Sujet : Re: Upgrading/changing from PGP to GnuPG for nl.*
De : iulius (at) *nospam* nom-de-mon-site.com.invalid (Julien ÉLIE)
Groupes : news.admin.hierarchiesDate : 26. Apr 2024, 11:18:31
Autres entêtes
Organisation : Groupes francophones par TrigoFACILE
Message-ID : <v0fv1o$62di$1@news.trigofacile.com>
References : 1
User-Agent : Mozilla Thunderbird
Hi Adri,
Now I could go ahead and install the necessary compatible libraries for PGP,
but there's also the option of moving to a more modern approach and the use of
GnuPG:
$ rpm -q gnupg2
gnupg2-2.4.4-1.fc40.x86_64
The last control article sent with your PGP-2 key dates back to 2017 (changing the description of nl.scientology).
I also reckon that moving to a more modern approach is the right thing to do, in a long-term perspective.
It implies a change of key. As it seems that you won't be sending control articles in double (signed with both the old PGP-2 key and the new one), the drawback is that only the news servers that have imported your new public key will honour your control articles from now on.
It's not critical as it may well happen that the current PGP-2 key is already not recognized by some (not saying most) servers carrying nl.*!
Before I can use GPG in the Usenet-hierarchy 'nl' I need to register its key
and this is probably the first thing that I should do. Where do I do that?
Before registering I also need to generate the new key. How do I do that?
A step-by-step-approach works best for me as I don't want to make any fatal
mistakes.
About the registration of the new key in PGPKEYS at <
https://ftp.isc.org/pub/pgpcontrol/> so that the subsequent control articles are taken into account in the ftp.isc.org active and newsgroups file at <
https://ftp.isc.org/pub/usenet/CONFIG/>, just advertising it here will be enough. Russ will do the necessary stuff to integrate it into the software which generates the ftp.isc.org files.
It is also time to ask for an update, if needed, of the control.ctl information (contact, URL) related to your hierarchy:
http://usenet.trigofacile.com/hierarchies/nl.htmlAbout the generation of the new key, I would suggest a 3072-bit or 4096-bit RSA key which *never expires*.
(RSA is widely supported by GnuPG versions in wild, contrary to ECDSA which may not be recognized by a bit older versions.)
When asked by GnuPG during the generation of the key, put the e-mail address from which you will send control articles in the key ID (the real name field), and leave the other fields blank, for better compatibility with Usenet software.
The command I used to generate the key for fr.* is "gpg --full-generate-key --allow-freeform-uid", and then answer the questions with the above recommendations in mind.
After having generated the private and public keys, you should export your PUBLIC key and make it available from the web site of your hierarchy, and also announce it in news.admin.hierarchies.
The next thing to do is probably configuring a new 'signcontrol' (Perl) and
getting that new 'signcontrol' to work. Julien already pointed me to
https://ftp.isc.org/pub/pgpcontrol/signcontrol and there's much resemblance
to my version from 1998.
Sure, feel free to use this Perl version of signcontrol :)
-- Julien ÉLIE« Je ne suis ni pour ni contre, bien au contraire ! » (Coluche)
Upgrading/changing from PGP to GnuPG for nl.*
Re: Upgrading/changing from PGP to GnuPG for nl.*