Mailing List Archive

On Fri, 2022-01-14 at 16:42 +0000, ?????? ???????? via Gnupg-users
wrote:
> The --begin etc. markers should be used to detect where
> the OCR scanned document begins and ends to have later
> a good signature.

If you are relying on OCR to reconstitute a bitwise-perfect message
(because that's the only way a signature will validate) then you're
asking for trouble, unless you're using a very restricted character set
with at most one whitespace codepoint.

> the receiver then OCR scans the document and decodes the QR-code

If QR is an option, why not encode the entire message in QR?

A

On 1/14/2022 at 11:46 AM, "?????? ???????? via
Gnupg-users" wrote:Hi all,

If people have a modern Telefax machine, have you ever
tried out to send a GnuPG signed Fax?

=====
You can simply armor sign the message.
Don't bother with the 'begin' and 'end' part, it can be added on the
receiving end.
OCR it into telefax and send.
I have never done this, and the few times I have tried similar things,
the OCR always made mistakes.

Anyone used an OCR program that reliably could get a page of gnupg
block ciphertext
Without mistakes

Andrew Gallagher wrote:

> On Fri, 2022-01-14 at 16:42 +0000, ?????? ???????? via Gnupg-users
> wrote:
>> The --begin etc. markers should be used to detect where
>> the OCR scanned document begins and ends to have later
>> a good signature.
>
> If you are relying on OCR to reconstitute a bitwise-perfect message
> (because that's the only way a signature will validate) then you're
> asking for trouble, unless you're using a very restricted character set
> with at most one whitespace codepoint.

Maybe one could use a character, like a + or * etc., as whitespace.

The idea is to use a Telefax machine for endpoint security, with
an offline usage PC, which for example gpg4win is ideal for.


>> the receiver then OCR scans the document and decodes the QR-code
>
> If QR is an option, why not encode the entire message in QR?

I thought about that too, but in case the document would be several
pages long and would not fit into a QR-code. Ok, one can split the
large document and insert then several QR-codes into one Fax page.

Regards
Stefan



_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

vedaal@nym.hush.com wrote:

> On 1/14/2022 at 11:46 AM, "?????? ???????? via
> Gnupg-users" <gnupg-users@gnupg.org> wrote:
>
>> Hi all,
>>
>> If people have a modern Telefax machine, have you ever
>> tried out to send a GnuPG signed Fax?
>>
>> =====
>> You can simply armor sign the message.
>> Don't bother with the 'begin' and 'end' part, it can be added on the
>> receiving end.
>> OCR it into telefax and send.
>> I have never done this, and the few times I have tried similar
>> things, the OCR always made mistakes.
>>
>> Anyone used an OCR program that reliably could get a page of gnupg
>> block ciphertext
>> Without mistakes

The only reliable OCR software I have found in the past was a Windows PC
software, which gave 100 percent correct results. I used that for a
scanned
document, from a printed page. Maybe base32, for example, would be a
good candidate, when used only with uppercase or only lowercase letters.

http://www.boxoft.com/free-ocr/

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On 14/01/2022 17:54, ?????? ???????? wrote:
>
> The idea is to use a Telefax machine for endpoint security, with
> an offline usage PC, which for example gpg4win is ideal for.

Would it not be simpler to use a modem?

> I thought about that too, but in case the document would be several
> pages long and would not fit into a QR-code. Ok, one can split the
> large document and insert then several QR-codes into one Fax page.

The largest standard QR code can hold just under 3kB of data in a single
image. If you need more than that you would probably have to split
across multiple sheets no matter what encoding system you choose.

A

Andrew Gallagher wrote:

> On 14/01/2022 17:54, ?????? ???????? wrote:
>>
>> The idea is to use a Telefax machine for endpoint security, with
>> an offline usage PC, which for example gpg4win is ideal for.
>
> Would it not be simpler to use a modem?

Good question. My thought was that Telefax is still used, among
lawyers, doctors, business folks etc., and brand-new Fax machines
can be bought on Amazon etc.

>> I thought about that too, but in case the document would be several
>> pages long and would not fit into a QR-code. Ok, one can split the
>> large document and insert then several QR-codes into one Fax page.
>
> The largest standard QR code can hold just under 3kB of data in a
> single
> image. If you need more than that you would probably have to split
> across multiple sheets no matter what encoding system you choose.

Yes, do you know of any QR-code software (open source) which could
do that task automatically, i.e. split a large (encoded) message into
several QR-codes and reassemble later?

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On 14/01/2022 18:22, ?????? ???????? wrote:
>> Good question. My thought was that Telefax is still used, among
> lawyers, doctors, business folks etc., and brand-new Fax machines
> can be bought on Amazon etc.

+1 for obsolescence! Beware of course that fax machines are VERY noisy,
and analogue lines are increasingly routed over VOIP, so if you're using
this as some kind of off-grid technique you're not going to get very far.

> Yes, do you know of any QR-code software (open source) which could
> do that task automatically, i.e. split a large (encoded) message into
> several  QR-codes and reassemble later?

I don't know about QR codes, but splitting a single file into multiple
parts of a given size and reassembling them again can be done with the
venerable unix utilities `split` and `cat`.

A

Andrew Gallagher wrote:

> On 14/01/2022 18:22, ?????? ???????? wrote:
>>> Good question. My thought was that Telefax is still used, among
>> lawyers, doctors, business folks etc., and brand-new Fax machines
>> can be bought on Amazon etc.
>
> +1 for obsolescence! Beware of course that fax machines are VERY noisy,
> and analogue lines are increasingly routed over VOIP, so if you're
> using
> this as some kind of off-grid technique you're not going to get very
> far.

Well, but what I personally like about using a Fax machine is, that you
get
a Fax report, can archive the Fax as a paper document, have in the Fax
header
your data defined and can use with GnuPG a free-form UID explicitly used
for the Fax telephone number. And it is IMHO more decentralized and
personal,
compared to email usage, when signing up for an email service. And you
don't need a MUA :-).

>> Yes, do you know of any QR-code software (open source) which could
>> do that task automatically, i.e. split a large (encoded) message into
>> several  QR-codes and reassemble later?
>
> I don't know about QR codes, but splitting a single file into multiple
> parts of a given size and reassembling them again can be done with the
> venerable unix utilities `split` and `cat`.

Ok, I have to check this out and as a Windows solution, because it is
the most widely used OS. Maybe an idea for Werner and his commercial
version of GnuPG Desktop.

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Fri, 14 Jan 2022 17:54:56 +0000
?????? ???????? via Gnupg-users <gnupg-users@gnupg.org> wrote:

> > If QR is an option, why not encode the entire message in QR?
>
> I thought about that too, but in case the document would be several
> pages long and would not fit into a QR-code. Ok, one can split the
> large document and insert then several QR-codes into one Fax page.

I've experimented with using QR codes with OpenPGP on-and-off… mostly
as a mechanism for sharing the public keys: the idea being that you
could have business cards printed up with the back side containing a QR
code of your public key (not a fingerprint, the actual key).

In my experience, it is very hard to get the big and complex QR codes
to scan reliably. Some of the QR codes used for COVID-19 contact
tracing and vaccination status _really_ push the limits -- with those
largish codes often failing to scan.

ECC keys could be made small enough to have a snowflake's chance in
hell of working. 4096-bit RSA was a no-go.

There are schemes for encoding an image for printing onto a piece of
paper and later scanning it back in to recover the original data. QR
code is obviously a more recent option, but was not the first. These
may be worth pursuing.
--
Stuart Longland (aka Redhatter, VK4MSL)

I haven't lost my mind...
...it's backed up on a tape somewhere.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Stuart Longland wrote:

> On Fri, 14 Jan 2022 17:54:56 +0000
> ?????? ???????? via Gnupg-users <gnupg-users@gnupg.org> wrote:
>
>> > If QR is an option, why not encode the entire message in QR?
>>
>> I thought about that too, but in case the document would be several
>> pages long and would not fit into a QR-code. Ok, one can split the
>> large document and insert then several QR-codes into one Fax page.
>
> I've experimented with using QR codes with OpenPGP on-and-off… mostly
> as a mechanism for sharing the public keys: the idea being that you
> could have business cards printed up with the back side containing a QR
> code of your public key (not a fingerprint, the actual key).
>
> In my experience, it is very hard to get the big and complex QR codes
> to scan reliably. Some of the QR codes used for COVID-19 contact
> tracing and vaccination status _really_ push the limits -- with those
> largish codes often failing to scan.
>
> ECC keys could be made small enough to have a snowflake's chance in
> hell of working. 4096-bit RSA was a no-go.

Thanks for sharing your experience, much appreciated!

> There are schemes for encoding an image for printing onto a piece of
> paper and later scanning it back in to recover the original data. QR
> code is obviously a more recent option, but was not the first. These
> may be worth pursuing.

Would you like to explain a bit such schemes? I am aware, for example,
that GnuPG on a mini offline laptop can beat *all* smartphone crypto
messenger, when it comes to endpoint security, when used with a dumb
phone with a USB port and while sending GnuPG MMS messages. All
users need for that is a software from GitHub, which can convert GnuPG
messages to .png images and back. Simply search there for 'imgify'.

Regards
Stefan



_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Fri, 14 Jan 2022 20:50:57 +0000
?????? ???????? <stefan.vasilev@posteo.ru> wrote:

> Stuart Longland wrote:
>
> > On Fri, 14 Jan 2022 17:54:56 +0000
> > ?????? ???????? via Gnupg-users <gnupg-users@gnupg.org> wrote:
> >
> >> > If QR is an option, why not encode the entire message in QR?
> >>
> >> I thought about that too, but in case the document would be several
> >> pages long and would not fit into a QR-code. Ok, one can split the
> >> large document and insert then several QR-codes into one Fax page.
> >
> > I've experimented with using QR codes with OpenPGP on-and-off… mostly
> > as a mechanism for sharing the public keys: the idea being that you
> > could have business cards printed up with the back side containing a QR
> > code of your public key (not a fingerprint, the actual key).
> >
> > In my experience, it is very hard to get the big and complex QR codes
> > to scan reliably. Some of the QR codes used for COVID-19 contact
> > tracing and vaccination status _really_ push the limits -- with those
> > largish codes often failing to scan.
> >
> > ECC keys could be made small enough to have a snowflake's chance in
> > hell of working. 4096-bit RSA was a no-go.
>
> Thanks for sharing your experience, much appreciated!
>
> > There are schemes for encoding an image for printing onto a piece of
> > paper and later scanning it back in to recover the original data. QR
> > code is obviously a more recent option, but was not the first. These
> > may be worth pursuing.
>
> Would you like to explain a bit such schemes? I am aware, for example,
> that GnuPG on a mini offline laptop can beat *all* smartphone crypto
> messenger, when it comes to endpoint security, when used with a dumb
> phone with a USB port and while sending GnuPG MMS messages. All
> users need for that is a software from GitHub, which can convert GnuPG
> messages to .png images and back. Simply search there for 'imgify'.

https://github.com/dmshaw/paperkey/ is one such scheme, intended for
making a private key back-up. It could probably be adapted to store
arbitrary data.

There may be others, I just can't put my finger on them now.
--
Stuart Longland (aka Redhatter, VK4MSL)

I haven't lost my mind...
...it's backed up on a tape somewhere.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On 2022-01-14 at 16:42 +0000, ?????? ???????? wrote:
> Hi all,
>
> If people have a modern Telefax machine, have you ever
> tried out to send a GnuPG signed Fax?
>
> I was thinking about the following:
>
> One prepares his message in the following way:
>
> ---begin message---
>
> Message.
>
> --end message---
>
> Then saves the message, detach signs it and converts the
> detached signature as QR-code which is put then also on
> the Fax document, while the receiver then OCR scans the
> document and decodes the QR-code.


What's wrong with simply using a PGP clearsign signature?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Dear Mr ????????

I hereby send you this signed document with the information you
requested:

Gur nggnpx jvyy or ynhapurq ba fvkgu Whar

Yours faithfully
-----BEGIN PGP SIGNATURE-----

iIcEARYIAC8WIQQCizm6L17e6dtQkgGnASDnmmvMqAUCYeH06xEcYW5nZWxAMTZi
aXRzLm5ldAAKCRCnASDnmmvMqL6LAP9TIWvEqVFLAPbAZWqCegFvO2KEp/44ovJu
XpE9FoZqiQD/U4Xz0ePZJNThyxzJuNwVyh8C2Iz3Kw3DFpYf3vF68Aw=
=ZQiA
-----END PGP SIGNATURE-----



Of course, you need to properly OCR the signature, but you already need
to properly OCR all the text anyway. (Hint: the final checksum may
help). The font choice could be helpful in getting good OCR results as
well.







_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Stuart Longland wrote:

> On Fri, 14 Jan 2022 20:50:57 +0000
> ?????? ???????? <stefan.vasilev@posteo.ru> wrote:

>> Would you like to explain a bit such schemes? I am aware, for example,
>> that GnuPG on a mini offline laptop can beat *all* smartphone crypto
>> messenger, when it comes to endpoint security, when used with a dumb
>> phone with a USB port and while sending GnuPG MMS messages. All
>> users need for that is a software from GitHub, which can convert GnuPG
>> messages to .png images and back. Simply search there for 'imgify'.
>
> https://github.com/dmshaw/paperkey/ is one such scheme, intended for
> making a private key back-up. It could probably be adapted to store
> arbitrary data.
>
> There may be others, I just can't put my finger on them now.

Ah ok, you referred to encoding key material.

I just did a quick look and found this, which I may explore a little.

http://ronja.twibright.com/optar/

Regards
Stefan



_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Ángel wrote:

> On 2022-01-14 at 16:42 +0000, ?????? ???????? wrote:
>> Hi all,
>>
>> If people have a modern Telefax machine, have you ever
>> tried out to send a GnuPG signed Fax?
>>
>> I was thinking about the following:
>>
>> One prepares his message in the following way:
>>
>> ---begin message---
>>
>> Message.
>>
>> --end message---
>>
>> Then saves the message, detach signs it and converts the
>> detached signature as QR-code which is put then also on
>> the Fax document, while the receiver then OCR scans the
>> document and decodes the QR-code.
>
>
> What's wrong with simply using a PGP clearsign signature?

I tried in the past to OCR scan armored GnuPG payloads, but
it introduced errors in some characters. And in case this
happens to others, how can users not having the original digital
document correct then errors?

If this works 100 percent reliable for you, you could explain the
required (standard) settings for printed/scanned documents.

Regards
Stefan


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Fri, 14 Jan 2022 22:32:49 +0000
?????? ???????? <stefan.vasilev@posteo.ru> wrote:

> Ah ok, you referred to encoding key material.

Not explicitly… as I said, you may be able to adapt that other project
to store other things (e.g. the digitally signed documents discussed).

> I just did a quick look and found this, which I may explore a little.
>
> http://ronja.twibright.com/optar/

That sounds like a better tool. I didn't quite manage to pull that up
with my search queries before.
--
Stuart Longland (aka Redhatter, VK4MSL)

I haven't lost my mind...
...it's backed up on a tape somewhere.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On 2022-01-14 at 22:39 +0000, ?????? ???????? via Gnupg-users wrote:
> > What's wrong with simply using a PGP clearsign signature?
>
> I tried in the past to OCR scan armored GnuPG payloads, but
> it introduced errors in some characters. And in case this
> happens to others, how can users not having the original digital
> document correct then errors?
>
> If this works 100 percent reliable for you, you could explain the
> required (standard) settings for printed/scanned documents.
>
> Regards
> Stefan

I don't claim it at all. I don't think I have even tried a scan + OCR
in the last decade.

However, without a proper text ocrring, you wouldn't be able to import
the message content, either.

Regards



_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users