On Wed, 2003-01-08 at 10:34, Aaron J. Seigo wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Wednesday 08 January 2003 08:50, Rafael Sanchez wrote: > > I notice that you use some sort digital signature. Would you kindly tell > > me how this works? > > you install PGP or GnuPG (preferably GnuPG), create a personal key pair, > upload the public key to a public key server so others can verify signatures > and encrypt messages to you easily, and then tell your email app to sign your > messages ...
Once my public key has been uploaded to the key server, how do others encrypt messages and verify and encrypt messages to me? Do they go to the key server to do this? > > > What is the relationship between a private key and a > > public key? > > whatever is encrypted with one can be decrypted with the other, and only by > the other. this allows secure transmission of the information without needing > to know both keys (allowing for a public and a private key) as well as > verification (if it decrypts with the public key, you know it was encrypted > by the corresponding private key) > > > where do they reside? > > on your computer. you can keep them on removable media if you wish as well. > > > how to get the keys? > > you can't buy them. your computer has to make them. (rice crispy squares, > t.v., circa 1985?) > > gpg --gen-key > > and follow the on-screen directions. put something like the following in your > ~/.gnupg/options: > > keyserver wwwkeys.pgp.net > > and then > > gpg --send-key <your key id, name or eail address> > > voila, all done! > > > The following is related to Ximian on RH8: > > When I click on the icon at the bottom of the message where it says > > "This message has been digitally signed" it gives me some info: > > > > gpg: armor header: Version: GnuPG v1.0.7 (GNU/Linux) > > gpg: Signature made Tue 07 Jan 2003 05:22:54 PM MST using DSA key ID > > ======== (i took the id off here. it was an eight alpha numeric word) > > gpg: Can't check signature: public key not found > > yes, it is simply telling you the details: i use GnuPG, it was signed on the > date mentioned, my key ID is 0xA7F1DB43, and you aren't set up to verify it. > =) > > all decent email clients can handle and verify digital signatures, including > Evolution, Mutt, Sylpheed and KMail. i'm not sure about Pine as I haven't > used PGP w/Pine, but i'd be rather surprised if it didn't support it in some > way. > > > Last but not least, what are the requirements to implement something > > like this? and use for it? > > as for a CLUG presentation on public key crypto, i'd be happy to do so. > > - -- > Aaron J. Seigo > GPG Fingerprint: 8B8B 2209 0C6F 7C47 B1EA EE75 D6B7 2EB1 A7F1 DB43 > > "Everything should be made as simple as possible, but not simpler" > - Albert Einstein > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.7 (GNU/Linux) > > iD8DBQE+HGET1rcusafx20MRAocyAJ9ipdz5BW/LRWwYwex1xWV9hZrQvQCfVtiJ > CV9LR0xUL5HN686/EUF3u08= > =xkhU > -----END PGP SIGNATURE----- -- Rafael Sanchez <[EMAIL PROTECTED]> Itres Research Limited
