I'm confused.... if you don't want people to be able to read your email, you code it with PGP or other encoders... but why give away your key on your website to everyone? That makes your email readable to everyone... doesn't it? Oh well... I hope someone can explain this to me... Roki
Responses you've gotten have foccussed on defining public versus private key. Some have cited how they are used, but I'd like to emphasize this: Message authentication: Make a "hash" of the message, i.e., compute a short, unique tag of the message. (A common algorithm for this is MD5.) Then "encrypt" the hash using the SENDER's private key. Anyone wishing to authenticate the message uses the SENDER's public key to "decrypt" the hash and check it against the message receive (i.e., recompute a new hash and compare it to the received one.) Message privacy: Encrypt the message data. (A common algorithm is DES or, more recently, triple DES. PGP uses IDEA.) To get acceptable performance, encryption is done using a symmetric key algorithm, rather than a much slower asymmetric (public) key algorithm. Then "encrypt" the symmetric key using the RECEIVER's public key. The RECEIVER uses their private key to decrypt the symmetric key and then uses the symmetric key to decrypt the data. Note that these two different functions use private keys in an essential opposite manner, or reverse relationship. d/ -------------------- Dave Crocker +1 408 246 8253 Brandenburg Consulting fax: +1 408 249 6205 675 Spruce Dr. dcrocker@brandenburg.com Sunnyvale CA 94086 USA http://www.brandenburg.com Internet Mail Consortium http://www.imc.org, info@imc.org
-----BEGIN PGP SIGNED MESSAGE----- Nope. With PGP you get 2 keys... One you keep secret (secret key), the other you make public (public key). This way, if I want to send you a message, I don't need to talk to you to arrange for a session key or any passcodes, because PGP takes care of it. Say you wanted to send me a message... You check your keyring (pgp -kv), but alas my key isn't there. So you go to the keyserver (http://www-swiss.ai.mit.edu/~bal/pks-toplev.html), and retreive my key into a file (sean.asc). Then you run pgp on it (pgp sean.asc) and it gets integrated into your keyring. Now you type your message to me, and encrypt it with *my* public key, and *sign it with your private key* (pgp -sea message_to_sean.txt 0xD12B3419). Then you send it off to me. (The 0xD12B3419 is my key id, and is displayed when you play with my key) When I get it, I can export it to a file (message.asc), and run pgp on it (pgp message.asc). Hey, it is signed, so I grab your key from the server, and pgp message.asc it again. Since you encrypted it with my public key, _only my secret key_ can decrypt it, not even you can see it! Also, since only you have access to your secret key, (if your signature checks out), I know it had to have been you who wrote the message and it was not tampered with. (To be technically correct, I don't exactly know it was you, since I haven't trusted your key at this point, but we'll let that one slide) - From this point, we can send and receive messages pretty easily, since we don't have to snarf keys. It is also a bit easier than I make it out to be, because there are many automation tools out there for pgp. Sean On Tue, 13 Aug 1996 sasa.roskar@uni-lj.si wrote:
I'm confused.... if you don't want people to be able to read your email, you code it with PGP or other encoders... but why give away your key on your website to everyone? That makes your email readable to everyone... doesn't it? Oh well... I hope someone can explain this to me...
Roki
- ------------------------------------------------------------------ Sean Walberg umwalber@cc.umanitoba.ca The Web Guy http://home.cc.umanitoba.ca/~umwalber UNIX Group, U. of Manitoba PGP Key Available from Servers -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv Comment: Processed by mkpgp, a Pine/PGP interface. iQCVAwUBMhCMc982JgvRKzQZAQEjYAP/SWjf2z2lZjYzBKVRMo9fcaMEZXiQSal2 YRjhzIXI9LyOF+mEz+KvPscJEsKqwM0JQl64ZpYhvp2junRly292jflIpxsnSJSS ZteKoFJ+JE2Rd4TMDHbojucAEN4ZrW0G5y6RUcT5ntkKKWCzjGnYhSeM//bb9mOe ccq+A8aI9dY= =j2nK -----END PGP SIGNATURE-----
Hi
I'm confused.... if you don't want people to be able to read your email, you code it with PGP or other encoders... but why give away your key on your website to everyone? That makes your email readable to everyone... doesn't it? Oh well... I hope someone can explain this to me...
Not really, because when you generate a key, you generate a key, two are actually generated: one public and one private. The public key you give to *everyone*, put in you signature, in the newspapers and in your .plan; wherever. You also then have a matching private key, which you NEVER give out. Now the mathematics are pretty simple, but I'll pass over it. Essentially your public key will decode what your private key encrypts and your private key will decode what your public key encodes. So if someone uses your public key to send a message to you, only you can decode it, since ONLY you have the matching private key. This is used for signing as well. If you encrypt your message with your private key, only your public key and decode it, since ONLY you have the matching private key, if your public key, which everyone has, can decode it, then ONLY you could have sent it. So to sign and encrypt a message to someone all that happens is you encrypt your message with your private key and then again with their public key. And it will be signed (only you could have sent it) and encrypted (only they can read it) I should mention at this point that pgp handles all this, because it sounds very complex and time-consuming. To encrypt a message you simply type: pgp -e PrivateLetter.txt sasa.roskar@uni-lj.si --> call pgp [pgp] and encrypt [-e] a message [PrivateLetter.txt] to the recipient [sasa.roskar@uni-lj.si]. Pgp will look sasa.roskar@uni-lj.si up in your own public keyring and use that public key. Signing is just a matter of saying -s as well Hope this helps, and is accurate. Later Mike -- I'm sure we will find out in a few years that Microsoft invented the Net. Or brought it to the masses. Or saved it from a certain and early demise. Or all of the above. JAMES SEYMOUR
participants (4)
-
Dave Crocker -
Mike van der Merwe -
sasa.roskar@uni-lj.si -
Sean Walberg