On Thu, May 17, 2001 at 02:20:58PM -0700, Aaron P Ingebrigtsen wrote:
> I'm signing this message with my PGP signature. I think that the
> signature is determined by the content of the message as well as the
> public key and passphrase.
Well, not quite. I have a private and public key (you can get my
public key from Freesite - it's not on the keyservers). When I sign
a message I use my passphrase to decrypt my private key (stored on
disk) and encrypt a hash of the message with it. This hash can only
be decrypted with my public key - not contained in the signature -
and you know the message is from me if
a) you can decrypt the hash and
b) The encrypted hash and a hash of the message you generate are
the same.
And BTW I use mutt which does funky MIME stuff with PGP that no one
else seems to be able to read ;-)
HTH,
Leo
--
Leo Howell M5AKW
freenet:MSK@SSK@2vz8xnhEJyJOlBVNfBEOWaohQFEQAgE/freesite//
PGP signature
