On Thursday 19 Jan 2012 23:20:44 Dale wrote: > Chris Walters wrote: > I'm starting to see this now. When I sign a message, it is public but > people are assured that it came from me. Sort of like having a check > with a picture ID that matches. :/
Better than that. Readers (all that have access to this list) can a)see that you have signed it and b)rest assured that no one has tampered with its content since you signed. If anyone intercepted the message mid-air and changed its content, your signature would show as bad in the recipients mail client (assuming they have a GnuPG/PGP compatible client). BTW, your signature is not showing in Kmail ... are you using inline or opengpg/smime format? > > You could then encrypt a message to me, and you could add yourself > > to the recipient list so you could read it. Then, when I received > > the message, I would be prompted for my secret key's passphrase - > > this would allow decryption of the message. Providing that I > > replied to you and chose the "encrypt" option, the entire message, > > including any quotes would be encrypted. > > > > Hope this helps, Chris > So, this is why when I want to sign a message it asks me for the > password. I thought it was trying to do something wrong. Made me > scratch my head. To avoid an easy misunderstanding about what the "password" does: You are asked for a passphrase not because Chris used that passphrase to encrypt the message he sent you with (that would have been symmetric encryption and both of you would need to know in advance the secret passphrase). Instead, you are asked for a passphrase to decrypt your own private gpg key which is stored in encrypted format on your hard drive for security purposes. The private key once decrypted and loaded in memory will be used by your openpgp application to decrypt the message sent by Chris. This is asymmetric encryption: a sender can use your public key and their private key to encrypt a message to you, which only you can decrypt with your private key and the sender's public key. Look at the picture on the right in this page: http://en.wikipedia.org/wiki/Public-key_cryptography HTH -- Regards, Mick
signature.asc
Description: This is a digitally signed message part.
