Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: GnuPG: users

[new-user] question

 

 

GnuPG users RSS feed   Index | Next | Previous | View Threaded


mick.crane at gmail

Apr 12, 2012, 3:21 PM

Post #1 of 4 (397 views)
Permalink
[new-user] question

hello,
I'm trying to understand the principals and benefits of using pgp/gpg
I think I understand that I send the part of my key that is public to
somebody and they use that key to encrypt a message which only I can
decypher.
So what if somebody uses my public key to send me a message purporting
to come from somebody else ?
what is the mechanism to ensure it came from who I think it did ?

regards
mick

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


sandals at crustytoothpaste

Apr 12, 2012, 5:13 PM

Post #2 of 4 (363 views)
Permalink
Re: [new-user] question [In reply to]

On Thu, Apr 12, 2012 at 11:21:16PM +0100, michael crane wrote:
> hello,
> I'm trying to understand the principals and benefits of using pgp/gpg
> I think I understand that I send the part of my key that is public to
> somebody and they use that key to encrypt a message which only I can
> decypher.
> So what if somebody uses my public key to send me a message purporting
> to come from somebody else ?
> what is the mechanism to ensure it came from who I think it did ?

The sender can sign the message to verify that it came from him or her.
If someone just sends you an unsigned encrypted message, there is no way
to verify that I came from who you think it did.

--
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
Attachments: signature.asc (0.82 KB)


rjh at sixdemonbag

Apr 12, 2012, 5:47 PM

Post #3 of 4 (363 views)
Permalink
Re: [new-user] question [In reply to]

On 04/12/2012 06:21 PM, michael crane wrote:
> what is the mechanism to ensure it came from who I think it did ?

Turn it around.

The public and the private key are inverses. Each can decrypt what the
other one encrypts. When someone encrypts a message with your public
key, only your private key can decrypt it. And if you encrypt a message
with your private key, then anyone who has your public key can decrypt it.

So if I have a copy of your public key, and it decrypts a message
successfully... then I know it was encrypted with your private key. And
since you're the only one who has your private key, it means I can have
confidence the message came from you.

Usually this process is called "signing" a message. This is how
signatures work. :)


_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


laurent.jumet at skynet

Apr 12, 2012, 10:31 PM

Post #4 of 4 (360 views)
Permalink
Re: [new-user] question [In reply to]

Hello michael !

michael crane <mick.crane [at] gmail> wrote:

> I'm trying to understand the principals and benefits of using pgp/gpg
> I think I understand that I send the part of my key that is public to
> somebody and they use that key to encrypt a message which only I can
> decypher.
> So what if somebody uses my public key to send me a message purporting
> to come from somebody else ?
> what is the mechanism to ensure it came from who I think it did ?

You are refering to the 2nd part of crypting: signature.
Crypting to your key is only to ensure that you'll be the only one to read it, but you are supposed to know what you'll find in the message.
Signing is dedicated to the receipient: it allows him to be sure that the message comes from exactly you.

--
Laurent Jumet
KeyID: 0xCFAF704C

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

GnuPG users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.