RE: PGP encrypted email - basic questions

["Thomas D." <whistl0r () googlemail com>]

Dave asked on Friday, December 29, 2006 4:01 PM:
> I understand that a recipient of a PGP signed/encrypted message will
> have to get my public key to decrypt said message.

Your recipient needs your public key to check the signature, but only with your public key he/she isn't able to decrypt 
the encrypted message, because in the moment you send that mail, you have to decide who should be able to read this 
mail, because you will only encrypt this message with those public keys (don't forget your own key, if you want to be 
able to read this mail in your "send messages" folder).


> What I don't
> understand is how this is carried out in a seemingly automatic fashion
> for many of the email messages I receive, e.g. postings from mailing
> lists, in which I see the 'BEGIN PGP SIGNED.. ' and the signature at
> the end.

You can sign every mail, you are sending. This can be done automatically using a pgp-relay service or many pgp plugins 
like Enigmail offers these functionality.

As I said before, If the recipient wants to validate this signature, he/she needs your public key.
This is the reason, why you can do this without any user interaction while sending.

If you want do encrypt your message your are sending, you need the public key from the recipient, you are sending this 
message to. Many PGP applications offers functions to search automatically for those keys.

But keep in mind:
One of the basic idea behind PGP is the TRUST. If you download a key automatically to encrypt the message for this 
recipient, you don't really know if you have his/her key or if it probably a key from a bad guy, spoofing to be your 
recipient :)