225
I made a gpg Hat
(lemmy.ml)
Wouldn't that be a great use case for a QR-code?
I think the whole key is more of a conversation starter than just QR code. We all know what they are and dont ask people questions aboit them.
Put an nfc tag there, you can insert it behind the leather. Write the same key on it and that way you could tip your hat onto someonea phone for a quick transfer for later communications.
With the way you stitched it, you could easily push one of the flat flexible ones there without having to mess with the stitches
Thats a fucking metal idea.
I guess I, too, am still not certain why you would censor it. The whole point to the public key is to publish it. Most people upload their's to multiple public key servers.
They meant that they wanted to do a test to see if they would get any gpg-encrypted emails from people who saw the hat in real life; the "experiment" doesn't work if you allow internet strangers to email you too, as then you don't know where a person may have gotten the email address/key from
That makes sense
If they have it on a hat, in real life, then it's linked to their real identity. They might just want to keep it separate from Lemmy.
True, but I think it would be extremely easy to identify them from the strings of dozens of identical letters still visible on the hat.
You would need to know the whole key to know. If there are blocks missing you cant get anything from a key. And you would half to see in in real life to corelate my user alias to my real identity. Which i originally going to use a key that i have for online accounts (a key for steamy) But i then realized that would then have my online account linked to my real identity
Yeah, if you know part of a fingerprint you can look up keys, but I don't know of a way to look up keys from partial keys.
Thats if the key was uploaded to a keyserver.
Yes? How else would you look up anything if it hadn't been uploaded somewhere?
Yeah, if I met you I'd never know! It could be one of thousands others with the same hat!
Back in the day, when forums were still a thing, I dumped a bunch of binary into my signature and waited for someone to figure out what it says. Eventually, someone did go through the trouble of converting it to hex, ASCII, HTML, ROT13, BASE64 or whatever random conversions I had access to at the time. Anyway, one day I got a message about it, and I was so delighted.
we did that back we i used usenet
That's the kind of things I expect somebody to be into deciphering to have already a ~/Prototypes/deciphers/ directory with a bunch of scripts with the basics and maybe a testing script that iterates through them sorted by probability (maybe based on popularity) and checks output against keywords, e.g. stop words of increasing length then dictionaries.
TL;DR: I bet that person had automated that process.
If I built a system like that, it would become really complicated, since I would just have to include all sorts of convoluted unicode trickery in it.
ӏ і κ е ț һ ï ʂ
like this
as long as there is mapping then it's OK, it can be added as yet another filter
Why is it censored? Also why no monospaced typeface?
Specific key for this hat, i wanted to share this idea. But i also wanted to see if any local people would email me. Also didnt want to paste my email adress online LMAO.
Also cause nerd fonts IM ADDICTED
You expect somebody to write that down?
Nah photos, would be better and or theres an app that can import gpg keys from photos. I dont quite remember what it is tho
You should do this with the Lorem Ipsum text lol
People who don't know might think it's some based quote from a Caesar or something
I think it would be cool to encode your key as like a qr code so that folks can scan it.
Kinda loses the aesthetic of the classic gpg armor though
Yeah i thought about that! I have been playing with base64 encoding tho!
An email address might be good too unless part of the key
Could also be a short URL instead, e.g. https://lemmy.ml/post/31547467 or ideally something with keywords rather than UUID, even though here 8 digits isn't too bad.
I do like this a lot.
Since you sort of need to be there with the hat, it makes me wonder of you might get more response and/or geographic spread if you has some sort of leave behind. A sticker, or a card that you can slot in places.
I do think that leaving it as the gpg key is better, not a QR code. It helps ID this for nerds like you and me. I would never scan a wild QR.
Yeah qr codes would be the "easier way" But i never scan any of them because MALWARE
"Brad, I saw you cheating on Stacy at the club last night" [your pgp key here]
It's more traditional to just print the key fingerprint.
how did you choose which areas to redact? were you careful to be sure to get the parts that have the key's name and email address?
It should be if there is chunks missing its unusable. At least thats my thinking, since gpg is usually a binary and ascii armor makes it human readable. As long as a person cannot guess the blacked out parts, there shouldnt be any data.
Kinda like binary if your missing bits of binary in a program it should be unreadable
--edit
im full of shit Its base64 and you can somewhat decode it
were you careful to be sure to get the parts that have the key’s name and email address?
It should be if there is chunks missing its unusable. At least thats my thinking, since gpg is usually a binary and ascii armor makes it human readable. As long as a person cannot guess the blacked out parts, there shouldnt be any data.
you are mistaken. A PGP key is a binary structure which includes the metadata. PGP's "ascii-armor" means base64-encoding that binary structure (and putting the BEGIN and END header lines around it). One can decode fragments of a base64-encoded string without having the whole thing. To confirm this, you can use a tool like xxd (or hexdump) - try pasting half of your ascii-armored key in to base64 -d | xxd (and hit enter and ctrl-D to terminate the input) and you will see the binary structure as hex and ascii - including the key metadata. i think either half will do, as PGP keys typically have their metadata in there at least twice.
Yeah i realized this after i got to work and lookup up what gpg uses for ascii armor. Its base64, i used base64 -d and i could get some parts of my key. The photo has been updated to remove alot more of the key.
Major fuckup on my part.
But i learned that ASCII armor is base64 i guess.
Gpg? 😂
-
Pretty Good Privacy (PGP): The first implementation of a set of methods used for signing, encrypting, and decrypting texts, emails and files that ultimately became a standard called "OpenPGP" (RFC 4880), the program itself was commercial/proprietary. Sometimes "PGP" is also used to call the standard itself for short.
-
GNU Privacy Guard (GPG): A popular Free and Open Source program from the GNU project that uses/implements the OpenPGP standards
Pgp?
this post was submitted on 12 Jun 2025
225 points (94.8% liked)
Privacy
38825 readers
416 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS