How to verify the signatures, within GnuPG Certificates, from the command-line.

I found this to be a very specific question, with inadequate documentation elsewhere on the Web, and so I’m writing my own observations on it here. First of all, the reader should know what a certifiicate is, as opposed to just, ‘a public key’. A public key goes together Mathematically with a private key, so that either will decrypt what the other enrcypted, but in such a way that, if the public is made aware of the public key alone, they are unable to derive the private key.

This does not just get used for encryption, but also to sign documents or other electronic assets. In fact, if the RSA algorithm is being used for encryption, it may already be somewhat out-of-date, because many Web sites that have an ‘httpS://’ URL, use TLS by now, instead of SSL, the latter being insecure by today’s knowledge. However, while Diffie-Hellman key exchange is suitable for encryption, creating a shared secret between the server and client, that in turn can be used as a strong, symmetrical key for a connection, the actual verification of Web-sites still uses RSA. But, that’s a bit of an aside comment, because we’re not interested in this posting, in certifying Web-sites with an X.509 certificate. This posting is about ‘GnuPG’, which is an alternative to ‘X.509′.

A certificate is what one obtains, when a public key belonging to one person, together with certain mandatory information, is signed, using the private key of another, so that the public key of the other person can be used to validate that signature. This is important because, if there were only a public and private key, the recipient of a (signed) document would have no way of knowing, whether a public key he’s been given, actually belongs to the correct author. He’d just know, that it’s the public key associated with an arbitrary private key, where the two are supposedly already matched as they should be.

Conversely, if a person wanted to encrypt a document being sent to another, then he’d have no way of knowing, that he’s encrypting it using the correct public key. The person who has the corresponding private key, might not be the intended recipient.

Because of the signature of the public key with another person’s key-pair, that person’s attestation to the fact that it belongs to its rightful owner, can add trust in the public key, for the recipient of a signed document, or the sender of a document to be encrypted, the latter so that only the holder of the correct private key will be able to decrypt it.

So, it can happen to users of GnuPG, that they’ve been using GUIs such as ‘Kleopatra’ or ‘KGPG’, that these GUIs have not displayed any messages, but that they’d like to verify the signatures of their public keys, belonging to other people anyway. And from the command-line, there is a way to do that…

(Updated 5/24/2020, 8h35 … )

Continue reading How to verify the signatures, within GnuPG Certificates, from the command-line.

I am no longer 100% Linux.

Something which I recently did – as of May 17 to be precise – was, to install Windows 10 on a Virtual Machine. This is not to be confused with the use of ‘Wine’, because an Emulator is not the same thing as a VM. When using a VM, the ISO File authored by Microsoft, in this case, needs to be provided, so that Genuine Windows can install itself, in an isolated environment, that behaves exactly as a regular computer would behave, by itself.

AFAIK, this is a perfectly legal thing to do. And my perception of that is amplified, by the fact that within Windows 10, I was able to go through the Windows Store, to purchase the activation for that instance. If it was illegal, then I should have obtained a message to the effect.

Also, when Windows software runs on a VM, certain hardware can be ‘fed through’ to this ‘Guest System’, such as specific USB Devices. But, when they are, Windows relies on its own device-drivers, to be able to use them, or, on vendor-supplied device drivers. What this means is that at the raw binary level, the VM itself is forwarding the data, without attempting to reparse or analyze it in any way.

Screenshot_20200522_153241

I can still get error messages, but so far, those have only come as a result of silly user errors, that would have produced the same error messages had Windows been running natively.

And, because the Guest System is genuinely Windows, I can no longer say that I have zero Windows instances running. It’s just that, for now, the Windows instance I have running, resides inside a VM and doesn’t own ‘the Real Computer’ – aka the ‘Host System’.

What I do notice is the fact, that some of the errors which I made, were due to not having used Windows for a long time.

Dirk

 

Changing the <Alt>+(LMB-Drag) behaviour of Linux, under the Plasma 5 desktop manager.

One of the realities of many graphics / editing applications is, that the action to drag either an object or one of its handles with a mouse, or with any other pointing-device, needs to be modified in several ways, depending on what, exactly, the user expects the application to do. I have recently encountered a Web-application, which therefore displays in a Web-browser, in which to hold down the Shift-Key while dragging the corner of a rectangle does one thing, holding down the Ctrl-Key while doing so does another, and holding down the Alt-Key performs yet-another action, which in this case was, to draw an ellipse instead of a rectangle. And in this Web-application, the ability to draw circles or ellipses would eventually become important.

The problem with any application that has this as one of the inputs it accepts, is that such applications were never designed with Linux in mind. The reason is the fact that, under Linux desktop-managers, to <Alt>+(LMB-Drag) gets intercepted, and has as effect to drag the entire application window. That Web-application never receives such a combination of inputs.

Fortunately, if the desktop-manager is one of the ‘Plasma 5′ sub-versions, there is a way to change that behaviour. It can be found under:

System Settings -> Application Style -> Widgets Style and Behaviour -> Applications Tab -> (Breeze Theme from Drop-Down) -> (To the right of the theme chosen from the Drop-Down) Configure… -> General Tab -> Windows’ drag mode -> (From the drop-down) ‘…Titlebar Only’.

That last drop-down is not wide enough to show its full text.

The reason this defaults to ‘Anywhere from within the window’, is a fear that might exist, that an application’s window could end up very-incorrectly positioned on the screen, and that a user might not be able to change that position, by the next time he starts the application. I.e., some applications remember their window-position from one session to the next, and it could be screwed up. If this behaviour is changed, <Alt>+(LMB-Drag) will only drag the window, and therefore be intercepted before it reaches the application, if the mouse-pointer can be positioned over the window’s title-bar.

Continue reading Changing the <Alt>+(LMB-Drag) behaviour of Linux, under the Plasma 5 desktop manager.

There can be curious gaps, in what some people understand.

One of the concepts which once dominated CGI was, that textures assigned to 3D models needed to include a “Normal-Map”, so that even early in the days of 3D gaming, textured surfaces would seem to have ‘bumps’, and these normal-maps were more significant, than displacement-maps – i.e., height- or depth-maps – because shaders were actually able to compute lighting subtleties more easily, using the normal-maps. But additionally, it was always quite common that ordinary 8x8x8 (R,G,B) texel-formats needed to store the normal-maps, just because images could more-easily be prepared and loaded with that pixel-format. (:1)

The old-fashioned way to code that was, that the 8-bit integer (128) was taken to symbolize (0.0), that (255) was taken to symbolize a maximally positive value, and that the integer (0) was decoded to (-1.0). The reason for this, AFAIK, was the use by the old graphics cards, of the 8-bit integer, as a binary fraction.

In the spirit of recreating that, and, because it’s sometimes still necessary to store an approximation of a normal-vector, using only 32 bits, the code has been offered as follows:

 


Out.Pos_Normal.w = dot(floor(normal * 127.5 + 127.5), float3(1 / 256.0, 1.0, 256.0));

float3 normal = frac(Pos_Normal.w * float3(1.0, 1 / 256.0, 1 / 65536.0)) * 2.0 - 1.0;

 

There’s an obvious problem with this backwards-emulation: It can’t seem to reproduce the value (0.0) for any of the elements of the normal-vector. And then, what some people do is, to throw their arms in the air, and to say: ‘This problem just can’t be solved!’ Well, what about:

 


//  Assumed:
normal = normalize(normal);

Out.Pos_Normal.w = dot(floor(normal * 127.0 + 128.5), float3(1 / 256.0, 1.0, 256.0));

 

A side effect of this will definitely be, that no uncompressed value belonging to the interval [-1.0 .. +1.0] will lead to a compressed series of 8 zeros.

Mind you, because of the way the resulting value was now decoded again, the question of whether zero can actually result, is not as easy to address. And one reason is the fact that, for all the elements except the first, additional bits after the first 8 fractional bits, have not been removed. But that’s just a problem owing to the one-line decoding that was suggested. That could be changed to:

 


float3 normal = floor(Pos_Normal.w * float3(256.0, 1.0, 1 / 256.0));
normal = frac(normal * (1 / 256.0)) * (256.0 / 127.0) - (128.0 / 127.0);

 

Suddenly, the impossible has become possible.

N.B.  I would not use the customized decoder, unless I was also sure, that the input floating-point value, came from my customized encoder. It can easily happen that the shader needs to work with texture images prepared by an external program, and then, because of the way their channel-values get normalized today, I might use this as the decoder:

 


float3 normal = texel.rgb * (255.0 / 128.0) - 1.0;

 

However, if I did, a texel-value of (128) would still be required, to result in a floating-point value of (0.0)

(Updated 5/10/2020, 19h00… )

Continue reading There can be curious gaps, in what some people understand.