Mick wrote: > On Thursday 19 Jan 2012 23:20:44 Dale wrote: >> Chris Walters wrote: > >> I'm starting to see this now. When I sign a message, it is public but >> people are assured that it came from me. Sort of like having a check >> with a picture ID that matches. :/ > > Better than that. > > Readers (all that have access to this list) can a)see that you have signed it > and b)rest assured that no one has tampered with its content since you > signed. > If anyone intercepted the message mid-air and changed its content, your > signature would show as bad in the recipients mail client (assuming they have > a GnuPG/PGP compatible client). > > BTW, your signature is not showing in Kmail ... are you using inline or > opengpg/smime format? > >
I don't have mine set up to sign them all. I did a couple to see if it worked or not. Whenever I sign a message, it asks for the password. It is quite a long password and I don't want to type it in every time I send something. >>> You could then encrypt a message to me, and you could add yourself >>> to the recipient list so you could read it. Then, when I received >>> the message, I would be prompted for my secret key's passphrase - >>> this would allow decryption of the message. Providing that I >>> replied to you and chose the "encrypt" option, the entire message, >>> including any quotes would be encrypted. >>> >>> Hope this helps, Chris > >> So, this is why when I want to sign a message it asks me for the >> password. I thought it was trying to do something wrong. Made me >> scratch my head. > > To avoid an easy misunderstanding about what the "password" does: > > You are asked for a passphrase not because Chris used that passphrase to > encrypt the message he sent you with (that would have been symmetric > encryption and both of you would need to know in advance the secret > passphrase). Instead, you are asked for a passphrase to decrypt your own > private gpg key which is stored in encrypted format on your hard drive for > security purposes. The private key once decrypted and loaded in memory will > be used by your openpgp application to decrypt the message sent by Chris. > > This is asymmetric encryption: a sender can use your public key and their > private key to encrypt a message to you, which only you can decrypt with your > private key and the sender's public key. Look at the picture on the right in > this page: > > http://en.wikipedia.org/wiki/Public-key_cryptography > > HTH The password I was talking about is the one when I send a message. It does ask for the password when Paul was sending a message. Those were off list tho. Anyway, when I put the password in, I can read the email. Otherwise, I can't read anything. How sure are we that there is no back door the Government has to bypass this? Are we 99% sure or about 50/50 with our fingers crossed? Dale :-) :-) -- I am only responsible for what I said ... Not for what you understood or how you interpreted my words! Miss the compile output? Hint: EMERGE_DEFAULT_OPTS="--quiet-build=n"
