| View previous topic :: View next topic |
| Author |
Message |
scuzzo
n00b
Joined: 22 Jul 2004
Posts: 31
Location: maryland
|
 Posted: Tue Aug 10, 2004 1:14 am Post subject: GPG general questions |
 |
|
I want to try gpg out. So far I understand you have 2 keys, private and public. You send out an encrypted email and someone can read it if they got the public key, but whats the private key for?
Also what is a good gtk frontend for gpg? And whats a good mail client that has gpg support? So far I have seen Balsa which looks nice. |
|
| Back to top |
|
 |
patrickbores
Apprentice
Joined: 19 May 2003
Posts: 276
Location: Minneapolis, MN, USA
|
| Posted: Tue Aug 10, 2004 3:52 am Post subject: |
|
|
The idea is that a message encrypted with the private key can only be decrypted with the public key. And vice-versa as well. This is useful two ways:
1. When you send someone an e-mail, you encrypt it with THEIR public key. That way you know that no one else can intercept it and read it.
2. You can "sign" a message that you send to someone. That is, you can encrypt a bit of information (usually a hash of the message) and attach it to the message. If the recipient can successfully decrypt the signature with YOUR public key, they know that it was encrypted with YOUR private key.
Evolution has good GPG support. It's what I use.
HTH,
Patrick
_________________
P.S. - this is what part of the alphabet would look like if Q and R were eliminated. |
|
| Back to top |
|
|
psylo
Tux's lil' helper
Joined: 27 May 2003
Posts: 129
Location: Belgium
|
| Posted: Tue Aug 10, 2004 7:08 am Post subject: |
|
|
| patrickbores wrote: | The idea is that a message encrypted with the private key can only be decrypted with the public key. And vice-versa as well. This is useful two ways:
1. When you send someone an e-mail, you encrypt it with THEIR public key. That way you know that no one else can intercept it and read it.
2. You can "sign" a message that you send to someone. That is, you can encrypt a bit of information (usually a hash of the message) and attach it to the message. If the recipient can successfully decrypt the signature with YOUR public key, they know that it was encrypted with YOUR private key.
Evolution has good GPG support. It's what I use.
HTH,
Patrick |
I do not agree with you for the point 1.When you send an encrypted e-mail, you encrypt it with your private key and the recipient(s) decrypt it with your public key.
_________________
The next time you're having a bad day, imagine this:
You're Siamese Twin.
Your brother, attached at your shoulder, is gay.
You're not.
He has a date coming over tonight.
You only have one ass.
[Inconnu] |
|
| Back to top |
|
|
patrickbores
Apprentice
Joined: 19 May 2003
Posts: 276
Location: Minneapolis, MN, USA
|
| Posted: Tue Aug 10, 2004 7:21 am Post subject: |
|
|
| Quote: | | I do not agree with you for the point 1.When you send an encrypted e-mail, you encrypt it with your private key and the recipient(s) decrypt it with your public key. |
Whether or not you agree is irrelevant. Encrypting with someone else's public key is commonly done. By encrypting with someone else's public key, you're ensuring that only their private key will be able to decrypt the message. That is, you're ensuring that the message will be seen by their eyes only. A simple explanation of this is available at http://www.webopedia.com/TERM/P/public_key_cryptography.html
Haven't you ever used PGP encryption with a mail client? Usually, you have to select the recipients from your chain of public keys.
Encrypting something with your private key means that anyone with your public key can decrypt it. That is, it's basically world readable. But those who do read it can be assured that you actually sent it.
Patrick
_________________
P.S. - this is what part of the alphabet would look like if Q and R were eliminated. |
|
| Back to top |
|
|
psylo
Tux's lil' helper
Joined: 27 May 2003
Posts: 129
Location: Belgium
|
| Posted: Tue Aug 10, 2004 7:30 am Post subject: |
|
|
| patrickbores wrote: | | Quote: | | I do not agree with you for the point 1.When you send an encrypted e-mail, you encrypt it with your private key and the recipient(s) decrypt it with your public key. |
Whether or not you agree is irrelevant. Encrypting with someone else's public key is commonly done. By encrypting with someone else's public key, you're ensuring that only their private key will be able to decrypt the message. That is, you're ensuring that the message will be seen by their eyes only. A simple explanation of this is available at http://www.webopedia.com/TERM/P/public_key_cryptography.html
Haven't you ever used PGP encryption with a mail client? Usually, you have to select the recipients from your chain of public keys.
Encrypting something with your private key means that anyone with your public key can decrypt it. That is, it's basically world readable. But those who do read it can be assured that you actually sent it.
Patrick |
Ok... I'm sorry to hurt you, I've made a mistake...
_________________
The next time you're having a bad day, imagine this:
You're Siamese Twin.
Your brother, attached at your shoulder, is gay.
You're not.
He has a date coming over tonight.
You only have one ass.
[Inconnu] |
|
| Back to top |
|
|
georwell
Guru
Joined: 25 Jun 2003
Posts: 430
Location: Uppsala, Sweden
|
| Posted: Tue Aug 10, 2004 10:14 am Post subject: |
|
|
| kgpg is a good app to manage keys with. |
|
| Back to top |
|
|
nevynxxx
Veteran
Joined: 12 Nov 2003
Posts: 1123
Location: Manchester - UK
|
| Posted: Tue Aug 10, 2004 11:58 am Post subject: |
|
|
| patrickbores wrote: | The idea is that a message encrypted with the private key can only be decrypted with the public key. And vice-versa as well. This is useful two ways:
1. When you send someone an e-mail, you encrypt it with THEIR public key. That way you know that no one else can intercept it and read it.
2. You can "sign" a message that you send to someone. That is, you can encrypt a bit of information (usually a hash of the message) and attach it to the message. If the recipient can successfully decrypt the signature with YOUR public key, they know that it was encrypted with YOUR private key.
Evolution has good GPG support. It's what I use.
HTH,
Patrick |
Also
1) you can encrypt things to yourself using your public key, then only people with your private key can read it (i.e. you)
2) if you keep a copy of mail you send, you want to make sure any encrypted mails you send you copy to yourself, and encrypt with your public key. Otherwise you can't read them again.
On the mail client note, I use sylpheed(-claws(-gtk2)) that has very good support. Especially when you add
| Code: |
keyserver-options auto-key-retrieve
keyserver hkp://pgp.mit.edu
keyserver hkp://subkeys.pgp.net
|
to you ~/.gnupg/gpg.conf file.
The keyservers can be whatever you like, my key is on pgp.mit.edu so I have that one in there. And the auto-key-retrieve makes gpgme grab the key automatically. So in sylpheed if you open a mail that is signed, it will automatically fetch the key, and check the sig.
_________________
My Public Key
Wanted: Instructor in the art of Bowyery |
|
| Back to top |
|
|
scuzzo
n00b
Joined: 22 Jul 2004
Posts: 31
Location: maryland
|
| Posted: Tue Aug 10, 2004 3:45 pm Post subject: |
|
|
| so do most people use a front end for gpg or CLI? what are some popular frontends based on gtk and qt? |
|
| Back to top |
|
|
nevynxxx
Veteran
Joined: 12 Nov 2003
Posts: 1123
Location: Manchester - UK
|
| Posted: Tue Aug 10, 2004 3:53 pm Post subject: |
|
|
It depends what you want to do. As I only use gpg for signing (I would encrypt too but I mail mostly to mailing lists and people without gpg) mails, I suppose you'd call my mail client the front end. If your using it for encrypting files (something most mail clients will do on the fly for you) then I use cli, but that don't happen often.
_________________
My Public Key
Wanted: Instructor in the art of Bowyery |
|
| Back to top |
|
|
Helper_Monkey
Tux's lil' helper
Joined: 22 Feb 2003
Posts: 141
|
| Posted: Sat Sep 04, 2004 7:54 pm Post subject: |
|
|
Ok here's another question:
When I sign a file I have to enter my passphrase, but if I export my secret key I don't have to enter the passphrase. This seems like it is a security flaw, but I'm sure someone can explain it to me.
_________________
It is a poverty to decide that a child must die so that you may live as you wish. -Mother Teresa |
|
| Back to top |
|
|
qr123de
n00b
Joined: 04 Sep 2004
Posts: 12
|
| Posted: Sat Sep 04, 2004 8:01 pm Post subject: |
|
|
private key is stored encrypted.
"exporting" changes only the file format from a binary store to a ascii based store.
the encryption still remains on the key. |
|
| Back to top |
|
|
MG-Cloud
Apprentice
Joined: 28 Oct 2003
Posts: 200
|
| Posted: Sun Sep 05, 2004 5:20 am Post subject: |
|
|
Hi,
I'm about to start signing all my emails with Evolution 
Just a quick question about setting it up. I've created my keys and uploaded them to the public key server.
When it asks for my Key ID, that is the ID beside the
"pub 1024D/"
section in my gpg --list-keys right? |
|
| Back to top |
|
|
jleejj
n00b
Joined: 18 Jan 2004
Posts: 57
Location: Eugene, OR
|
| Posted: Wed Sep 29, 2004 7:59 am Post subject: |
|
|
| Quote: | When it asks for my Key ID, that is the ID beside the
"pub 1024D/"
section in my gpg --list-keys right? |
Yes, that is correct value. Preface the key ID with 0x when you reference it. As a side note, the key ID is actually just the last 4 bytes of your key's fingerprint. |
|
| Back to top |
|
|
spider312
Veteran
Joined: 02 Oct 2004
Posts: 1274
Location: France > Savoie > Chambery
|
| Posted: Fri Oct 08, 2004 12:53 am Post subject: Re: GPG general questions |
|
|
| scuzzo wrote: | | Also what is a good gtk frontend for gpg? And whats a good mail client that has gpg support? So far I have seen Balsa which looks nice. |
I'm also very interested by that, i'd like a good gui (GTK+ would be perfect  ) for managing keys to avoid gpg --edit blabla > trust > yes > yes i'm sure > yes yes i'm f***ing sure !!!
I'm using ThunderBird 0.8 With Enigmail i think its key management is really poor
Of course; i'd like not install KDE to use kgpg (i don't use QT apps at this point)
If someone know a soft or a tip to manage keys, i xould be very happy
Thanks in advance (and excuse me for my poor english  ) |
|
| Back to top |
|
|
frilled
Retired Dev
Joined: 15 Mar 2004
Posts: 386
Location: Atlantis, inner city ring
|
| Posted: Wed Dec 22, 2004 2:35 pm Post subject: |
|
|
emerge gpa?
_________________
"Failure is not an option!"
"Sir, we are out of further options." |
|
| Back to top |
|
|
|
Networking & Security
