[olug] quick pgp question
Kris Gainsforth
krisguy at alltel.net
Thu Jun 10 17:20:35 UTC 2004
How do you get PGP ASCII public keys installed? RTFM is leaving me
confused.
On Thu, 2004-06-10 at 11:02 -0500, Daniel Linder wrote:
> Just to help a bit, I tracked down some "How PGP works" pages and links.
> I think they might help clarify a bit here:
>
> Overview: How PGP works: http://www.pgpi.org/doc/pgpintro/
>
> "Signed e-mail"
> - See: "Digital Signatures" http://www.pgpi.org/doc/pgpintro/#p12
> - Basically the e-mail is sent in plain text and an encrypted "hash" (a
> checksum which is then encrypted with the _senders_ private key) of the
> body of the e-mail is attached. If a man-in-the middle tries to change
> something in the e-mail, the recipiant computer can compute the hash of
> the e-mail text it received, then decrypt the hash value (using the
> _senders_ public key) sent with the e-mail and compare the two. If they
> match, then there is a high confidance that the e-mail has not been
> tampered with.
>
> "Encrypted e-mail"
> - See: "How PGP works" http://www.pgpi.org/doc/pgpintro/#p10
> - In this case, the e-mail is compressed and encrypted with a ramdom,
> symmetric, one-time "session key", and then the session key is encrypted
> with the _receivers_ public PGP key. The recipiant computer then
> decrypts the session key with the _receivers_ private key, then uses that
> key to decrypt the e-mail.
> - In addition, the encrypted e-mail inside /could/ be "signed" (see
> above) as an additional security measure. By doing both these steps, you
> ensure that:
> (1) Only the intended receiver (or whomever has the "private keys") can
> read the e-mail [encrypting].
> (2) That the entity doing the sending was really who they say they are
> [signing].
>
> Dan
>
More information about the OLUG
mailing list