Welcome to orknexus!

Please follow the instructions below if you want to verify a PGP digital signature (See: PGP at Wikipedia) of a text claiming to be written by me.

The process actually is much simpler and faster than it might initially seem to you.

(Please note that this method lets you verify authenticity of a plain text. And it can NOT verify any possible HTML links embedded into the webpage where you did copy the signed text message from.)

How To

1. Install the GPG software (to e.g. C:\GPG).
2. Download the public key file and save it to a directory accessible by the software (e.g. C:\GPG).
3. Import the key using the software you have just installed.

   At the command prompt, type: gpg --import "orknexus_public_key.txt"
   GPG should say: gpg: key XXX: public key "orknexus orknexus@yahoo.com" imported.
   

4. Copy+paste the text you want to verify into a text file.

   Save the text file as "test.txt" into a directory accessible by the software (e.g. C:\GPG).
   Note: Save all text, including also the "-----BEGIN PGP SIGNED MESSAGE-----" and "-----END PGP SIGNATURE-----" lines. You can paste even more than that, even the whole Web page if you like - software will process only the relevant data.
   

5. Use the software to verify the authenticity of the digital signature in the text.

   Type at the command prompt: gpg --verify "test.txt"
   GPG should say: gpg: Good signature from "orknexus ". If it doesn't, the message may be a fake.
   Still, there is a chance that the message has been corrupted by the Web site formatting engine. Try replacing all occurances of various single quotes to simple single quote symbol (') and replace all double quotes by simple double quotes ("). Other formatting artifacts are possible too.
   (If you receive a message gpg: no signed data this means that the text has been corrupted by the Web site. Check that the standard parts of PGP signature are OK. First of all, replace any dashes to the both sides of the lines written in capitals to five dashes at each site, overwrite the existing ones, even if they look OK!)

Afterwards it is enough to go through steps 4 and 5 to verify another message.

Why?

At a certain Web site forum I run into an unpleasant situation that my discussion opponents started posting offensive comments in my name.

As the site did not provide facilities for registering the nickname, anyone could use anyone's else nickname without any restrictions or difficulties whatsoever thus disrupting the discussion, damaging assumed poster's reputation and propagating disinformation.

This is an attempt to resolve the identity theft problem by using PGP cryptography software to digitally sign my posts and let the readers verify the authenticity of the message if the need will be.

Resources

• My public key: orknexus_public_key.txt

• Software: Get GnuPG 1.4.7 for Microsoft Windows or see for yourself at www.gnupg.org or elsewhere.

• Some more information on how to use it: "A Practical Introduction to GPG in Windows"

Notice!

Some countries may have restrictions on use of cryptographic software. Be sure you do not break any laws by following the instructions contained herein. After all that will be your responsibility...

Appendix

You can use this signed test message to practice: