Security Basics mailing list archives
Re: PGP encrypted email - basic questions
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Sat, 30 Dec 2006 03:05:05 +0100
On 2006-12-29 Dave Moore wrote:
I'm trying to get started with PGP and there are some concepts I am having trouble with. I understand that a recipient of a PGP signed/encrypted message will have to get my public key to decrypt said message.
No. The recipient of your message will have to get your public key to verify your signature of the message. If you want to encrypt the message you will have to get the recipients public key. You sign a message with your private key. The recipient verifies the signature with your public key. You encrypt a message with the recipient's public key. The recipient decrypts the message with his private key. Because the private keys always remain with their respective owners this guarantees the integrity of a signature (only the original sender has the private key to create the signature) as well as the confidentiality of the encrypted message (nobody but the intended recipient has the private key to decrypt the message).
What I don't understand is how this is carried out in a seemingly automatic fashion for many of the email messages I receive, e.g. postings from mailing lists, in which I see the 'BEGIN PGP SIGNED.. ' and the signature at the end. I didn't decrypt these messages, and I have no idea how they got decrypted.
It's not encrypted, see above. Whether a key not in your keyring is automatically fetched from a key server is a matter of configuration. Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq
Current thread:
- Re: PGP encrypted email - basic questions Terra Frost (Jan 02)
- <Possible follow-ups>
- Re: PGP encrypted email - basic questions Eric White (Jan 02)
- Re: PGP encrypted email - basic questions Kevin Wilcox (Jan 02)
- Re: PGP encrypted email - basic questions levinson_k (Jan 02)
- Re: PGP encrypted email - basic questions Jeffrey F. Bloss (Jan 02)
- Re: PGP encrypted email - basic questions Tsu (Jan 02)
- Re: PGP encrypted email - basic questions Ansgar -59cobalt- Wiechers (Jan 02)
- Re: PGP encrypted email - basic questions Gouki (Jan 02)
- Re: PGP encrypted email - basic questions Timothy Pollard (Jan 02)
- Re: PGP encrypted email - basic questions Aaron Howell (Jan 02)
- RE: PGP encrypted email - basic questions Thomas D. (Jan 02)
- Re: PGP encrypted email - basic questions fabio983 (Jan 02)
- RE: PGP encrypted email - basic questions Bass, Mike B [CCC-OT_IT] (Jan 02)