Security Basics mailing list archives
RE: Simple Effective Secure Email
From: Barrie Dempster <barrie () reboot-robot net>
Date: Thu, 09 Sep 2004 10:48:21 +0100
On Wed, 2004-09-08 at 21:35, LordInfidel () directionweb com wrote:
For encryption; you would do the same thing as above, but instead of signing it, you would encrypt it. The recipient would not be able to read the e-mail (it would like what you saw in the lordinfidel.txt file, unless they A) had the public key and B) new the password used to encrypt the file.
Not entirely correct here. When you send a PGP encrypted file the process is as follows. 1. Sender encrypts with recipients public _key_. 2. Message is sent (usually signed by the senders key) 3. Recipient decrypts the message using their _private_ key and their _private password_ Your point A is incorrect, the recipient needs the Private key, not the public key Your point B is incorrect, the recipient needs the password used in their own key generation, not the pass used to encrypt the file (files are encrypted with Key's not passes) The whole point of PGP is their is no shared secret, its a public key exchange mechanism. All passwords and private keys are reserved by the key's owner, the only thing ever exchanged is the public keys. -- Barrie Dempster (zeedo) - Fortiter et Strenue http://www.bsrf.org.uk [ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Simple Effective Secure Email Steve (Sep 08)
- Re: Simple Effective Secure Email Javier Blanque (Sep 08)
- Re: Simple Effective Secure Email Gabriel Orozco (Sep 08)
- Re: Simple Effective Secure Email Calvin Maready (Sep 08)
- <Possible follow-ups>
- RE: Simple Effective Secure Email Mark Medici (Sep 08)
- RE: Simple Effective Secure Email LordInfidel (Sep 08)
- Re: Simple Effective Secure Email Steve (Sep 08)
- RE: Simple Effective Secure Email Barrie Dempster (Sep 09)
- Re: Simple Effective Secure Email Illya Knight (Sep 13)
- RE: Simple Effective Secure Email Raoul Armfield (Sep 10)
- RE: Simple Effective Secure Email Andrew Aris (Sep 13)
- RE: Simple Effective Secure Email Jonathan Loh (Sep 13)
- Definitions Mark Teicher (Sep 16)
- Re: Definitions GuidoZ (Sep 18)
- Re: Definitions Mark Teicher (Sep 17)
- Re: Definitions GuidoZ (Sep 22)
- Re: Simple Effective Secure Email Steve (Sep 08)