Security Basics mailing list archives
RE: PGP encrypted email - basic questions
From: "Thomas D." <whistl0r () googlemail com>
Date: Sat, 30 Dec 2006 13:03:04 +0100
Dave asked on Friday, December 29, 2006 4:01 PM:
I understand that a recipient of a PGP signed/encrypted message will have to get my public key to decrypt said message.
Your recipient needs your public key to check the signature, but only with your public key he/she isn't able to decrypt the encrypted message, because in the moment you send that mail, you have to decide who should be able to read this mail, because you will only encrypt this message with those public keys (don't forget your own key, if you want to be able to read this mail in your "send messages" folder).
What I don't understand is how this is carried out in a seemingly automatic fashion for many of the email messages I receive, e.g. postings from mailing lists, in which I see the 'BEGIN PGP SIGNED.. ' and the signature at the end.
You can sign every mail, you are sending. This can be done automatically using a pgp-relay service or many pgp plugins like Enigmail offers these functionality. As I said before, If the recipient wants to validate this signature, he/she needs your public key. This is the reason, why you can do this without any user interaction while sending. If you want do encrypt your message your are sending, you need the public key from the recipient, you are sending this message to. Many PGP applications offers functions to search automatically for those keys. But keep in mind: One of the basic idea behind PGP is the TRUST. If you download a key automatically to encrypt the message for this recipient, you don't really know if you have his/her key or if it probably a key from a bad guy, spoofing to be your recipient :)
Current thread:
- Re: PGP encrypted email - basic questions Terra Frost (Jan 02)
- <Possible follow-ups>
- Re: PGP encrypted email - basic questions Eric White (Jan 02)
- Re: PGP encrypted email - basic questions Kevin Wilcox (Jan 02)
- Re: PGP encrypted email - basic questions levinson_k (Jan 02)
- Re: PGP encrypted email - basic questions Jeffrey F. Bloss (Jan 02)
- Re: PGP encrypted email - basic questions Tsu (Jan 02)
- Re: PGP encrypted email - basic questions Ansgar -59cobalt- Wiechers (Jan 02)
- Re: PGP encrypted email - basic questions Gouki (Jan 02)
- Re: PGP encrypted email - basic questions Timothy Pollard (Jan 02)
- Re: PGP encrypted email - basic questions Aaron Howell (Jan 02)
- RE: PGP encrypted email - basic questions Thomas D. (Jan 02)
- Re: PGP encrypted email - basic questions fabio983 (Jan 02)
- RE: PGP encrypted email - basic questions Bass, Mike B [CCC-OT_IT] (Jan 02)