>>>>> "Kaushik" == SEN <SEN> writes:
Kaushik> Though PGP is touted as a public key software, public key
Kaushik> encryption is used only to encrypt your keys{ the
Kaushik> algorithm used being RSA in older versions and
Kaushik> Deffie-Hellman in newer versions}. Therefore it is
Kaushik> imperative to check with whomesoever you are
Kaushik> communicating, if he is using a version supported by
Kaushik> yours. Exchanging keys between the two systems does not
Kaushik> work. The actual data is encrypted in a symetric key
Kaushik> algorithm ,{Namely IDEA algo} in both versions .
That's because it's too expensive to encrypt large text using
assymetric keys. Effectively, it doesn't matter whether the cleartext
itself or a hash of the same is encrypted using the asymmetric
technology as long as you have sufficient trust in both (symmetric and
asymmetric) methodologies used.
Kaushik> You encrypt your data using your public key,which you may
Kaushik> saftely post to everyone you like,over insecure
Kaushik> lines. But you can decrypt the data you're recieving only
Kaushik> through your private key which you must keep Secret.
It's a good idea to verify people public keys which you recieve using
an insecure medium too, using fingerprints or key signatures.
Kaushik> In case you recieve someone else's public key you must
Kaushik> store it in your public -key ring. This key is to be used
Kaushik> to encrypt the data send to the person,who uses his
Kaushik> private key to decrypt your message;and vice-versa if you
Kaushik> want to check out a message sent to you.
Kaushik> Several public keys are provided in your keyring, you'll
Kaushik> see Phil Zimmerman's[the author's] and several others
Kaushik> keys. You could start by sending them a message with your
Kaushik> public key as an attachment.
Uh, don't do that! Send your key to one of the global keyservers
instead from where anyone will be able to access it. Alternatively,
put it up as part of your .plan file if you have a finger'able account
on a public server. Or publish it in the Times of India if you're
feeling rich ;-)
Keyserver info at:
http://pgp.ai.mit.edu/
Kaushik> For more info you, should take a look at the Windows
Kaushik> version, which comes with a .pdf manual.
Erk, I just found out that there's a Outlook plugin for PGP, though
commercial. Goes at about EUR50 for a single user license.
http://www.glueckkanja.de/
Regards,
-- Raju
-----------------------------------------------------------------------
LIH is all for free speech. But it was created for a purpose - to help
people discuss issues about installing and running Linux. If your
messages are counterproductive to this purpose, your privileges to
submit messages can and will be revoked.
