1. Forum
  2. Usenet
  3. NEWS.ADMIN.HIERARCHIES

  • Experiment with a new control key for fr.*

    From =?UTF-8?Q?Julien_=c3=89LIE?=@21:1/5 to All on Mon Nov 16 23:29:10 2020
    XPost: news.software.nntp

    Hi all,

    Though RSA may finally appear to be a better choice, I've sent earlier
    today a checkgroups for the fr.* hierarchy, signed with an ed25519 key.

    It will be the opportunity to report any compatibility failure.
    If some news administrators here are willing to test this key, please do
    not hesitate.



    Here are a few technical details that may be of help.
    Feel free to add anything you find it useful. It will be of great help
    when time will come to widely update keys (be they RSA or not).



    First of all, as far as ed25519 is concerned, you have to make sure that
    the EDDSA algorithm is supported:

    % gpg --version
    gpg (GnuPG) 2.1.18
    Algorithmes pris en charge :
    Clef publique : RSA, ELG, DSA, ECDH, ECDSA, EDDSA


    Here is the current experimental public key for fr.* :

    % cat public-key.asc
    -----BEGIN PGP PUBLIC KEY BLOCK-----
    Comment: Encryption is Good

    mDMEX7JvHxYJKwYBBAHaRw8BAQdAABRUycUFu5rj/URcud5wAHctHhbk6cSCjsGN QGQ636W0HWNvbnRyb2xAdXNlbmV0LWZyLm5ld3MuZXUub3JniJAEExYIADgWIQRH A7TffK8++jIAfulP6rXDDGdOzQUCX7JvHwIbAwULCQgHAgYVCAkKCwIEFgIDAQIe AQIXgAAKCRBP6rXDDGdOzcE+AQCzlteHTNILiEje9aNDheQvo6/nFMJqvmgoDyta 4u1UbwEArYV9801cJIa2kQhGqQ03t8UF9uIUEeRQ7QjbgAjpLA64OARfsm8fEgor BgEEAZdVAQUBAQdA247uUUq+WYCNGHEWFdPmQ4mxNMEaAVmqpB9bbWmT9CcDAQgH iHgEGBYIACAWIQRHA7TffK8++jIAfulP6rXDDGdOzQUCX7JvHwIbDAAKCRBP6rXD DGdOzX8WAQC8VlSP/TLXgghBQBSFbiZzyfjQ894YNtOswtsRHHyK2AEA1gVzCAL0 3WMwKHTsbSVRO4lxcPjM2bkmk7zxOvoyrgs=
    =cQK1
    -----END PGP PUBLIC KEY BLOCK-----


    To import it:

    % gpg --import public-key.asc


    To verify that it has correctly been imported:

    % gpg --list-keys

    pub ed25519 2020-11-16 [SC]
    4703B4DF7CAF3EFA32007EE94FEAB5C30C674ECD
    uid [ ultime ] control@usenet-fr.news.eu.org
    sub cv25519 2020-11-16 [E]


    If you want to start again, or remove an existing key (like the previous
    key of the hierarchy):

    % gpg --delete-keys fingerprint-of-the-key



    As for INN, the control.ctl file is unchanged (the UID of the previous
    key is re-used).
    To switch from GnuPG 1.x to GnuPG 2.x, only two lines should be modified
    in <pathlib>/perl/INN/Config.pm :
    our $gpgv = '/usr/bin/gpgv2';
    our $gpg = '/usr/bin/gpg2';



    To manually test the signing tooling used by INN:

    % grephistory '<checkgroups-1605529670@news.trigofacile.com>' | sm > message

    % pgpverify -test < message
    [GNUPG:] NEWSIG control@usenet-fr.news.eu.org
    gpg: Signature faite le lun. 16 nov. 2020 13:27:54 CET
    gpg: avec la clef EDDSA
    4703B4DF7CAF3EFA32007EE94FEAB5C30C674ECD
    gpg: issuer "control@usenet-fr.news.eu.org"
    [GNUPG:] KEY_CONSIDERED 4703B4DF7CAF3EFA32007EE94FEAB5C30C674ECD 0
    [GNUPG:] SIG_ID kXd70ZClqWv6V8Rv2HHUnasBCrc 2020-11-16 1605529674
    [GNUPG:] KEY_CONSIDERED 4703B4DF7CAF3EFA32007EE94FEAB5C30C674ECD 0
    [GNUPG:] GOODSIG 4FEAB5C30C674ECD control@usenet-fr.news.eu.org
    gpg: Bonne signature de << control@usenet-fr.news.eu.org >> [ultime]
    [GNUPG:] VALIDSIG 4703B4DF7CAF3EFA32007EE94FEAB5C30C674ECD 2020-11-16 1605529674 0 4 0 22 8 00 4703B4DF7CAF3EFA32007EE94FEAB5C30C674ECD
    [GNUPG:] TRUST_ULTIMATE 0 pgp
    control@usenet-fr.news.eu.org


    The checkgroups of Message-ID
    <checkgroups-1605529670@news.trigofacile.com> should correctly be
    recognized as having be signed with the new key.

    Confirmed by controlchan:
    Nov 16 13:39:51 news controlchan[10090]: checkgroups by control@usenet-fr.news.eu.org processed (no change)


    That's it!

    --
    Julien ÉLIE

    « Qu'est-ce que je vous sers pour arroser le sanglier bouilli ? De l'eau
    chaude, de la cervoise tiède ou du vin rouge glacé ? » (Astérix)

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From =?UTF-8?Q?Julien_=c3=89LIE?=@21:1/5 to All on Fri Nov 20 22:37:32 2020
    XPost: news.software.nntp

    Hi all,

    Since RSA keys seem to have better interoperability and compatibility
    with deployed software, I've generated such an RSA key for the fr.*
    hierarchy.

    For those wanted to test, the checkgroups <checkgroups-1605907253@news.trigofacile.com> I have just sent is signed
    with it:


    -----BEGIN PGP PUBLIC KEY BLOCK-----
    Version: GnuPG v2.1.18
    Comment: fr.* hierarchy

    mQINBF+4LkcBEADLTAOPM6z/nj1zFox1KZEY44GTSwUaB5gBflJMTjC2izhh1Q6N bsfya4REfRijENkqOFGV/QkWQ8Va/ru+74yOKvLDdiD0RqGjvazlgvOGRLaTcxbG w6e4cAddbZ2O65XsqfNB+K11WQdgL42OAY6aGTrbj17rLANHFSiGd+gVhL3U3DNE WBOnwGCVgpaAX52ZFLF1qUc3LVe36sW/zer/eftp57tI9dCUpXOBjJnmsrShMGul 6cEcdJ0cy4n/rGg0nGwfri8xszk/od8hPatTW4rdEDkSQBMbZJra7PHp8z/k/v7u qAw9mHnB3mwGh2Ed9jf0jnubr/9gSM4m/izF6G57EJN+5bfkrK2zzbURJMggrTkx DUKdge5wDN8u//KgsEltOGupqWrVbAI3pyJ/gyvq4inL7v6HvZP07suO8zbhHUt2 K8xgl7JoJL0bZBekaL47Fm8ZZmfvAWvvM/bqPCFSc/FwHi8oY5mMwPtxhad/yuLm OfaAVqzthjhKLkkl+PZ77rpqHYWpK26ChWJ5MGmAm2MG5cetY6HK81CZK5wX9Ck7 rVIo2mL+wDIIFLlsrYl9v3x1yMOUVevac3owz3LGh4iFH3NBHCl5ncIonsc32A98 O+JlYbYoprKdZoMKnbtrSnPOe6XS85z+Rze0H6CaKXETuM3jGcYjSXCAnQARAQAB tB1jb250cm9sQHVzZW5ldC1mci5uZXdzLmV1Lm9yZ4kCTgQTAQgAOBYhBNXzabKX VzYiAVNU5/pCPomXDrELBQJfuC5HAhsDBQsJCAcCBhUICQoLAgQWAgMBAh4BAheA AAoJEPpCPomXDrELdvsP/1GuHHDFJVejB4+O7+kWGIHn+UcE3JpiHcm59+X4I+al a67l731/No1S5MzlOtKEBLOyDu7zoHsn/mQPyUKQ1yDams11PREkhmnoyI8u0JnW JsmqD17N9IH5z88GeF/4KJw8fDG34qksE0yUs8T2mwvGuzb1I3gNfcTuy1hTpVKa 5pcccHvOn+kvHhQDfWF19b6XgWE+Mjs7QTpePI+LX9S921R9pdLS08hr/WUjOCIl n4Y2gFl+Hwi2qCgbZL1RQCYH5kTO8mCjMRP88/JYAdSBiqmcEyPmRUDu/dGSQZXs HitbSMYk5fsGNPbyJHG1x24OlH0X+7FQdt2szAZsh+tNKzf3R6PAdaAjHYyVJKYs y4jVLTgfhTrpgcMr2Az1XRag3fu4itJCPR0qlqfrvOoK2sYLpbswxpJ5nkqInCvm 8PkytDMSlwP62sENy0yeHfPlI5amMWmcU1mbTBPZMiKIpiXgZSTh919cj0tlZYEJ BmlA7SVT/IvMBr7xyhmRknHTo5QRpwGKi0wXEULCszDvfx6fzbdf9FRLIqGf2LzD whRdPsA6tDrOJfYA4GN4QaaXBBrDeFH0fdDXmuJ7pvsLeKv1aaOijKhAAtgRheBA 6CY2zNAFjbHRTQzZyw9UC6CaqAXjpfUMKPAqNhMbffIHFSDVQ0pftAQ36zMRJq+R uQINBF+4LkcBEADI5ZvUIMlhB9NmFkzQ0PJzpBlv1CEh2YSXReveU4KzcnN5LAc/ eS3Mup5daTG7IgT+SFLmfxMB02NF5Q6H0VLL9p8M5TAWKoHp3W+efr1f+ZZ8Bcqc s71jeSQb/Yqyy8ll85zXF9N5Ds7NRmuaZcd3CQ2kjPT/w/ew+Rz1fg2p4fe2lPLY bljgK73DmgPzGwMe9dy+WNGhlXoA3KZGQrPnUzyDUiY12DFgYMS8zXaCNwlnUya1 fTyh057MjAQMgmm3vH6eFc28/cvrvH2UscnOByJfgnPLUUtO5wBF5bB/UzsA2QRE +5gXOFxiYqZi5toJCHxDMQVagOPEMGYFV6GCrjiUVhplxOaKCENpabF9txW6VDqq a0i50Fkgye0+f0/jG3vQG26VYNB9V4CBYd6CPFqdicxojqcu7FbaOVTXYQj6xfhA ZphWDXem9kMesSCgdvD8lAPEqvwJAFlKMwi9GxU3JULQJCUU7TaroVZdCTjUAuOH 7WJoEeQy8bodyQ6TQ0ZfAK1Ewr6MolRRhvWRw9bQkuq/mURZXMSYjMM6cYHn93a5 cpKof0CFoBf2WVJg8QcFxBox93nUdDuSA6WAdzctU9iqBeXJQj9PCJgc92qp+1OI fIBeUQX0MAu5ZYgiKPjHJT6teO66hzzXKRG+AI3HJ5WrFEr5QZTIrLGbbwARAQAB iQI2BBgBCAAgFiEE1fNpspdXNiIBU1Tn+kI+iZcOsQsFAl+4LkcCGwwACgkQ+kI+ iZcOsQt/vg/9HcdK87TkTRIdBHtUNcWw+V9ERt4TIut5ddl09ym4WyqBNZBBRNTL GrPs6oaQXW95T/sOIrYPExQAFiGzw0jMlOGb58sPfvTgS3OyELi4rELi4l3y4eQM H1+q2zFxKYs2b0jwl4OkuCEyKs4DMBDEiAcjgp6//GIHuIwqsf030DakB+bCtTut tHI3zlYz8rHqfreW9bntN7jyIIxAmT70lMpg5ANPf8Wx/2H3G1bmsu2qBHdo8vkO UeL3w6P3L5HPulO0dNfW359sDAjkfeL8a6USrcMHa1v+rk00K+0h2hOUb2LbR+1J X/DkySeLjAvAaIjOK8QsTTCbjylA3NVAmG1/wgDsOCMfJPX21kVsAi4Qy/XSdGhx hUsaifyBcuEb6b8Q2b69e59MpVWHUlskjnVGkFv14MwLtytEo6rZWuehmx5mwufJ j3PCZ/wWreKLNGC3wvBt+Csmar9qQoUkLy3f0jxA9hRzvA6Kb5nb87XPQ+QADwi0 yEMgYmUXwc72JwA/qFKD+HmkrUT8PXSPH3uB/7jpN4qhOKZAzR/OidqkDZhnB+BP MQl0h9BR9pXoSFZSUyn7ICTEqTtXgDKbEXNFBkQWdZU2Qy77RoM23qXDMDVwVuAH syOTWaDCywSEKBiB/T0tL8sPlMx1BrUfkW5WSekXHP7ZMA4jQZKVooM=
    =vYcy
    -----END PGP PUBLIC KEY BLOCK-----





    % gpg --list-keys
    pub rsa4096 2020-11-20 [SC]
    D5F369B297573622015354E7FA423E89970EB10B
    uid [ inconnue] control@usenet-fr.news.eu.org
    sub rsa4096 2020-11-20 [E]


    I hope this one will be the right one this time!

    --
    Julien ÉLIE

    « Je n'aime pas faire du char-stop ! » (Astérix)

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)