On Sat, Apr 01, 2000 at 10:36:44PM -0600, Zed Pobre wrote: > > Also, what's so fundamentally wrong with transferring a secret key over > > the net? Hint: PGP does it every time you send an encrypted email. > Either you are using the phrase "secret key" in a context with > which I am unfamiliar, or you do not understand PGP. PGP/GPG does not > transfer your secret key component when encrypting a message to > another. It is possible to encrypt a message to someone else's public > key without *having* a secret key of your own in the first place.
PGP (v2.x, I'm not uptodate with the recent OpenPGP stuff), generates a secret (albeit symmetric, rather than public/private keypair) IDEA key everytime you try to encrpt a message. It encrypts the message with this key, then encrypts the key with the recipients public key, and (and here's the bit I was referring to) *sends that secret IDEA key across the net*. Cheers, aj -- Anthony Towns <[EMAIL PROTECTED]> <http://azure.humbug.org.au/~aj/> I don't speak for anyone save myself. GPG encrypted mail preferred. ``The thing is: trying to be too generic is EVIL. It's stupid, it results in slower code, and it results in more bugs.'' -- Linus Torvalds
pgpS8YZqnjgrO.pgp
Description: PGP signature
