_____/ On Wednesday 24 August 2005 23:31, [kitt] wrote : \_____
> Hi - i have just started reading about PGP & encryption. Unfortunately, I
> cannot seem to understand the basics of it :( . I was hoping someone could
> give me a 'idiot proof' explanation or point me in the right direction.
The principal idea is this: you have two sides -- side A and side B. If side
A just put a lock on a parcel (i.e. encrypted it) and sent it to B, B would
not have the key to unlock the parcel. Likewise the curious thief or anyone
between A and B.
Imagine the following scenario: A locks his parcel and sends it to B. B
receives the parcel, puts his/he _own_ lock on the parcel (so it now has
two locks) and sends it back to A. A then removes his own lock (1 of the 2
locks on the parcel) and returns it to B. B can now unlock his own lock and
open the parcel. Note that at no point was the parcel send between A and B
while unlocked.
Unlock = Enter passphrase
Lock = Passphrase (password)
Thieves = routers or curious people in the midst
> Now, i understand that before programs like pgp, a sender would scramble a
> message with a code key and communicate this code key to the person who
> was to read the message. That person could then simply enter the code and
> read the message. This method was flawed because someone other than the
> intended recipent might get hold of the key code and read the message. I
> fully understand this scenerio.
You need key + passphrase. The passphrase is never public, only the key is
public.
> But I don't understand *how* pgp works in general:
>
> 1. A sender has a 'public key' of the reciever. Q1. If this is done via
> email, wont the person who owns the 'public key' get spammed if their
> details are on a database??
Possibly.
> 2.The reciever decodes the message with his/her 'private key'. Q2. How is
> this done?
You are prompted for your passphrase.
> I am really very confused about how the pgp system works and would
> appreciate any explanation / help anyone could give me to understand it.
> The user manuals dont seem to help me any. I have installed a evaluation
> version of pgp software and it might help if i could test it out with
> someone by setting up 'keys' & sending / recieving a email.
>
> Thanks in advance.
If it helps, send me your key to r [at] schestowitz [dot] com. You can get
mine at http://Schestowitz.com/PGP . For testing purposes, we can then
exchange an encrypted message.
Roy
--
Roy S. Schestowitz Useless fact: Women blink twice as much as men
http://Schestowitz.com
|
|