Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: PGP encrypted email - basic questions

From: Terra Frost <terrafrost () gmail com>
Date: Fri, 29 Dec 2006 14:59:53 -0600
Dave Moore wrote:

Hello all-

I'm trying to get started with PGP and there are some concepts I am
having trouble with.

I understand that a recipient of a PGP signed/encrypted message will
have to get my public key to decrypt said message. What I don't
understand is how this is carried out in a seemingly automatic fashion
for many of the email messages I receive, e.g. postings from mailing
lists, in which I see the 'BEGIN PGP SIGNED.. ' and the signature at
the end. I didn't decrypt these messages, and I have no idea how they
got decrypted.
The signature is encrypted - not the message. The signature can take the form of an MD5 hash and is, in essence, a "summed-up" version of the message. Decrypt this with the senders key, check the emails MD5 hash with the newly decrpyted MD5 hash, and if there's a match, you can be assured that the message did indeed come from the person who claims to have sent it. The From field, alone, isn't sufficient, since that can be spoofed rather easily.
Previous By Date Next
Previous By Thread Next

Current thread: