XPost: news.software.nntp
Hi all,
Though RSA may finally appear to be a better choice, I've sent earlier
today a checkgroups for the fr.* hierarchy, signed with an ed25519 key.
It will be the opportunity to report any compatibility failure.
If some news administrators here are willing to test this key, please do
not hesitate.
Here are a few technical details that may be of help.
Feel free to add anything you find it useful. It will be of great help
when time will come to widely update keys (be they RSA or not).
First of all, as far as ed25519 is concerned, you have to make sure that
the EDDSA algorithm is supported:
% gpg --version
gpg (GnuPG) 2.1.18
Algorithmes pris en charge :
Clef publique : RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Here is the current experimental public key for fr.* :
% cat public-key.asc
-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: Encryption is Good
mDMEX7JvHxYJKwYBBAHaRw8BAQdAABRUycUFu5rj/URcud5wAHctHhbk6cSCjsGN QGQ636W0HWNvbnRyb2xAdXNlbmV0LWZyLm5ld3MuZXUub3JniJAEExYIADgWIQRH A7TffK8++jIAfulP6rXDDGdOzQUCX7JvHwIbAwULCQgHAgYVCAkKCwIEFgIDAQIe AQIXgAAKCRBP6rXDDGdOzcE+AQCzlteHTNILiEje9aNDheQvo6/nFMJqvmgoDyta 4u1UbwEArYV9801cJIa2kQhGqQ03t8UF9uIUEeRQ7QjbgAjpLA64OARfsm8fEgor BgEEAZdVAQUBAQdA247uUUq+WYCNGHEWFdPmQ4mxNMEaAVmqpB9bbWmT9CcDAQgH iHgEGBYIACAWIQRHA7TffK8++jIAfulP6rXDDGdOzQUCX7JvHwIbDAAKCRBP6rXD DGdOzX8WAQC8VlSP/TLXgghBQBSFbiZzyfjQ894YNtOswtsRHHyK2AEA1gVzCAL0 3WMwKHTsbSVRO4lxcPjM2bkmk7zxOvoyrgs=
=cQK1
-----END PGP PUBLIC KEY BLOCK-----
To import it:
% gpg --import public-key.asc
To verify that it has correctly been imported:
% gpg --list-keys
pub ed25519 2020-11-16 [SC]
4703B4DF7CAF3EFA32007EE94FEAB5C30C674ECD
uid [ ultime ]
control@usenet-fr.news.eu.org
sub cv25519 2020-11-16 [E]
If you want to start again, or remove an existing key (like the previous
key of the hierarchy):
% gpg --delete-keys fingerprint-of-the-key
As for INN, the control.ctl file is unchanged (the UID of the previous
key is re-used).
To switch from GnuPG 1.x to GnuPG 2.x, only two lines should be modified
in <pathlib>/perl/INN/Config.pm :
our $gpgv = '/usr/bin/gpgv2';
our $gpg = '/usr/bin/gpg2';
To manually test the signing tooling used by INN:
% grephistory '<
checkgroups-1605529670@news.trigofacile.com>' | sm > message
% pgpverify -test < message
[GNUPG:] NEWSIG
control@usenet-fr.news.eu.org
gpg: Signature faite le lun. 16 nov. 2020 13:27:54 CET
gpg: avec la clef EDDSA
4703B4DF7CAF3EFA32007EE94FEAB5C30C674ECD
gpg: issuer "
control@usenet-fr.news.eu.org"
[GNUPG:] KEY_CONSIDERED 4703B4DF7CAF3EFA32007EE94FEAB5C30C674ECD 0
[GNUPG:] SIG_ID kXd70ZClqWv6V8Rv2HHUnasBCrc 2020-11-16 1605529674
[GNUPG:] KEY_CONSIDERED 4703B4DF7CAF3EFA32007EE94FEAB5C30C674ECD 0
[GNUPG:] GOODSIG 4FEAB5C30C674ECD
control@usenet-fr.news.eu.org
gpg: Bonne signature de <<
control@usenet-fr.news.eu.org >> [ultime]
[GNUPG:] VALIDSIG 4703B4DF7CAF3EFA32007EE94FEAB5C30C674ECD 2020-11-16 1605529674 0 4 0 22 8 00 4703B4DF7CAF3EFA32007EE94FEAB5C30C674ECD
[GNUPG:] TRUST_ULTIMATE 0 pgp
control@usenet-fr.news.eu.org
The checkgroups of Message-ID
<
checkgroups-1605529670@news.trigofacile.com> should correctly be
recognized as having be signed with the new key.
Confirmed by controlchan:
Nov 16 13:39:51 news controlchan[10090]: checkgroups by
control@usenet-fr.news.eu.org processed (no change)
That's it!
--
Julien ÉLIE
« Qu'est-ce que je vous sers pour arroser le sanglier bouilli ? De l'eau
chaude, de la cervoise tiède ou du vin rouge glacé ? » (Astérix)
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)