Authenticated Digital Radio Traffic
Embedded PGP signatures sent in FLAMP
Who are you on the air? Well, your call sign of course. But while that’s the method by which we identify ourselves, it’s not a way to prove who we are. However if we lay the groundwork by exchanging PGP keys with other stations with whom we work, one can embed within digital traffic a way to authenticate who the traffic came from that’s much more robust than just the call sign used.
First off, this post assumes you have a license to operate HF radio, equipment to do so and functional knowledge of the FL suite of programs from Dave W1HKJ available here. Also assumed is that you have followed the instructions from AmRRON on setting up Kleopatra and PGP keys.
Second, this is what AmRRON National does for the weekly AIB, and I learned how to do it too from the seriously smart dudes on the Znet. If you are interested in this type of stuff you need to be AmRRON Corps and you need to be on the Znet. If you’re not, you’re missing out.
Let’s start with the desired end state: Stations with whom you exchange traffic regularly should be able to drag and drop a signed message received through FLAMP into the program Kleopatra and immediately verify the identity of the sender as being the same as the one with whom they exchanged keys.
This is what that looks like:
Here’s an example of a failed (spoofed PGP key) authentication:
Now that we know where we are trying to get to, let’s create some signed traffic.
Start by creating your traffic in FLMSG as normal, submit form, and then save according to the current file naming convention.
Next go find your file wherever you saved it.
Right click and open with a text editor (Notepad for Windows).
Copy all this text then head over to Kleopatra, where you are going to select the Notepad and paste the text into the window.
Now go to the recipients tab, ensure you are signing with the desired key if you have more than one, and uncheck the encryption options (unless of course we are in a post apocalyptic world without rule of law, in which case do whatever you please).
Once that’s all set, hit Sign Notepad.
You should get a “success” banner, which you can close out.
Now in the notepad tab you will now have a PGP signature at the bottom of your text.
Last thing is to copy all, return to your text editor, and replace the text in the text editor with your signed version.
Now go to File > Save, and close out the text editor. Note, do not do Save As! You need to overwrite the same file and keep it as a .k2s file. Save As will likely leave you with a .text file, which means you lost the form functionality from FLMSG.
Now test your work, go back to the certificates tab in Kleopatra, drag and drop your newly edited file and select “Decrypt/Verify”. You should get a confirmed signature.
Now remember, if you send in FLMSG the file will not contain the embedded signature, so while you can still send TFC that way, it can only be authenticated when sent with FLAMP.
That’s it folks, now go exchange keys with your peers and participate in the traffic nets!