On Thu, Jan 19, 2012 at 4:04 PM, Dale <rdalek1...@gmail.com> wrote: > Chris Walters wrote: >> On 1/19/2012 11:57 AM, Frank Steinmetzger wrote: >>> On Thu, Jan 19, 2012 at 12:53:07AM -0600, Dale wrote: >>> >>>> While on this subject, sort of. Who on here as their email set up to >>>> encrypt and decrypt emails? I want to test some things OFF LIST. >>> >>> Well, if you had signed your mail, then I could write you encrypted. :) >> >> This is a test. Enigmail has been trying to use a revoked and expired key to >> sign my messages, lately. >> >> Chris >> > > > I have a question now. I got a message from Paul Hartman and replied to > it, off list, and it was encrypted and I hope my reply was too. My > question is this. How do you make a email that only the sender and > receiver can read? As a example. I'm talking to a Doctor or a lawyer > and I don't want anyone but that person to see the email. How do I do > that? Can that be done. > > The message that I am repying to appears to be something, encypted > maybe, but I think anyone on this list that uses the tool can read it. > Am I correct? > > I'm trying to get a full understanding of this thing. Ya'll know how I > am. lol
There are basically 2 things PGP/GPG normally does for emails: signing and encrypting. They are not mutually exclusive. Signing (like you see on a lot of messages on this list, for example) is about the person who SENT the message. It lets you verify that the person who wrote the message is who you think they are, and that the contents of the message itself have not been altered. Encrypting is about the person RECEIVING the message. If you encrypt, it makes it so the message cannot be read by anyone except for the recipients you specified when encrypting it. (The sender is usually added to the encrypted recipients automatically, in case he needs to read his own sent message at a later date). Encryption is obviously in very bad taste on a public mailing list. :) So if you send a message that is both signed + encrypted, it will verify the identity of the sender as well as restrict the ability to read to only the people the sender wants. You can also use PGP keys for authentication (with an OpenPGP smartcard), and for signing files, which works just like signing email.