of great help when time will come to widely update keys (be they RSA or not).



First of all, as far as ed25519 is concerned, you have to make sure that the EDDSA algorithm is supported:

% gpg --version
gpg (GnuPG) 2.1.18
Algorithmes pris en charge :
Clef publique : RSA, ELG, DSA, ECDH, ECDSA, EDDSA


Here is the current experimental public key for fr.* :

% cat public-key.asc
-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: Encryption is Good

mDMEX7JvHxYJKwYBBAHaRw8BAQdAABRUycUFu5rj/URcud5wAHctHhbk6cSCjsGN
QGQ636W0HWNvbnRyb2xAdXNlbmV0LWZyLm5ld3MuZXUub3JniJAEExYIADgWIQRH
A7TffK8++jIAfulP6rXDDGdOzQUCX7JvHwIbAwULCQgHAgYVCAkKCwIEFgIDAQIe
AQIXgAAKCRBP6rXDDGdOzcE+AQCzlteHTNILiEje9aNDheQvo6/nFMJqvmgoDyta
4u1UbwEArYV9801cJIa2kQhGqQ03t8UF9uIUEeRQ7QjbgAjpLA64OARfsm8fEgor
BgEEAZdVAQUBAQdA247uUUq+WYCNGHEWFdPmQ4mxNMEaAVmqpB9bbWmT9CcDAQgH
iHgEGBYIACAWIQRHA7TffK8++jIAfulP6rXDDGdOzQUCX7JvHwIbDAAKCRBP6rXD
DGdOzX8WAQC8VlSP/TLXgghBQBSFbiZzyfjQ894YNtOswtsRHHyK2AEA1gVzCAL0
3WMwKHTsbSVRO4lxcPjM2bkmk7zxOvoyrgs=
=cQK1
-----END PGP PUBLIC KEY BLOCK-----


To import it:

% gpg --import public-key.asc


To verify that it has correctly been imported:

% gpg --list-keys

pub   ed25519 2020-11-16 [SC]
       4703B4DF7CAF3EFA32007EE94FEAB5C30C674ECD
uid          [  ultime ] control@usenet-fr.news.eu.org
sub   cv25519 2020-11-16 [E]


If you want to start again, or remove an existing key (like the previous key of the hierarchy):

% gpg --delete-keys fingerprint-of-the-key



As for INN, the control.ctl file is unchanged (the UID of the previous key is re-used).
To switch from GnuPG 1.x to GnuPG 2.x, only two lines should be modified in <pathlib>/perl/INN/Config.pm :
   our $gpgv = '/usr/bin/gpgv2';
   our $gpg = '/usr/bin/gpg2';



To manually test the signing tooling used by INN:

% grephistory '<checkgroups-1605529670@news.trigofacile.com>' | sm > message

% pgpverify -test < message
[GNUPG:] NEWSIG control@usenet-fr.news.eu.org
gpg: Signature faite le lun. 16 nov. 2020 13:27:54 CET
gpg:                avec la clef EDDSA 4703B4DF7CAF3EFA32007EE94FEAB5C30C674ECD
gpg:                issuer "control@usenet-fr.news.eu.org"
[GNUPG:] KEY_CONSIDERED 4703B4DF7CAF3EFA32007EE94FEAB5C30C674ECD 0
[GNUPG:] SIG_ID kXd70ZClqWv6V8Rv2HHUnasBCrc 2020-11-16 1605529674
[GNUPG:] KEY_CONSIDERED 4703B4DF7CAF3EFA32007EE94FEAB5C30C674ECD 0
[GNUPG:] GOODSIG 4FEAB5C30C674ECD control@usenet-fr.news.eu.org
gpg: Bonne signature de << control@usenet-fr.news.eu.org >> [ultime]
[GNUPG:] VALIDSIG 4703B4DF7CAF3EFA32007EE94FEAB5C30C674ECD 2020-11-16 1605529674 0 4 0 22 8 00 4703B4DF7CAF3EFA32007EE94FEAB5C30C674ECD
[GNUPG:] TRUST_ULTIMATE 0 pgp
control@usenet-fr.news.eu.org


The checkgroups of Message-ID <checkgroups-1605529670@news.trigofacile.com> should correctly be recognized as having be signed with the new key.

Confirmed by controlchan:
Nov 16 13:39:51 news controlchan[10090]: checkgroups by control@usenet-fr.news.eu.org processed (no change)


That's it!

--
Julien ÉLIE

« Qu'est-ce que je vous sers pour arroser le sanglier bouilli ? De l'eau
   chaude, de la cervoise tiède ou du vin rouge glacé ? » (Astérix)


Subject: Re: Experiment with a new control key for fr.*
From: Julien_ÉLIE
Newsgroups: news.software.nntp, news.admin.hierarchies
Organization: TrigoFACILE -- http://www.trigofacile.com/
Date: Fri, 20 Nov 2020 21:37 UTC
References: 1
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!news.trigofacile.com!.POSTED.2a01cb0800a77500f1a549ff8b7b4a6a.ipv6.abo.wanadoo.fr!not-for-mail
From: iul...@nom-de-mon-site.com.invalid (Julien_ÉLIE)
Newsgroups: news.software.nntp,news.admin.hierarchies
Subject: Re: Experiment with a new control key for fr.*
Date: Fri, 20 Nov 2020 22:37:32 +0100
Organization: TrigoFACILE -- http://www.trigofacile.com/
Message-ID: <rp9cv1$mtp$1@news.trigofacile.com>
References: <rouufm$j0v$1@news.trigofacile.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Fri, 20 Nov 2020 21:37:37 -0000 (UTC)
Injection-Info: news.trigofacile.com; posting-account="julien"; posting-host="2a01cb0800a77500f1a549ff8b7b4a6a.ipv6.abo.wanadoo.fr:2a01:cb08:a7:7500:f1a5:49ff:8b7b:4a6a";
logging-data="23481"; mail-complaints-to="abuse@trigofacile.com"
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.0; rv:68.0)
Gecko/20100101 Thunderbird/68.12.1
In-Reply-To: <rouufm$j0v$1@news.trigofacile.com>
Content-Language: fr
View all headers
Hi all,

Since RSA keys seem to have better interoperability and compatibility with deployed software, I've generated such an RSA key for the fr.* hierarchy.

For those wanted to test, the checkgroups <checkgroups-1605907253@news.trigofacile.com> I have just sent is signed with it:


-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.1.18
Comment: fr.* hierarchy

mQINBF+4LkcBEADLTAOPM6z/nj1zFox1KZEY44GTSwUaB5gBflJMTjC2izhh1Q6N
bsfya4REfRijENkqOFGV/QkWQ8Va/ru+74yOKvLDdiD0RqGjvazlgvOGRLaTcxbG
w6e4cAddbZ2O65XsqfNB+K11WQdgL42OAY6aGTrbj17rLANHFSiGd+gVhL3U3DNE
WBOnwGCVgpaAX52ZFLF1qUc3LVe36sW/zer/eftp57tI9dCUpXOBjJnmsrShMGul
6cEcdJ0cy4n/rGg0nGwfri8xszk/od8hPatTW4rdEDkSQBMbZJra7PHp8z/k/v7u
qAw9mHnB3mwGh2Ed9jf0jnubr/9gSM4m/izF6G57EJN+5bfkrK2zzbURJMggrTkx
DUKdge5wDN8u//KgsEltOGupqWrVbAI3pyJ/gyvq4inL7v6HvZP07suO8zbhHUt2
K8xgl7JoJL0bZBekaL47Fm8ZZmfvAWvvM/bqPCFSc/FwHi8oY5mMwPtxhad/yuLm
OfaAVqzthjhKLkkl+PZ77rpqHYWpK26ChWJ5MGmAm2MG5cetY6HK81CZK5wX9Ck7
rVIo2mL+wDIIFLlsrYl9v3x1yMOUVevac3owz3LGh4iFH3NBHCl5ncIonsc32A98
O+JlYbYoprKdZoMKnbtrSnPOe6XS85z+Rze0H6CaKXETuM3jGcYjSXCAnQARAQAB
tB1jb250cm9sQHVzZW5ldC1mci5uZXdzLmV1Lm9yZ4kCTgQTAQgAOBYhBNXzabKX
VzYiAVNU5/pCPomXDrELBQJfuC5HAhsDBQsJCAcCBhUICQoLAgQWAgMBAh4BAheA
AAoJEPpCPomXDrELdvsP/1GuHHDFJVejB4+O7+kWGIHn+UcE3JpiHcm59+X4I+al
a67l731/No1S5MzlOtKEBLOyDu7zoHsn/mQPyUKQ1yDams11PREkhmnoyI8u0JnW
JsmqD17N9IH5z88GeF/4KJw8fDG34qksE0yUs8T2mwvGuzb1I3gNfcTuy1hTpVKa
5pcccHvOn+kvHhQDfWF19b6XgWE+Mjs7QTpePI+LX9S921R9pdLS08hr/WUjOCIl
n4Y2gFl+Hwi2qCgbZL1RQCYH5kTO8mCjMRP88/JYAdSBiqmcEyPmRUDu/dGSQZXs
HitbSMYk5fsGNPbyJHG1x24OlH0X+7FQdt2szAZsh+tNKzf3R6PAdaAjHYyVJKYs
y4jVLTgfhTrpgcMr2Az1XRag3fu4itJCPR0qlqfrvOoK2sYLpbswxpJ5nkqInCvm
8PkytDMSlwP62sENy0yeHfPlI5amMWmcU1mbTBPZMiKIpiXgZSTh919cj0tlZYEJ
BmlA7SVT/IvMBr7xyhmRknHTo5QRpwGKi0wXEULCszDvfx6fzbdf9FRLIqGf2LzD
whRdPsA6tDrOJfYA4GN4QaaXBBrDeFH0fdDXmuJ7pvsLeKv1aaOijKhAAtgRheBA
6CY2zNAFjbHRTQzZyw9UC6CaqAXjpfUMKPAqNhMbffIHFSDVQ0pftAQ36zMRJq+R
uQINBF+4LkcBEADI5ZvUIMlhB9NmFkzQ0PJzpBlv1CEh2YSXReveU4KzcnN5LAc/
eS3Mup5daTG7IgT+SFLmfxMB02NF5Q6H0VLL9p8M5TAWKoHp3W+efr1f+ZZ8Bcqc
s71jeSQb/Yqyy8ll85zXF9N5Ds7NRmuaZcd3CQ2kjPT/w/ew+Rz1fg2p4fe2lPLY
bljgK73DmgPzGwMe9dy+WNGhlXoA3KZGQrPnUzyDUiY12DFgYMS8zXaCNwlnUya1
fTyh057MjAQMgmm3vH6eFc28/cvrvH2UscnOByJfgnPLUUtO5wBF5bB/UzsA2QRE
+5gXOFxiYqZi5toJCHxDMQVagOPEMGYFV6GCrjiUVhplxOaKCENpabF9txW6VDqq
a0i50Fkgye0+f0/jG3vQG26VYNB9V4CBYd6CPFqdicxojqcu7FbaOVTXYQj6xfhA
ZphWDXem9kMesSCgdvD8lAPEqvwJAFlKMwi9GxU3JULQJCUU7TaroVZdCTjUAuOH
7WJoEeQy8bodyQ6TQ0ZfAK1Ewr6MolRRhvWRw9bQkuq/mURZXMSYjMM6cYHn93a5
cpKof0CFoBf2WVJg8QcFxBox93nUdDuSA6WAdzctU9iqBeXJQj9PCJgc92qp+1OI
fIBeUQX0MAu5ZYgiKPjHJT6teO66hzzXKRG+AI3HJ5WrFEr5QZTIrLGbbwARAQAB
iQI2BBgBCAAgFiEE1fNpspdXNiIBU1Tn+kI+iZcOsQsFAl+4LkcCGwwACgkQ+kI+
iZcOsQt/vg/9HcdK87TkTRIdBHtUNcWw+V9ERt4TIut5ddl09ym4WyqBNZBBRNTL
GrPs6oaQXW95T/sOIrYPExQAFiGzw0jMlOGb58sPfvTgS3OyELi4rELi4l3y4eQM
H1+q2zFxKYs2b0jwl4OkuCEyKs4DMBDEiAcjgp6//GIHuIwqsf030DakB+bCtTut
tHI3zlYz8rHqfreW9bntN7jyIIxAmT70lMpg5ANPf8Wx/2H3G1bmsu2qBHdo8vkO
UeL3w6P3L5HPulO0dNfW359sDAjkfeL8a6USrcMHa1v+rk00K+0h2hOUb2LbR+1J
X/DkySeLjAvAaIjOK8QsTTCbjylA3NVAmG1/wgDsOCMfJPX21kVsAi4Qy/XSdGhx
hUsaifyBcuEb6b8Q2b69e59MpVWHUlskjnVGkFv14MwLtytEo6rZWuehmx5mwufJ
j3PCZ/wWreKLNGC3wvBt+Csmar9qQoUkLy3f0jxA9hRzvA6Kb5nb87XPQ+QADwi0
yEMgYmUXwc72JwA/qFKD+HmkrUT8PXSPH3uB/7jpN4qhOKZAzR/OidqkDZhnB+BP
MQl0h9BR9pXoSFZSUyn7ICTEqTtXgDKbEXNFBkQWdZU2Qy77RoM23qXDMDVwVuAH
syOTWaDCywSEKBiB/T0tL8sPlMx1BrUfkW5WSekXHP7ZMA4jQZKVooM=
=vYcy
-----END PGP PUBLIC KEY BLOCK-----





% gpg --list-keys
pub   rsa4096 2020-11-20 [SC]
       D5F369B297573622015354E7FA423E89970EB10B
uid          [ inconnue] control@usenet-fr.news.eu.org
sub   rsa4096 2020-11-20 [E]


I hope this one will be the right one this time!

--
Julien ÉLIE

« Je n'aime pas faire du char-stop ! » (Astérix)


1
rocksolid light 0.7.2
clearneti2ptor