The Guide

Home

Search

Forum

Feedback

Credits

About Raj

Pretty Good Privacy


*
Introduction: What is PGP?
*
How does it work?
*
Where do I get PGP?
How do I run PGP?
*
Why does my key need to be signed?
*
So what's a key signing party after all?
*
What information do I need to provide, and when?
*
What other resources are there to help me learn about PGP and keysigning?
*
What about Windows Platform?

Related Links


1.
PGP -
2.
A specific key signing party
3.
PGP keyservers:
4.
A specific key signing party
5.
Keysigning Party Guide:

How does it work?

PGP uses public-key cryptography, which means that everyone has two keys -- a ``Public Key'' and a ``Secret Key'' (a key is nothing but a string of characters which are fed into the encryption algorithm to
obtain an encrypted result. The same document encrypted by the same
method but with different keys will yield different results).

The keys complement each other, which means that anything encrypted with your public key can only be decrypted with your secret key, and anything encrypted with your secret key can only be decrypted with
your public key. This is the heart of PGP and all Public-Key Cryptography, so don't forget it!

You make your public key as easily available to others as possible -- put it in your .plan for finger, put it on your web page, send it to a  PGP keyserver, publish it in the newspaper, etc. You never ever reveal your secret key to anyone.

The rest is trivial. If you want to send me a private (For Your Eyes Only) e-mail, create your message, encrypt it with my public key and send me the message. Since the message is encrypted, no one who intercepts (e.g. the root user on VSNL's mail server :-) will be able to read it; since it is encrypted with my Public key, I will be able to decrypt and read it using my Secret key (remember?)

Similarly, if you have to sign a message to me, encrypt it with your Secret key. When I receive the message, I'll try to decrypt it with your Public key. If it decrypts then the message must be from you, since only you (who know your Secret key) could have encrypted it. If there's a problem in decrypting then either the message is a forgery or someone tampered with the contents of the message on the way.

 

Where do I get PGP?
How do I run PGP?
[Next]



Copyright 1999 Dr. Raj Mehta. All rights reserved.