[guispeak] Re: PGP

  • From: "Raul A. Gallegos" <raul@xxxxxxxxxxxx>
  • To: guispeak@xxxxxxxxxxxxx
  • Date: Thu, 18 Nov 2004 08:18:34 -0700

Hash: SHA1

Without getting into the dirty details of how it works here is a basic 

I have a key pair.  This pair consists of a public key and a private 
key.  I keep my private key and do not share it with anyone.  It also 
has a password which you can assign to lock the key.  The public key I 
can give out to anyone who wants it.

Also, when others have a key pair I can get their public key and add it 
to my public key ring.  I will need this to encrypt entire messages to 
them if I want.

If I just want to pgp-sign a message that generates a hash so that if 
the message is forged or modified then the hash won't match up with the 
public key and you can tell if it's been tampered with.  This is the 
thing I do now.  I pgp-sign messages so that people know it's me who 
sent it and not a virus.  If you  have pgp software you can get my 
public key and verify it's me who signed the message.  Basically if you 
verify with my public key the software looks at the pgp-signed message 
and compares it to the public key you have from me and if it matches 
then it's me.

To encrypt a message is a little different.  Let's say I wanted to send 
Rick an encrypted message I would need his public pgp key to do this.  I 
write the message, I encrypt using his public key.  What happens is pgp 
uses parts of my private key and parts of his public key to encrypt the 
message.  If someone was to see the message on the internet it would 
appear totally garbled.  He then receives the message and uses parts 
from his private key and my public key to be able to decrypt the 
message and then he can read it.

It sounds complicated but once you get used to it there is nothing to 

For a while there was problems with pgp which btw stands for Pretty Good 
Privacy in that the encryption technology was not made public.  For this 
other encryption hashes have been made.  Also, you may notice that mine 
in the signature says gpg and not pgp.  gpg stands for Gnu-s Privacy 
Guard which is basically the same thing but by a different name.  You 
can have pgp keys or gpg keys and they interact with each other.

Hope this helps.

- -- 
Be careful what you set your heart on -- for it will surely be yours.
                -- James Baldwin, "Nobody Knows My Name"
- -- Raul A. Gallegos - http://www.asmodean.net
- -- Public GPG Key - http://asmodean.net/raul-pgp.asc
Version: GnuPG v1.2.4 (GNU/Linux)

** To leave the list, click on the immediately-following link:-
** [mailto:guispeak-request@xxxxxxxxxxxxx?subject=unsubscribe]
** If this link doesn't work then send a message to:
** guispeak-request@xxxxxxxxxxxxx
** and in the Subject line type
** unsubscribe
** For other list commands such as vacation mode, click on the
** immediately-following link:-
** [mailto:guispeak-request@xxxxxxxxxxxxx?subject=faq]
** or send a message, to
** guispeak-request@xxxxxxxxxxxxx with the Subject:- faq

Other related posts: