Raul, Where can one get these keys, and what type of cost does PGP involve? -----Original Message----- From: guispeak@xxxxxxxxxxxxx [mailto:guispeak@xxxxxxxxxxxxx] On Behalf Of Raul A. Gallegos Sent: Thursday, November 18, 2004 9:19 AM To: guispeak@xxxxxxxxxxxxx Subject: [guispeak] Re: PGP -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Without getting into the dirty details of how it works here is a basic explanation. I have a key pair. This pair consists of a public key and a private key. I keep my private key and do not share it with anyone. It also has a password which you can assign to lock the key. The public key I can give out to anyone who wants it. Also, when others have a key pair I can get their public key and add it to my public key ring. I will need this to encrypt entire messages to them if I want. If I just want to pgp-sign a message that generates a hash so that if the message is forged or modified then the hash won't match up with the public key and you can tell if it's been tampered with. This is the thing I do now. I pgp-sign messages so that people know it's me who sent it and not a virus. If you have pgp software you can get my public key and verify it's me who signed the message. Basically if you verify with my public key the software looks at the pgp-signed message and compares it to the public key you have from me and if it matches then it's me. To encrypt a message is a little different. Let's say I wanted to send Rick an encrypted message I would need his public pgp key to do this. I write the message, I encrypt using his public key. What happens is pgp uses parts of my private key and parts of his public key to encrypt the message. If someone was to see the message on the internet it would appear totally garbled. He then receives the message and uses parts from his private key and my public key to be able to decrypt the message and then he can read it. It sounds complicated but once you get used to it there is nothing to it. For a while there was problems with pgp which btw stands for Pretty Good Privacy in that the encryption technology was not made public. For this other encryption hashes have been made. Also, you may notice that mine in the signature says gpg and not pgp. gpg stands for Gnu-s Privacy Guard which is basically the same thing but by a different name. You can have pgp keys or gpg keys and they interact with each other. Hope this helps. - -- Be careful what you set your heart on -- for it will surely be yours. -- James Baldwin, "Nobody Knows My Name" - -- Raul A. Gallegos - http://www.asmodean.net - -- Public GPG Key - http://asmodean.net/raul-pgp.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBnL1Kas0vKmIuNMcRAkcsAJwJ1YmqmexJr/Wwdt/cnWk8XxNQ2gCfUHy5 29wfjoufCWgN3LKE9+XX5Ew= =RGAl -----END PGP SIGNATURE----- ** To leave the list, click on the immediately-following link:- ** [mailto:guispeak-request@xxxxxxxxxxxxx?subject=unsubscribe] ** If this link doesn't work then send a message to: ** guispeak-request@xxxxxxxxxxxxx ** and in the Subject line type ** unsubscribe ** For other list commands such as vacation mode, click on the ** immediately-following link:- ** [mailto:guispeak-request@xxxxxxxxxxxxx?subject=faq] ** or send a message, to ** guispeak-request@xxxxxxxxxxxxx with the Subject:- faq ** To leave the list, click on the immediately-following link:- ** [mailto:guispeak-request@xxxxxxxxxxxxx?subject=unsubscribe] ** If this link doesn't work then send a message to: ** guispeak-request@xxxxxxxxxxxxx ** and in the Subject line type ** unsubscribe ** For other list commands such as vacation mode, click on the ** immediately-following link:- ** [mailto:guispeak-request@xxxxxxxxxxxxx?subject=faq] ** or send a message, to ** guispeak-request@xxxxxxxxxxxxx with the Subject:- faq