Security Basics mailing list archives
Re: PGP encrypted email - basic questions
From: Terra Frost <terrafrost () gmail com>
Date: Fri, 29 Dec 2006 14:59:53 -0600
Dave Moore wrote:
Hello all- I'm trying to get started with PGP and there are some concepts I am having trouble with. I understand that a recipient of a PGP signed/encrypted message will have to get my public key to decrypt said message. What I don't understand is how this is carried out in a seemingly automatic fashion for many of the email messages I receive, e.g. postings from mailing lists, in which I see the 'BEGIN PGP SIGNED.. ' and the signature at the end. I didn't decrypt these messages, and I have no idea how they got decrypted.
The signature is encrypted - not the message. The signature can take the form of an MD5 hash and is, in essence, a "summed-up" version of the message. Decrypt this with the senders key, check the emails MD5 hash with the newly decrpyted MD5 hash, and if there's a match, you can be assured that the message did indeed come from the person who claims to have sent it. The From field, alone, isn't sufficient, since that can be spoofed rather easily.
Current thread:
- Re: PGP encrypted email - basic questions Terra Frost (Jan 02)
- <Possible follow-ups>
- Re: PGP encrypted email - basic questions Eric White (Jan 02)
- Re: PGP encrypted email - basic questions Kevin Wilcox (Jan 02)
- Re: PGP encrypted email - basic questions levinson_k (Jan 02)
- Re: PGP encrypted email - basic questions Jeffrey F. Bloss (Jan 02)
- Re: PGP encrypted email - basic questions Tsu (Jan 02)
- Re: PGP encrypted email - basic questions Ansgar -59cobalt- Wiechers (Jan 02)
- Re: PGP encrypted email - basic questions Gouki (Jan 02)
- Re: PGP encrypted email - basic questions Timothy Pollard (Jan 02)
- Re: PGP encrypted email - basic questions Aaron Howell (Jan 02)
- RE: PGP encrypted email - basic questions Thomas D. (Jan 02)
(Thread continues...)