brought to you by d33pthought
- 3d printed firearm & firearm accessory models - for now nearly all from deterrence dispensed public pages
- verification signatures for models
- literature related to 3dp defense
- organization: it's hard for even long-standing community members to find content given patchwork disparate sources for related files
- security: reduce community attack surface by signing files
- redundancy: more sources makes it harder to censor content
- replicability: git infrastructure makes it easy to clone & modify in organized fashion
- forkability: if you want to modify/adapt you can have it your way
- git architecture well-balances advantages of centralization (replicability) & decentralization (forkability)
- freshness: fosscad is fantastic but is not frequently updated & contains stale models that make the repo much larger
- this doesn't exist yet
- "but this isn't needed!" - then don't use it
- "but simple hashes are as good as PGP ring signatures!" - no, they're absolutely not
- glock
- ruger by FMDA:
- S&W by FMDA:
- EAA by FMDA:
- diamondback by FMDA:
- hi-point by CTRLPew:
- FGC-9 by jstark1809 [spee.ch] [anonfile]
- files here were downloaded from speech, hash checked, zip files extracted, and models signed
- NOTE: part 7 media files omitted due to large file sizes
- hash for zips as verified by jstark1809 on keybase on 3/28:
00905ecd2c9ff90298751b7a80569f7a
- Tec9B Ghetto Blaster by FMDA [trailer] [spee.ch]
- Vz61 Skorpion by FMDA fosscad]
- AR15 .22lr Lower by FMDA [spee.ch]
- Plastikov by Ivan [trailer] [spee.ch zip]
- AR15 30 round by Ivan & FMDA [spee.ch]
- Glock 17 round Menendez Mag by Ivan [spee.ch]
- Glock 33 round Extendez Mag by Ivan [trailer] [spee.ch]
- Glock +2 Extension by WindowsTheOS [spee.ch]
- AR15 Mag Extension by FMDA [spee.ch]
- Brass Catcher by Ivan [spee.ch]
- M&P Shield Holster by RedYankee [spee.ch]
- DDA3V4 Pistol Brace by Aeonicentity [spee.ch]
- “Moms Demand Full Auto” Swift Link by FMDA [spee.ch]
- suppressor baffels by KadeCAD [trailer]
- milling jigs by CTRLPew:
- ECM barrels by Ivan
PGP ain't perfect, but it's useful. It can be used to increase confidence you are working with valid model files that haven't been tampered with. The details of installation/use will vary depending on computer platform (duckduckgo is your friend). Examples below are those that work in a modern linux environment.
- detached model signatures are included in this repo with a file hierarchy mirroring the repo files. also included are sigs for the zips that are listed on Ivan's pages
- public pgp keys:
- d33pthought:
- github key:
6B2062CCB178107C9FC3CA3209978FA36F146505
- github signing subkey:
10DBC5509AF9E4DE58A7937C21A5E4B5F4209362
- keybase:
85C2CE700955C042689F32CFC8597C06BED287DA
- github key:
- ctrlpew:
7E661D686F0CDA8B
- downloaded via keybase in early Jan 2020 - no additional verification performed
- (ctrlpew is only det_disp admin with listed public pgp key)
- d33pthought:
Overview:
- start with file to verify, a signature that corresponds that file, and the public key used to create the signature
- use the verified signature to check if the file is valid
Steps:
- obtain public key of signer
- e.g. obtain d33pthought's public key from github repo, keybase, and another trusted individual and notice that it's the same from all sources. in this repo it is contained within the public_keys directory
- import the public key:
gpg --import PUBLIC_KEY
- this adds the public key to your local public key ring (a collection of public keys)
- check that it's imported and note the key's keyid:
gpg --list-keys --with-subkey-fingerprint
- check the file against the signature
gpg --verify SIGNATURE_FILE FILE_TO_VERIFY
- e.g. for f17 stl from this repo's root directory:
gpg --verify 01_verification/detached_model_signatures/02_pistols/f17_d33p_ffmu/models/f17_d33p_ffmu.stl.asc 02_pistols/f17_d33p_ffmu/models/f17_d33p_ffmu.stl
- similar to verifying the signature, in the output should be:
- using key - with the appropriate keyid
- "Good signature"
When is this useful? If you obtain the file, signature, and key from the same source then this is pointless because all three could have been tampered with. If you obtain the public key from a trusted source then this procedure provides a degree of confidence that the file has not been tampered with.
- included selections from the Mises Institute
- external:
- groups
- deterrence dispsensed
- fosscad
- maduce git repo
- main site: simple & fancy
- IRC via hexchat
- keybase
- media
- community links