On Sat, Apr 01, 2000 at 10:36:44PM -0600, Zed Pobre wrote:
> > Also, what's so fundamentally wrong with transferring a secret key over
> > the net? Hint: PGP does it every time you send an encrypted email.
> Either you are using the phrase "secret key" in a context with
> which I am unfamiliar, or you do not understand PGP. PGP/GPG does not
> transfer your secret key component when encrypting a message to
> another. It is possible to encrypt a message to someone else's public
> key without *having* a secret key of your own in the first place.
PGP (v2.x, I'm not uptodate with the recent OpenPGP stuff), generates a
secret (albeit symmetric, rather than public/private keypair) IDEA key
everytime you try to encrpt a message. It encrypts the message with this
key, then encrypts the key with the recipients public key, and (and here's
the bit I was referring to) *sends that secret IDEA key across the net*.
Cheers,
aj
--
Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG encrypted mail preferred.
``The thing is: trying to be too generic is EVIL. It's stupid, it
results in slower code, and it results in more bugs.''
-- Linus Torvalds
Attachment:
pgpdy4_yudJRF.pgp
Description: PGP signature