[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference waylay::askenet_v5

Title:	Ask The EasyNet (V5)
Notice:	Don't ask about notes conferences here - see 1.2
Moderator:	WAYLAY::GORDON

Created:	Mon Apr 13 1992
Last Modified:	Thu Jun 05 1997
Last Successful Update:	Fri Jun 06 1997
Number of topics:	1236
Total number of notes:	9997

1234.0. "PGP?" by SHRCTR::PJOHNSON (Vaya con huevos.) Thu May 29 1997 12:52

-----BEGIN PGP SIGNED MESSAGE-----

How should I typically use PGP? Does anyone I want to send an
encrypted message to need to have a PGP fingerprint? What is the
significance of the giberrish at the end of this message?


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBM42md16hTWQ0jdgVAQGl6wIAnFwIM0ZDEzv5o62wKWKNWDTu4GBJwWqM
7lItudFfnjc8fl3+t74L7dClffM6m4X3CrGlKHXFTOJtQokfkGhiCg==
=DbNP
-----END PGP SIGNATURE-----

T.R	Title	User	Personal Name	Date	Lines
1234.1		EVMS::MORONEY	vi vi vi - Editor of the Beast	`Thu May 29 1997 13:06`	16
	PGP is a rather flexible encryption system where users have a secret "private key" and a "public key" that anyone can know. It is, as far as I know, unbreakable. It can be used to encrypt something using the recipient's public key so that only the recipient (or someone with their key) can decode it. Not even the sender can decode it. It can also be used, using the private key, to "sign" plain text or encrypted messages to "prove" the person who claims to send a message actually did so. That is the source of the annoying gibberish you see. Only the person with the private key can generate the proper gibberish but anyone with the public key can verify the person with the private key, rather than someone claiming to be them, actually did do so. -Mike
1234.2		PCBUOA::BAYJ	Jim, Portables	`Thu May 29 1997 13:40`	4
	What's the currently favored way to post public keys? jeb
1234.3		QUARK::LIONEL	Free advice is worth every cent	`Thu May 29 1997 13:49`	9
	PGP comes with a rather extensive "FAQ" which covers just about all aspects of usage, and there are web sites with even more info. There are "public key servers" where you can "register" your key. One important tip is that you should "sign" your own key before publishing it. Another is to create a "key revocation certificate" and keep it handy - this allows you to "revoke" your key in case you lose the private key. Steve
1234.4		SHRCTR::PJOHNSON	Vaya con huevos.	`Thu May 29 1997 15:22`	4
	OK, so then what does one do? Does an application of some tool to that gibberish reveal that I did, in fact, post what is written there? Pete
1234.5		QUARK::LIONEL	Free advice is worth every cent	`Thu May 29 1997 16:21`	7
	Assuming that the reader has a validated copy of your public key on their "keyring", PGP will automatically find the signature and check it against the keyring and will let you know if it matches. In any event, it will display the name of the person who created the signature, not that that means much without validation. Steve