Security Basics mailing list archives
Re: PGP encrypted email - basic questions
From: "Jeffrey F. Bloss" <jbloss () tampabay rr com>
Date: Fri, 29 Dec 2006 17:35:04 -0500
Dave Moore wrote:
Hello all- I'm trying to get started with PGP and there are some concepts I am having trouble with. I understand that a recipient of a PGP signed/encrypted message will have to get my public key to decrypt said message. What I don't
Not exactly. To verify a signed message they will need your public key. To decrypt an encrypted message they don't necessarily have to know anything about you at all. However you need their public key to encrypt a message to them. Signing and encryption are (or can be) two completely different processes. As far as which key component is used, public or private, you can think of the two processes as mirror images of each other. Signing uses your private key to create something that can only be "unlocked" by your public key. Encryption on the other hand creates something using the public key component, which can only be "unlocked by the private key.
understand is how this is carried out in a seemingly automatic fashion for many of the email messages I receive, e.g. postings from mailing lists, in which I see the 'BEGIN PGP SIGNED.. ' and the signature at the end. I didn't decrypt these messages, and I have no idea how they got decrypted.
They didn't. They were sent out exactly the way you see them. What you're seeing is a process called "clear signing", where a text is wrapped in an "envelope" that can be used to determine if anything between the BEGIN and the signature has been changed. The text itself is meant to be readable by everyone. The signature is there mainly to prove message integrity, and with proper key management, authorship.
When I encrypt a message and send it to myself, the message I see is decidedly not decrypted. I did notice this header.. OpenPGP: id=5847D5CF; url=http://random.sks.keyserver.penguin.de:11371/pks/lookup?op=get&search=0x5847D5CF in the outgoing encrypted test message I sent, which leads me to suspect that it might have something to do with this process, but still, my message is not decrypted.
This is probably an option in your mail client configuration. I'm not familiar with anything that inserts the above headers specifically (I use GnuPG in a GNU/Linux environment), but they appear to be some sort of "convenience" header. Not absolutely necessary for normal operation, but nice to have around. PGP itself can be configured to automatically check public servers such as the one in the url above if it sees messages signed by keys not already on your keyring. I believe it can also search out and download keys if you tell it to encrypt something to a missing key. GnuPG does this anyway. If you find and set the option in your mail client that says something like "automatically check signatures" and configure PGP to "automatically retrieve keys", it could very well be that PGP uses the above information to collect missing public keys for you. Someone else may know more on this. -- _?_ Outside of a dog, a book is a man's best friend. (o o) Inside of a dog, it's too dark to read. -oOO-(_)--OOo-------------------------------[ Groucho Marx ]-- grok! Registered Linux user #402208
Attachment:
signature.asc
Description:
Current thread:
- Re: PGP encrypted email - basic questions Terra Frost (Jan 02)
- <Possible follow-ups>
- Re: PGP encrypted email - basic questions Eric White (Jan 02)
- Re: PGP encrypted email - basic questions Kevin Wilcox (Jan 02)
- Re: PGP encrypted email - basic questions levinson_k (Jan 02)
- Re: PGP encrypted email - basic questions Jeffrey F. Bloss (Jan 02)
- Re: PGP encrypted email - basic questions Tsu (Jan 02)
- Re: PGP encrypted email - basic questions Ansgar -59cobalt- Wiechers (Jan 02)
- Re: PGP encrypted email - basic questions Gouki (Jan 02)
- Re: PGP encrypted email - basic questions Timothy Pollard (Jan 02)
- Re: PGP encrypted email - basic questions Aaron Howell (Jan 02)
- RE: PGP encrypted email - basic questions Thomas D. (Jan 02)
- Re: PGP encrypted email - basic questions fabio983 (Jan 02)
- RE: PGP encrypted email - basic questions Bass, Mike B [CCC-OT_IT] (Jan 02)