A quick adventure in dusting off an old PGP key, hashing a file, and giving a recipient an easy-to-follow proof path.

[written with the help of machine intelligence]

1 ? The problem that kicked it off

Last week my church sent me a rental agreement as a fill-in PDF. I filled it out, but before firing it back I wondered:

Could I send something more trustworthy than “here’s the file, trust me” without forcing the church admin (Diana) to install GPG or sign up for Keybase?

I haven’t seriously touched my PGP setup in years, but the idea of a lightweight, verifiable “signature” still appealed to the geek in me.

2 ? Taking inventory (a blast from 2013)

gpg --list-secret-keys

sec   rsa2048 2013-12-10 [SC]
      78E8E8E8B007206C2A5D9C83AA61D643ECB4CD2D
uid           Raymond Yee <raymond.yee@gmail.com>

Aha—my 2013 RSA-2048 key is still around. Keybase confirms it:

keybase pgp list
# PGP Fingerprint: 78e8e8e8b007206c2a5d9c83aa61d643ecb4cd2d

So Keybase and GPG agree: I still control the same key.

3 ? The lightweight signature plan

1. Hash the PDF
   (Because signing a small hash is friendlier than tacking a binary blob onto an email.)

   shasum -a 256 "20250830 YeeRental.Signed.pdf" \
    > pdf_hash.txt
   # ? 47a97a11…f1e4f7c  20250830 YeeRental.Signed.pdf

2. Sign the hash with my PGP key
   Using Keybase’s wrapper so I don’t have to juggle fingerprints:

   keybase pgp sign -i pdf_hash.txt -o pdf_hash.txt.asc

   Heads-up: Keybase warned me:
   Our PGP key … uses an insecure hash scheme (SHA1)
   More on that in the “Next steps” below.

3. Bundle three tiny files

   ? 20250830 YeeRental.Signed.pdf       ? the contract
   ? pdf_hash.txt.asc                   ? clear-signed hash
   ? README-verification.txt            ? human instructions

4. Give Diana the path of least resistance
   The README points her to a zero-install SHA-256 site
   (e.g., https://emn178.github.io/online-tools/sha256_checksum.html):

   1. Drag the PDF ? see the 64-char hash.
   2. Compare it with the one in my signed message.
   3. If curious, paste the signed block into https://keybase.io/verify.
      She’ll see “Good signature from rdhyee”.

That’s it: no local GPG, no Keybase account, just two web pages.

4 ? Did I actually send the signed bundle?

Of course not. In the heat of the moment I reverted to “just attach the PDF.”
But the exercise was worth it—I now have a repeatable, recipient-friendly workflow ready for next time.

5 ? What the SHA-1 warning means & my next moves

• Why the warning?
  My primary UID self-signature dates back to 2013 and was made with SHA-1. Modern GnuPG flags that as “legacy.”
  (The signatures I just created use SHA-256, so the content I sign is fine. The warning just nudges me to modernize the key itself.)

• Upgrade game-plan

  1. Generate a fresh key — ed25519 + separate encryption subkey.
  2. Sign the new key with the old one to keep a verifiable chain of custody.
  3. Upload the new key to Keybase (keybase pgp select).
     (Keybase only holds one active PGP key, so the old one will move to the “revoked” tab—or I can leave it un-revoked for legacy checks.)
  4. Set a short expiration (one-year) and renew annually.
  5. Back it up & maybe move private material to a YubiKey.

Until then, my 2048-bit RSA key is still “good enough,” but modern curves?shorter lifetimes are a cleaner future.

6 ? Take-aways

• A PGP signature doesn’t have to be intimidating—hash-then-sign keeps the process email-sized and recipient-friendly.
• Keybase’s “paste to verify” page bridges techies and non-techies nicely.
• Even a dusty 2013 key can still serve, but updating keeps the warnings away and future-proofs my identity.

Next time the church sends a form, I’ll be ready—with a shiny new ed25519 key and an even smoother README.

I'm fascinated that when I ask ChatGPT to speak French with English words embedded in the French, it stays in "French mode" and speaks the English words with what I recognize as a French accent for English. Does that accent come about as a happy byproduct of mapping English sounds into a French speech model -- that is, are "accents" just epiphenomena here? Or does ChatGPT actually have special accent handling?

I'm not sure what to make of the explanation that perplexity.ai gave in response to my musing. Is the answer correct?

Well, I'm going to stop this blogging series and declare success. I had applied to the Recurse Center for a 12 week stint between Sept 18 and Dec 7. When I was turned down, I decided that I still wanted to reserve that time to work on MyInfoNet. Since then, I've found that the other parts of my life demand my attention, and they are more important than MyInfoNet at this time. Sure, I can keep posting each weekday -- and I am proud of myself for doing so for six weeks, but clearly my heart wasn't in much of what I was writing. I'm happy to report that I have plenty of other projects for which I'm collaborating with other people. So back to my regular blogging. I'll post when I have something to say publicly.

Today, I helped the author of Bike to debug how licenses are renewed: Renew Bike License (website version) - Bike Outliner - Hog Bay Software Support

In response to my prompt

There are various "protocols" in Python -- interfaces involving the implementation of certain methods to fulfill a protocol. For example the iterator protocol is implemented via __iter and __next. Confirm what I just wrote and also tell me about other protocols. I understand there is a sequence protocol and a container protocol. True? What other ones?

I got the answer from perplexity.ai:

Yes, you\'re correct about the iterator protocol in Python. It is
implemented via the __iter__ and __next__ methods. An object is considered an iterator in Python if it implements these two
methods

In addition to the iterator protocol, Python also has other protocols
such as the sequence protocol and the container protocol.The sequence protocol is implemented by defining methods
like __getitem__ and __len__. The __getitem__ method is used to get an element at a specific index, and the __len__ method is used to get the number of elements in the sequence. Other methods that can be part of the sequence protocol
include __contains__, __iter__, __reversed__, and
more

The container protocol is less clearly defined in the Python
documentation, but it generally refers to methods that allow an object to store other objects and provide ways to access and manipulate them. This can include methods like __contains__, __iter__, and __len__, similar to the sequence protocol

There are also other protocols in Python. For example, the async
iterator protocol, which is similar to the iterator protocol but used
for asynchronous iteration. It is implemented via the __aiter__ and __anext__ methods

Another example is the protocol for numerical types, which includes
methods
like __add__, __sub__, __mul__, __truediv__, __floordiv__, __mod__, __divmod__, __pow__, __neg__, __pos__, __abs__, __invert__, __complex__, __int__, __float__, __round__, __trunc__, __floor__, __ceil__, and more. These methods allow an object to behave like a numerical value and interact with other numerical values in a meaningful way.There are many more protocols in Python, and they are a powerful tool for creating objects that interact with built-in Python constructs in a natural way. However, there doesn\'t seem to be a comprehensive list of all protocols in the Python documentation

I liked listening to how an expert GTDer is using OmniFocus to implement GTD on GTD Focus President Meg Edwards Returns - The Omni Show (Oct 23, 2023). I\'m still trying to get a good GTD implementation using Obsidian. I see larslockefeer/obsidian-plugin-todo -- but it\'s not been updated since Feb, 2022 -- so I wouldn\'t use it. (Obsidian plugins that aren\'t being regularly updated are probably not worth the effort to use.). There\'s the fascinating little Issues · saibotsivad/obsidian-gtd-no-next-step. Probably the key insight is that I should focus on time-blocking than diving into a complicated GTD setup right now.

I was delighted to get an email today saying that I was eligible to upgrade to a new version of Keyboard Maestro (a license for which I had just purchased a few months ago.) From Stairways Software: Press Releases:

The engine adds a new keyboardmaestro command line tool for triggering macros, modern JavaScript syntax, Apple Text Recognition option, a new palette to show active macro groups, enhanced scripting support, and more.