Thanks Seth. Simply stated. :)
> On 20010921.1030, Seth Cohn said ...
>
> simply put:
>
> You keep secret the private, give away the public.
>
> People sending you stuff use your public to ENcrypt,
> only you (with the private key) can DEcrypt, thus it's readable only to you.
>
> You send out ENcrypted with private key,
> anyone can DEcrypt it using your public key, thus it's _signed_ by you.
>
> In order to have a secure conversation, you both need a set of keys.
> You swap public keys, and always encrypt using the other person's key.
> If you want the other person to be sure it is you, you also _sign_ it using
> your
> private key. Thus they have to decrypt twice (not really, since signing
> is often more of a hash thing).
>
> Let's plan a keysigning party for Mid-October. Hey we can do it at the Wild
> Duck,
> get other people involved, and publicize it. I'll work on that. The more
> people
> who sign, even if not everyone signs everyone else's key, the better.
> It's a web of trust metric. Then we upload stuff to the main keyservers,
> and
> we end up with well trusted keys.
>
>
> > Could someone refresh me how public/private keys work again? I always
> > forget the details and wonder how it goes.
> >
> > At work with e-commerce sites, we encrypt a message with the clients
> > public key, output the file as armored ASCII, and send it in the
> > email. But what's the deal with the private key and sharing your
> > public key? Do they need both to decrypt it? Just the private?
>
>
--
Rob <rob_at_euglug_dot_net>
my @euglugCode = qw(v+++ e--- eug+ bsd+++ gnu+ S+++);
