Find the answer to your Linux question:
Results 1 to 5 of 5
a friend sent me his public key note: i have pgp on opensuse 13.1 running with kgpg - and i have generated a keyset. now i want to send a ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Newbie
    Join Date
    May 2013
    Posts
    192

    sign a pgp-mail: which key to take mine !?!?!?


    a friend sent me his public key

    note: i have pgp on opensuse 13.1 running with kgpg -

    and i have generated a keyset.


    now i want to send a crypted email to my friend

    question: with which key i have to sign a mail : with mine or the key of my friend - that is the one that receives the e-mail.

    in other words: when i open the editor of Kgpg - and paste the message-text into the editor - i subsequently have to sign this: with which keys i do that.

    - with mine (that is corresponding to my mail ? - or
    - with one that corresponds to his maiil adreess?


    need to know that. if i have to write more - let me know..

    thanks in advance
    Akoya P 6512 15" OpenSuse 13.1: AMD Athlon X2 P320
    Samsunng q 210, 12,1" OpenSuse 13.1: Intel® Core™ 2 Duo Proz. P8400 2,26 GHz 1066 MHz FSB 3 MB

  2. #2
    Linux Guru bigtomrodney's Avatar
    Join Date
    Nov 2004
    Location
    Ireland
    Posts
    6,133
    There are different approaches here. What are you trying to achieve? Confidentiality or authenticity? Both? Just integrity?

    This is the asymmetric cryptography element of the exchange. Whether you encrypt something with a public key it can only be decrypted with the original private key and vice versa.

    Therefore :-
    • If you encrypt with your friend's key only he can decrypt it, providing confidentiality.
    • If you encrypt with your private key anyone can decrypt it proving only that you encrypted it...authenticity
    • If you encrypt with your private key and his public key you get authenticity and confidentiality
    • If you create a message hash and encrypt that with your private key, anyone can decrypt the hash and prove integrity of the message as it came from you


    The latter is a standard use of PGP. Of course I'm simplifying a bit and ignoring the symmetric portion and negotiation of shared secrets. I hope this has given a little bit of insight into PKI.

  3. #3
    Linux Newbie
    Join Date
    May 2013
    Posts
    192
    many thanks - very very goood and userful informations.

    grreetings
    Akoya P 6512 15" OpenSuse 13.1: AMD Athlon X2 P320
    Samsunng q 210, 12,1" OpenSuse 13.1: Intel® Core™ 2 Duo Proz. P8400 2,26 GHz 1066 MHz FSB 3 MB

  4. #4
    Linux User sgosnell's Avatar
    Join Date
    Oct 2010
    Location
    Baja Oklahoma
    Posts
    470
    Note that signing and encrypting are different things.

  5. #5
    Linux Guru bigtomrodney's Avatar
    Join Date
    Nov 2004
    Location
    Ireland
    Posts
    6,133
    Quote Originally Posted by sgosnell View Post
    Note that signing and encrypting are different things.
    Indeed. The fourth case in my examples is signing and does not encrypt the message.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •