On Fri, 2006-09-01 at 15:55 +0100, Tez wrote: > Steve Smith wrote: > > I'm trying to get to the bottom of what GPG is and how it works. I > > can't find a description that covers the absolute basics of what it > > is, would anyone care to explain to me? Does it have anything to do > > at all with the actual computer you create it on, or is it just > > completely random? How does it actually provide proof of > > identification, etc in practise? > > > > Thanks :) > > Steve > > > > > I'm no expert in gpg but, basically you create a key with your name and > email to sign/encrypt data with, in order to let others verify that the > key is yours you need to send it to a keyserver which others can check > against. The keyservers update from each other so if you send you key to > one (like "keyserver.ubuntu.com") then other servers will be updated > with your key as well.
To clarify this, yu create a key pair. One is private which you keep to yourself and secure and the other is public which you can publish anywhere you like including keyservers as mentioned above. When you send a document to someone else you can sign it using your private key. The recipient can then check the signature using your public key. The signing is such that if the document is altered in transit, the signature is no longer valid. If someone wants to send you a document that only you can read, then he can encrypt it using your public key. Only the person with the corresponding private key is able to decrypt such a document. The encryption is very strong and impossible to crack with today's technology. The question then is, how does someone know the public key they have is really yours? Well, the keys themselves can be signed by others who can verify you are who you say you are. These signatures can be seen in a public key, so the more there are, the more trust you can put in the public key. If you really want to make sure you should contact the owner of the key personally (by telephone or face to face) and confirm the key ID with them. You can then sign their public key yourself or set it be very trustworthy. Hope this helps. Regards, Tony. -- Tony Arnold, IT Security Coordinator, University of Manchester, IT Services Division, Kilburn Building, Oxford Road, Manchester M13 9PL. T: +44 (0)161 275 6093, F: +44 (0)870 136 1004, M: +44 (0)773 330 0039 E: [EMAIL PROTECTED], H: http://www.man.ac.uk/Tony.Arnold -- ubuntu-uk mailing list ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk
