Re: PGP encrypted email - basic questions

[Kevin Wilcox <kevin () tux appstate edu>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dave Moore wrote:

> I understand that a recipient of a PGP signed/encrypted message will
> have to get my public key to decrypt said message. What I don't
> understand is how this is carried out in a seemingly automatic fashion
> for many of the email messages I receive, e.g. postings from mailing
> lists, in which I see the 'BEGIN PGP SIGNED.. ' and the signature at
> the end. I didn't decrypt these messages, and I have no idea how they
> got decrypted.

A *signed* message means that someone used their private key to sign it.

To verify that it is an authentic signature you need to import their
public key.

The messages aren't encrypted, just signed.

> When I encrypt a message and send it to myself, the message I see is
> decidedly not decrypted. I did notice this header..
>
> OpenPGP: id=5847D5CF;
> url=http://random.sks.keyserver.penguin.de:11371/pks/lookup?op=get&search=0x5847D5CF
>
>
> in the outgoing encrypted test message I sent, which leads me to
> suspect that it might have something to do with this process, but
> still, my message is not decrypted.

The header you are seeing is a link to the keyserver that has your
public key.

To send someone an encrypted message you would first go to a keyserver
(or, better yet, to the individual) and get their public key. You would
encrypt the message and they would decrypt it using their private key.

If you send yourself an encrypted message you would be using your public
key to encrypt it and your private key to decrypt it.

kmw

- --
Kevin Wilcox
http://ess.appstate.edu
http://www.appstate.edu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFlYm6sKMTOtQ3fKERArvwAJ9+QIaCY5y1EBBvSaxSmMxhKNe4pgCgwb/m
/41sdBB6+F4uqzK7hYnqkmU=
=iZg2
-----END PGP SIGNATURE-----