Re: PGP ???

To: debian-isp@lists.debian.org
Subject: Re: PGP ???
From: brian moore <bem@rom.org>
Date: Wed, 29 Nov 2000 15:53:02 -0800
Message-id: <[🔎] 20001129155302.A15400@rom.org>
Mail-followup-to: debian-isp@lists.debian.org
In-reply-to: <[🔎] Pine.LNX.4.21.0011291706270.2405-100000@ghost.ntelos.net>; from debian@ghost.ntelos.net on Wed, Nov 29, 2000 at 05:10:18PM -0500
References: <[🔎] Pine.LNX.4.21.0011291706270.2405-100000@ghost.ntelos.net>

On Wed, Nov 29, 2000 at 05:10:18PM -0500, Debian Ghost wrote:
> an anyone explain how PGP protects email in transit? Or what PGP actually
> is good for? I've never used PGP, but I always see the PGP key and wonder
> why there is a PGP key if the email can be read at any rate...

What you're seeing is a PGP signature.

It protects the mail from tampering the same way that a signature on a
document does (well, moreso, since it's trivial to add stuff to a paper
document...).  It does this by computing an MD5 or SHA hash of the
document, and then encrypting that value with the private key.  Anyone
with the public key can compute the same hash, decrypt the one that
came with the item and verify they are the same.  It's incredibly
improbable that 2 items would have the same signature.  (MD5's are a
128-bit hash, SHA is 160-bits...).

Encryption is just one of the functions of PGP.  Digital signatures is
another.

(And of course PGP is Bad.  Use GPG instead, but that's another
lecture for another day -- both support the 'OpenPGP' proposed standard)

Reply to:

References:
- PGP ???
  - From: Debian Ghost <debian@ghost.ntelos.net>

Prev by Date: PGP ???
Next by Date: Re: DESTROY (perl experts please) (fwd)
Previous by thread: PGP ???
Next by thread: Re: PGP ???
Index(es):
- Date
- Thread