Discussion:
Effects of text editing a PGP key?
Justin J O'Brien
2014-01-01 01:01:03 UTC
Permalink
I know how to use a PGP key to verify a signature (in Debian, if it makes any difference), but I hardly know anything about how or why it works. Recently I decided to do a little experiment, and the result made me worry – but I don't know whether there's really anything to be worried about, so I'm seeking the guidance of those who know more than I. I will be extremely grateful for any assistance.

My experiment was that I opened a particular public key in a text editor, changed a few characters (I didn't document exactly what I changed but it was about 5 or 10 characters not very close to the beginning or end), saved it, and then tried to use it to verify the signature of a particular file (of course, this file had been signed with the private key corresponding to the public key that I modified). I deleted all the keys in my keyring before importing the modified key. When I tried to verify the signature, it said the signature was good. This seemed like a red flag to me, since I'd expected that the changes I'd made would make the key unable to correctly decrypt the signature. Is this suspicious? Or is it to be expected that the signing key would still work after I changed a few characters in a text editor? My first thought was that my system may have been altered so that it says bad signatures are actually good (I have a stalker so this is not
outside the realm of possibility). Should I be worried?


------------------------------------

______________________________________________________________
Archives: http://groups.yahoo.com/group/PGP-Basics/messages
OT List: http://groups.yahoo.com/group/PGP-Basics-OT
OT Subscribe: mailto:PGP-Basics-OT-***@yahoogroups.com
Gossamer Spider Web of Trust http://www.gswot.org

Yahoo Groups Links

<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/PGP-Basics/

<*> Your email settings:
Individual Email | Traditional

<*> To change settings online go to:
http://groups.yahoo.com/group/PGP-Basics/join
(Yahoo! ID required)

<*> To change settings via email:
PGP-Basics-***@yahoogroups.com
PGP-Basics-***@yahoogroups.com

<*> To unsubscribe from this group, send an email to:
PGP-Basics-***@yahoogroups.com

<*> Your use of Yahoo Groups is subject to:
http://info.yahoo.com/legal/us/yahoo/utos/terms/
Michael Daigle
2014-01-01 01:20:35 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Post by Justin J O'Brien
I know how to use a PGP key to verify a signature (in Debian, if it
makes any difference), but I hardly know anything about how or why
it works. Recently I decided to do a little experiment, and the
result made me worry – but I don't know whether there's really
anything to be worried about, so I'm seeking the guidance of those
who know more than I. I will be extremely grateful for any
assistance.
My experiment was that I opened a particular public key in a text
editor, changed a few characters (I didn't document exactly what I
changed but it was about 5 or 10 characters not very close to the
beginning or end), saved it, and then tried to use it to verify
the signature of a particular file (of course, this file had been
signed with the private key corresponding to the public key that I
modified). I deleted all the keys in my keyring before importing
the modified key. When I tried to verify the signature, it said the
signature was good. This seemed like a red flag to me, since I'd
expected that the changes I'd made would make the key unable to
correctly decrypt the signature. Is this suspicious? Or is it to be
expected that the signing key would still work after I changed a
few characters in a text editor? My first thought was that my
system may have been altered so that it says bad signatures are
actually good (I have a stalker so this is not outside the realm
of possibility). Should I be worried?
Justin, I don't read the part where you tried to import this modified
public key. If you don't remove the existing key from your keyring
then try to import the unauthentic public key, you are still using the
authentic key to decrypt the signature.

If you try to import the key it should fail because the key material,
as it is now modified, will not result in a public key with a valid
signature. Keys are protected by digital signatures and other checks.



- --
Mike Daigle http://www.mikedaigle.ca


-----BEGIN PGP SIGNATURE-----
Comment: Mike Daigle Ontario, Canada www.mikedaigle.ca

iHAEAREDADEFAlLDbVwqGGh0dHA6Ly9saW5rcy5taWtlZGFpZ2xlLmNhL01pa2VE
YWlnbGUuYXNjAAoJEE7x4eArFU5iQTkAmLyRa454APkEvYLPKdhPYvFgF7gAoLAV
WPFFNppTQbSMS4UWQu6tW4Af
=rHw6
-----END PGP SIGNATURE-----


------------------------------------

______________________________________________________________
Archives: http://groups.yahoo.com/group/PGP-Basics/messages
OT List: http://groups.yahoo.com/group/PGP-Basics-OT
OT Subscribe: mailto:PGP-Basics-OT-***@yahoogroups.com
Gossamer Spider Web of Trust http://www.gswot.org

Yahoo Groups Links

<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/PGP-Basics/

<*> Your email settings:
Individual Email | Traditional

<*> To change settings online go to:
http://groups.yahoo.com/group/PGP-Basics/join
(Yahoo! ID required)

<*> To change settings via email:
PGP-Basics-***@yahoogroups.com
PGP-Basics-***@yahoogroups.com

<*> To unsubscribe from this group, send an email to:
PGP-Basics-***@yahoogroups.com

<*> Your use of Yahoo Groups is subject to:
http://info.yahoo.com/legal/us/yahoo/utos/terms/
r***@yahoo.com
2014-01-01 01:26:07 UTC
Permalink
When I tried to import the key, it said the key was successfully imported.
r***@yahoo.com
2014-01-01 01:27:58 UTC
Permalink
(This is still Justin by the way, I don't know why my name is showing up differently now)
Michael Daigle
2014-01-01 02:14:00 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Post by r***@yahoo.com
When I tried to import the key, it said the key was successfully imported.
Apologies... Upon re-reading your post I notice you report removing
and replacing the public key in question.

I don't understand how the key is being imported. I repeated your
Post by r***@yahoo.com
gpg: CRC error; E91F3A - 7CD0FE gpg: mpi too large for this
implementation (33279 bits) gpg: mpi too large for this
implementation (24624 bits) gpg: read_block: read error: invalid
packet
As expected, the public key failed the internal checks and could not
be imported.

Which OpenPGP application and version are you using?


- --
Mike Daigle http://www.mikedaigle.ca


-----BEGIN PGP SIGNATURE-----
Comment: Mike Daigle Ontario, Canada www.mikedaigle.ca

iHEEAREDADEFAlLDeeUqGGh0dHA6Ly9saW5rcy5taWtlZGFpZ2xlLmNhL01pa2VE
YWlnbGUuYXNjAAoJEE7x4eArFU5ijyAAn1WvdAWqaR21GpBUenY6xlu0qa6PAJsE
xk8TgJbe5VSTpgjyZeQCO6W+vg==
=CScH
-----END PGP SIGNATURE-----


------------------------------------

______________________________________________________________
Archives: http://groups.yahoo.com/group/PGP-Basics/messages
OT List: http://groups.yahoo.com/group/PGP-Basics-OT
OT Subscribe: mailto:PGP-Basics-OT-***@yahoogroups.com
Gossamer Spider Web of Trust http://www.gswot.org

Yahoo Groups Links

<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/PGP-Basics/

<*> Your email settings:
Individual Email | Traditional

<*> To change settings online go to:
http://groups.yahoo.com/group/PGP-Basics/join
(Yahoo! ID required)

<*> To change settings via email:
PGP-Basics-***@yahoogroups.com
PGP-Basics-***@yahoogroups.com

<*> To unsubscribe from this group, send an email to:
PGP-Basics-***@yahoogroups.com

<*> Your use of Yahoo Groups is subject to:
http://info.yahoo.com/legal/us/yahoo/utos/terms/
r***@yahoo.com
2014-01-02 02:16:45 UTC
Permalink
I'm using GnuPG, and the package version is listed as 1.4.10-4+squeeze3. I'm not using the terminal; I'm just right-clicking the key and selecting Open with Import Key, and then right-clicking the signature and selecting Open with Verify Signature.

I repeated my initial experiment a few times with some variations (each time starting with a fresh, unmodified copy of the key), and got some interesting results. When I replaced only the very first character of the public key block, without changing anything else, the import failed; it said "Keys were found but not imported." This also happened when I deleted a large chunk of text, about 5 lines or so, from the middle of the key. But whenever I replaced just 5 or so random characters somewhere around the middle of the key, it again was successfully imported and verified the signature as good.

I also tried authenticating the file with the unmodified key, but using the wrong signature (the signature of a different file signed with the same key); as expected, it said the signature was bad.


I wonder, when I replace a few random characters and the key still works, if it could be because the characters I changed were just part of the signature of someone whose key isn't in my keyring?
Michael Daigle
2014-01-02 02:34:28 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Post by r***@yahoo.com
I'm using GnuPG, and the package version is listed as
1.4.10-4+squeeze3. I'm not using the terminal; I'm just
right-clicking the key and selecting Open with Import Key, and
then right-clicking the signature and selecting Open with Verify
Signature.
I repeated my initial experiment a few times with some variations
(each time starting with a fresh, unmodified copy of the key), and
got some interesting results. When I replaced only the very first
character of the public key block, without changing anything else,
the import failed; it said "Keys were found but not imported."
This also happened when I deleted a large chunk of text, about 5
lines or so, from the middle of the key. But whenever I replaced
just 5 or so random characters somewhere around the middle of the
key, it again was successfully imported and verified the signature
as good.
I wonder, when I replace a few random characters and the key still
works, if it could be because the characters I changed were just
part of the signature of someone whose key isn't in my keyring?
That would be my guess... that some non-critical info maybe part of a
properties flag or a third-party signature having been corrupt by your
edit was simply ignored by your implementation.


- --
Mike Daigle http://www.mikedaigle.ca


-----BEGIN PGP SIGNATURE-----
Comment: Mike Daigle Ontario, Canada www.mikedaigle.ca

iHEEAREDADEFAlLE0CsqGGh0dHA6Ly9saW5rcy5taWtlZGFpZ2xlLmNhL01pa2VE
YWlnbGUuYXNjAAoJEE7x4eArFU5ifdcAoL6bMQkqhHDUT6hf/QFa/14gQGuzAJsH
wsCOVdvy0C4ywanNXP5mSoVUuA==
=WvUg
-----END PGP SIGNATURE-----


------------------------------------

______________________________________________________________
Archives: http://groups.yahoo.com/group/PGP-Basics/messages
OT List: http://groups.yahoo.com/group/PGP-Basics-OT
OT Subscribe: mailto:PGP-Basics-OT-***@yahoogroups.com
Gossamer Spider Web of Trust http://www.gswot.org

Yahoo Groups Links

<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/PGP-Basics/

<*> Your email settings:
Individual Email | Traditional

<*> To change settings online go to:
http://groups.yahoo.com/group/PGP-Basics/join
(Yahoo! ID required)

<*> To change settings via email:
PGP-Basics-***@yahoogroups.com
PGP-Basics-***@yahoogroups.com

<*> To unsubscribe from this group, send an email to:
PGP-Basics-***@yahoogroups.com

<*> Your use of Yahoo Groups is subject to:
http://info.yahoo.com/legal/us/yahoo/utos/terms/
r***@yahoo.com
2014-01-02 03:17:47 UTC
Permalink
Ah okay then. Thanks!
Bruce Tindall
2014-01-02 03:32:14 UTC
Permalink
It's surprising to me that corrupting a signature, etc., on a PGP public
key would not have more serious consequences, but of course you've just
demonstrated that in some cases it doesn't.

I (obviously) don't know the internal layout of the key, but I would have
just assumed that the key as a whole has some kind of checksum/hash built
into it, such that any alteration of any information, even "useless"
information, in the key would be detectable. Is that not the case?
Post by Michael Daigle
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Post by r***@yahoo.com
I'm using GnuPG, and the package version is listed as
1.4.10-4+squeeze3. I'm not using the terminal; I'm just
right-clicking the key and selecting Open with Import Key, and
then right-clicking the signature and selecting Open with Verify
Signature.
I repeated my initial experiment a few times with some variations
(each time starting with a fresh, unmodified copy of the key), and
got some interesting results. When I replaced only the very first
character of the public key block, without changing anything else,
the import failed; it said "Keys were found but not imported."
This also happened when I deleted a large chunk of text, about 5
lines or so, from the middle of the key. But whenever I replaced
just 5 or so random characters somewhere around the middle of the
key, it again was successfully imported and verified the signature
as good.
I wonder, when I replace a few random characters and the key still
works, if it could be because the characters I changed were just
part of the signature of someone whose key isn't in my keyring?
That would be my guess... that some non-critical info maybe part of a
properties flag or a third-party signature having been corrupt by your
edit was simply ignored by your implementation.
- --
Mike Daigle http://www.mikedaigle.ca
-----BEGIN PGP SIGNATURE-----
Comment: Mike Daigle Ontario, Canada www.mikedaigle.ca
iHEEAREDADEFAlLE0CsqGGh0dHA6Ly9saW5rcy5taWtlZGFpZ2xlLmNhL01pa2VE
YWlnbGUuYXNjAAoJEE7x4eArFU5ifdcAoL6bMQkqhHDUT6hf/QFa/14gQGuzAJsH
wsCOVdvy0C4ywanNXP5mSoVUuA==
=WvUg
-----END PGP SIGNATURE-----
------------------------------------
______________________________________________________________
http://groups.yahoo.com/group/PGP-Basics/messages
http://groups.yahoo.com/group/PGP-Basics-OT
Gossamer Spider Web of Trust
http://www.gswot.org
Yahoo Groups Links
Michael Daigle
2014-01-02 15:00:15 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Post by Bruce Tindall
It's surprising to me that corrupting a signature, etc., on a PGP
public key would not have more serious consequences, but of course
you've just demonstrated that in some cases it doesn't.
I (obviously) don't know the internal layout of the key, but I
would have just assumed that the key as a whole has some kind of
checksum/hash built into it, such that any alteration of any
information, even "useless" information, in the key would be
detectable. Is that not the case?
I thought that was the case, and it just may be but only in more
recent implementations. I was unable to import a lightly mangled
public key in my updated GnuPG, but I would feel more confident of my
conclusion if I were able to attempt to import a copy of a mangled
public key that Justin successfully imported.

It's been some time since we've had a good technical discussion in
this forum. If someone with a better memory than mine or a more
current understanding of OpenPGP does not offer the answer to this
problem, I just may have to do some research to find it. Now I'm
curious...


- --
Mike Daigle http://www.mikedaigle.ca


-----BEGIN PGP SIGNATURE-----
Comment: Mike Daigle Ontario, Canada www.mikedaigle.ca

iHEEAREDADEFAlLFfv0qGGh0dHA6Ly9saW5rcy5taWtlZGFpZ2xlLmNhL01pa2VE
YWlnbGUuYXNjAAoJEE7x4eArFU5iFTQAoK9JWmBm9ip6rZzrZ+VZt5/M3JjcAKCp
KRlVqYMRkd0uwzMdUqiGqiFgQg==
=eZxx
-----END PGP SIGNATURE-----


------------------------------------

______________________________________________________________
Archives: http://groups.yahoo.com/group/PGP-Basics/messages
OT List: http://groups.yahoo.com/group/PGP-Basics-OT
OT Subscribe: mailto:PGP-Basics-OT-***@yahoogroups.com
Gossamer Spider Web of Trust http://www.gswot.org

Yahoo Groups Links

<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/PGP-Basics/

<*> Your email settings:
Individual Email | Traditional

<*> To change settings online go to:
http://groups.yahoo.com/group/PGP-Basics/join
(Yahoo! ID required)

<*> To change settings via email:
PGP-Basics-***@yahoogroups.com
PGP-Basics-***@yahoogroups.com

<*> To unsubscribe from this group, send an email to:
PGP-Basics-***@yahoogroups.com

<*> Your use of Yahoo Groups is subject to:
http://info.yahoo.com/legal/us/yahoo/utos/terms/
p***@tebuco.com
2014-01-02 19:34:23 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512


Hi Justin,


Yes, very worrying. Thanks for bringing it to our attention. But it's
hard to know _how_ worrying it is until we have a few more details.
Can you please specify more precisely your environment, the key you are
playing with, the file your are verifying, and the exact steps you took?


For example, can you print out your gpg.conf (perhaps a setting there is
softening your security stance). Can you convert your edits to a series
of sed commands that we can all run?


Below is my feeble attempt at a script to begin reducing the variables
in our analysis-suggestions welcome!


The output shows, for the Input Key, the line in the
Input key that was changed, and that the input key wasn't changed; and
for the Modified key, that the Modified key was indeed modified
(different from the Input key), and the GPG error. Note the different
responses of GPG to the different string removals from the key.


Thanks,
Pete


$ cat bin/pjkeymodtest.bash
#!/bin/bash
#pjkeymodtest.bash
#Tests various modifications to PGP keys in a reproducible way.
#Usage:
# pjkeymodtest.bash InputKeyFile String1 String2 String3 String4 String5 String6
#Example:
# pjkeymodtest.bash kali.asc mQINBE 8QYmMR pZIRlv ORRLx JHSmA4 tRp
#Copyright 2014 ***@tebuco.com
#License AGPL3+ http://www.gnu.org/licenses/agpl-3.0.html
min=${1}
mout=TestOut.asc
#
echo " "
echo "GPG:"
gpg --version | grep "\.[0-9]*\.[0-9]*"
grep -iv -e "^[[:blank:]]*#" -e "^[[:blank:]]*$" -e group ~/.gnupg/gpg.conf
echo "-------------"


for mstr in ${2} ${3} ${4} ${5} ${6} ${7}
do
echo " "
echo "Input Key:"
grep -n ${mstr} ${min}
cksum ${min}
gpg ${min}


echo " "
echo "Modified Key:"
sed -e "s/${mstr}//" ${min} > ${mout}
grep -n ${mstr} ${mout}
cksum ${mout}
gpg ${mout}
echo " "
echo "-------------"
done
echo "Done."






$ pjkeymodtest.bash kali.asc mQINBE 8QYmMR pZIRlv ORRLx JHSmA4 tRp

GPG:
gpg (GnuPG) 1.4.14
keyserver hkp://pool.sks-keyservers.net
use-agent
utf8-strings
default-key B396E...
encrypt-to B396E...
personal-digest-preferences SHA512
cert-digest-algo SHA512
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed


- -------------

Input Key:
4:mQINBE9U1CgBEAChen9+cvBS8ioHoCU6wBbL9jaIk5P7ZkPpjDsovMvimqZaozS8
3056287549 8142 kali.asc
pub 4096R/7D8D0BF6 2012-03-05 Kali Linux Repository <***@kali.org>
sub 4096R/FC0D0DCB 2012-03-05 [expires: 2015-03-05]

Modified Key:
2552410685 8136 TestOut.asc
gpg: CRC error; F9EB8A - 3ED469
gpg: [don't know]: invalid packet (ctb=03)

- -------------

Input Key:
62:8QYmMR5lSFZr3pPyqfIs3pz7b6QUI/YezdW8YKQQSn63LBvhgQvyoUrA6s1m2WnG
3056287549 8142 kali.asc
pub 4096R/7D8D0BF6 2012-03-05 Kali Linux Repository <***@kali.org>
sub 4096R/FC0D0DCB 2012-03-05 [expires: 2015-03-05]

Modified Key:
459287742 8136 TestOut.asc
gpg: CRC error; C0F144 - 3ED469
gpg: [don't know]: invalid packet (ctb=00)

- -------------

Input Key:
126:pZIRlvcUmpe3BrkZRv9jGVDt8E0cQO7/t7pcfYJy6zu5TS6XtAEinpjnsFMCNBWS
3056287549 8142 kali.asc
pub 4096R/7D8D0BF6 2012-03-05 Kali Linux Repository <***@kali.org>
sub 4096R/FC0D0DCB 2012-03-05 [expires: 2015-03-05]

Modified Key:
2497353809 8136 TestOut.asc
gpg: CRC error; 03678A - 3ED469

- -------------

Input Key:
127:ORRLxL1irxYZHC4Dx4zOREd/aJHSmA4=
3056287549 8142 kali.asc
pub 4096R/7D8D0BF6 2012-03-05 Kali Linux Repository <***@kali.org>
sub 4096R/FC0D0DCB 2012-03-05 [expires: 2015-03-05]

Modified Key:
3413072421 8137 TestOut.asc
gpg: CRC error; 8E6A2F - 3ED469

- -------------

Input Key:
127:ORRLxL1irxYZHC4Dx4zOREd/aJHSmA4=
3056287549 8142 kali.asc
pub 4096R/7D8D0BF6 2012-03-05 Kali Linux Repository <***@kali.org>
sub 4096R/FC0D0DCB 2012-03-05 [expires: 2015-03-05]

Modified Key:
2754624701 8136 TestOut.asc
gpg: CRC error; BA3315 - 3ED469

- -------------

Input Key:
128:=PtRp
3056287549 8142 kali.asc
pub 4096R/7D8D0BF6 2012-03-05 Kali Linux Repository <***@kali.org>
sub 4096R/FC0D0DCB 2012-03-05 [expires: 2015-03-05]

Modified Key:
2985081674 8139 TestOut.asc
gpg: malformed CRC

- -------------
Done.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)


iQGsBAEBCgAGBQJSxb8AAAoJELOW7D0cI7XwMIMMgIFCrdesQh+/uFbTvT7GrgRR
HHlhSVJz2O0GyW4nl9TKDjxIOMg49cS9pXUwrjQ9e4G0WuASzOLXSJO823UyBZle
6If/3qXBIJ1lmsbPXnww6WNHhNlxJKIkgz8RVDwc3V5yI9HCP9dtrihHszSasN8y
POCfzeTjuciDy9ZIu2oWys49CXH0UHqVeaGVpJJhJODBUIdlYpcuH8JXG44cumhw
9M3Mrpyx0Aob8uURaS/rI3R0AnEaU8wghL4F7dQMgJGgig2rOCiD0R2S6R0HhUPz
64ri6ALvemZYRigxMyES5KnFQgn50qQEsiI/xixybQHqoDzS7OgeEIuIiENpGKcG
qKxYN9FTzFQ365UTEZBuNwjIMQP5Ww4KXji2yj+UlxkkgK8cLTDp2eUiEyo/WgOH
Np/8gYuE5u/UoCjk/552grq9hmIf8YzACfoD3zT3WM8Fw5o4gmgmxcdNfYH1mK4x
4lY+v8rzSSmWgiMgwKhYIvS4wx5BD/rNt2bqqaN3iqLuimCsor0+izL1QLyeN9k=
=sd2m
-----END PGP SIGNATURE-----
Robert J. Hansen
2014-01-02 19:41:25 UTC
Permalink
Post by p***@tebuco.com
Below is my feeble attempt at a script to begin reducing the variables
in our analysis-suggestions welcome!
If there's interest, I'd be happy to put together an app to fuzz the
inputs automagically.



------------------------------------

______________________________________________________________
Archives: http://groups.yahoo.com/group/PGP-Basics/messages
OT List: http://groups.yahoo.com/group/PGP-Basics-OT
OT Subscribe: mailto:PGP-Basics-OT-***@yahoogroups.com
Gossamer Spider Web of Trust http://www.gswot.org

Yahoo Groups Links

<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/PGP-Basics/

<*> Your email settings:
Individual Email | Traditional

<*> To change settings online go to:
http://groups.yahoo.com/group/PGP-Basics/join
(Yahoo! ID required)

<*> To change settings via email:
PGP-Basics-***@yahoogroups.com
PGP-Basics-***@yahoogroups.com

<*> To unsubscribe from this group, send an email to:
PGP-Basics-***@yahoogroups.com

<*> Your use of Yahoo Groups is subject to:
http://info.yahoo.com/legal/us/yahoo/utos/terms/

r***@yahoo.com
2014-01-01 01:48:44 UTC
Permalink
I deleted all the keys in my keyring before importing the modified key. Before trying to verify with the modified key, I tried it with an empty keyring; as expected, it said the signature was unknown since the signing key was not in my keyring.
Continue reading on narkive:
Search results for 'Effects of text editing a PGP key?' (Questions and Answers)
8
replies
is it wrong for censorship to occur??
started 2007-05-18 11:42:16 UTC
politics & government
Loading...