RE: Simple Effective Secure Email

[Barrie Dempster <barrie () reboot-robot net>]

On Wed, 2004-09-08 at 21:35, LordInfidel () directionweb com wrote:
> For encryption; you would do the same thing as above, but instead of
> signing it, you would encrypt it.  The recipient would not be able to
> read the e-mail (it would like what you saw in the lordinfidel.txt
> file, unless they A) had the public key and B) new the password used to
> encrypt the file.


Not entirely correct here.
When you send a PGP encrypted file the process is as follows.
1. Sender encrypts with recipients public _key_.
2. Message is sent (usually signed by the senders key)
3. Recipient decrypts the message using their _private_ key and their
_private password_

Your point A is incorrect, the recipient needs the Private key, not the
public key

Your point B is incorrect, the recipient needs the password used in
their own key generation, not the pass used to encrypt the file (files
are encrypted with Key's not passes)

The whole point of PGP is their is no shared secret, its a public key
exchange mechanism. All passwords and private keys are reserved by the
key's owner, the only thing ever exchanged is the public keys.
-- 
Barrie Dempster (zeedo) - Fortiter et Strenue

  http://www.bsrf.org.uk

[ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]

Attachment: signature.asc
Description: This is a digitally signed message part