[olug] quick pgp question

Kris Gainsforth krisguy at alltel.net
Thu Jun 10 17:20:35 UTC 2004

How do you get PGP ASCII public keys installed? RTFM is leaving me

On Thu, 2004-06-10 at 11:02 -0500, Daniel Linder wrote:
> Just to help a bit, I tracked down some "How PGP works" pages and links. 
> I think they might help clarify a bit here:
> Overview: How PGP works: http://www.pgpi.org/doc/pgpintro/
> "Signed e-mail"
>  - See: "Digital Signatures" http://www.pgpi.org/doc/pgpintro/#p12
>  - Basically the e-mail is sent in plain text and an encrypted "hash" (a
> checksum which is then encrypted with the _senders_ private key) of the
> body of the e-mail is attached.  If a man-in-the middle tries to change
> something in the e-mail, the recipiant computer can compute the hash of
> the e-mail text it received, then decrypt the hash value (using the
> _senders_ public key) sent with the e-mail and compare the two.  If they
> match, then there is a high confidance that the e-mail has not been
> tampered with.
> "Encrypted e-mail"
>  - See: "How PGP works" http://www.pgpi.org/doc/pgpintro/#p10
>  - In this case, the e-mail is compressed and encrypted with a ramdom,
> symmetric, one-time "session key", and then the session key is encrypted
> with the _receivers_ public PGP key.  The recipiant computer then
> decrypts the session key with the _receivers_ private key, then uses that
> key to decrypt the e-mail.
>  - In addition, the encrypted e-mail inside /could/ be "signed" (see
> above) as an additional security measure.  By doing both these steps, you
> ensure that:
>  (1) Only the intended receiver (or whomever has the "private keys") can
> read the e-mail [encrypting].
>  (2) That the entity doing the sending was really who they say they are
> [signing].
> Dan

More information about the OLUG mailing list