[guispeak] Re: PGP
- From: "Raul A. Gallegos" <raul@xxxxxxxxxxxx>
- To: guispeak@xxxxxxxxxxxxx
- Date: Thu, 18 Nov 2004 08:18:34 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Without getting into the dirty details of how it works here is a basic
explanation.
I have a key pair. This pair consists of a public key and a private
key. I keep my private key and do not share it with anyone. It also
has a password which you can assign to lock the key. The public key I
can give out to anyone who wants it.
Also, when others have a key pair I can get their public key and add it
to my public key ring. I will need this to encrypt entire messages to
them if I want.
If I just want to pgp-sign a message that generates a hash so that if
the message is forged or modified then the hash won't match up with the
public key and you can tell if it's been tampered with. This is the
thing I do now. I pgp-sign messages so that people know it's me who
sent it and not a virus. If you have pgp software you can get my
public key and verify it's me who signed the message. Basically if you
verify with my public key the software looks at the pgp-signed message
and compares it to the public key you have from me and if it matches
then it's me.
To encrypt a message is a little different. Let's say I wanted to send
Rick an encrypted message I would need his public pgp key to do this. I
write the message, I encrypt using his public key. What happens is pgp
uses parts of my private key and parts of his public key to encrypt the
message. If someone was to see the message on the internet it would
appear totally garbled. He then receives the message and uses parts
from his private key and my public key to be able to decrypt the
message and then he can read it.
It sounds complicated but once you get used to it there is nothing to
it.
For a while there was problems with pgp which btw stands for Pretty Good
Privacy in that the encryption technology was not made public. For this
other encryption hashes have been made. Also, you may notice that mine
in the signature says gpg and not pgp. gpg stands for Gnu-s Privacy
Guard which is basically the same thing but by a different name. You
can have pgp keys or gpg keys and they interact with each other.
Hope this helps.
- --
Be careful what you set your heart on -- for it will surely be yours.
-- James Baldwin, "Nobody Knows My Name"
- -- Raul A. Gallegos - http://www.asmodean.net
- -- Public GPG Key - http://asmodean.net/raul-pgp.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFBnL1Kas0vKmIuNMcRAkcsAJwJ1YmqmexJr/Wwdt/cnWk8XxNQ2gCfUHy5
29wfjoufCWgN3LKE9+XX5Ew=
=RGAl
-----END PGP SIGNATURE-----
** To leave the list, click on the immediately-following link:-
** [mailto:guispeak-request@xxxxxxxxxxxxx?subject=unsubscribe]
** If this link doesn't work then send a message to:
** guispeak-request@xxxxxxxxxxxxx
** and in the Subject line type
** unsubscribe
** For other list commands such as vacation mode, click on the
** immediately-following link:-
** [mailto:guispeak-request@xxxxxxxxxxxxx?subject=faq]
** or send a message, to
** guispeak-request@xxxxxxxxxxxxx with the Subject:- faq
Other related posts:
